Original release date: September 26, 2022 | Last revised: September 27, 2022

High Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][CENTER]There were no high vulnerabilities recorded this week.[/CENTER][/TD] [/TR] [/TABLE][/CENTER] [Back to top]('https://us-cert.cisa.gov#top')

Medium Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][CENTER]There were no medium vulnerabilities recorded this week.[/CENTER][/TD] [/TR] [/TABLE][/CENTER] [Back to top]('https://us-cert.cisa.gov#top')

Low Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][CENTER]There were no low vulnerabilities recorded this week.[/CENTER][/TD] [/TR] [/TABLE][/CENTER] [Back to top]('https://us-cert.cisa.gov#top')

Severity Not Yet Assigned

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][LEFT]10-strike -- network_inventory_explorer[/LEFT][/TD] [TD][LEFT]10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38573]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38573') [MISC]('https://packetstormsecurity.com/files/168133/10-Strike-Network-Inventory-Explorer-9.3-Buffer-Overflow.html') [MISC]('https://packetstormsecurity.com')[/TD] [/TR] [TR] [TD][LEFT]acer -- multiple_products[/LEFT][/TD] [TD][LEFT]There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30426]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30426') [MISC]('https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md') [MISC]('http://altos.com') [MISC]('http://acer.com')[/TD] [/TR] [TR] [TD][LEFT]adobe -- animate[/LEFT][/TD] [TD][LEFT]Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38411]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38411') [MISC]('https://helpx.adobe.com/security/products/animate/apsb22-54.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- animate[/LEFT][/TD] [TD][LEFT]Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38412]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38412') [MISC]('https://helpx.adobe.com/security/products/animate/apsb22-54.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38425]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38425') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35706]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35706') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35709]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35709') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35707]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35707') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35705]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35705') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35704]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35704') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35708]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35708') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35701]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35701') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35700') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35699]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35699') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35703]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35703') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- bridge[/LEFT][/TD] [TD][LEFT]Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35702]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35702') [MISC]('https://helpx.adobe.com/security/products/bridge/apsb22-49.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30681]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30681') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30680]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30680') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30677]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30677') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30678]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30678') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30683]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30683') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30685]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30685') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30684]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30684') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35664]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35664') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30686]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30686') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34218]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34218') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager[/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30682]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30682') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager [/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38438]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38438') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- experience_manager [/LEFT][/TD] [TD][LEFT]Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38439]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38439') [MISC]('https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- illustrator[/LEFT][/TD] [TD][LEFT]Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38408]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38408') [MISC]('https://helpx.adobe.com/security/products/illustrator/apsb22-55.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- illustrator[/LEFT][/TD] [TD][LEFT]Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38410]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38410') [MISC]('https://helpx.adobe.com/security/products/illustrator/apsb22-55.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- illustrator[/LEFT][/TD] [TD][LEFT]Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38409]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38409') [MISC]('https://helpx.adobe.com/security/products/illustrator/apsb22-55.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38403]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38403') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38404]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38404') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38405]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38405') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38406]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38406') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38407]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38407') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38401]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38401') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- incopy[/LEFT][/TD] [TD][LEFT]Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38402]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38402') [MISC]('https://helpx.adobe.com/security/products/incopy/apsb22-53.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38416]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38416') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38413]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38413') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28853]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28853') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30674]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30674') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30676]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30676') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30675]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30675') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30673]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30673') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38415]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38415') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30671]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30671') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38414]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38414') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30672]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30672') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28856]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28856') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28855]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28855') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28854') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28852]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28852') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38417]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38417') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- indesign[/LEFT][/TD] [TD][LEFT]Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28857]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28857') [MISC]('https://helpx.adobe.com/security/products/indesign/apsb22-50.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35713]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35713') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38434]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38434') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.sue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38433]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38433') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38432]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38432') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38431]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38431') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38430]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38430') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38427]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38427') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38428]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38428') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38426]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38426') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]adobe -- photoshop[/LEFT][/TD] [TD][LEFT]Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38429]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38429') [MISC]('https://helpx.adobe.com/security/products/photoshop/apsb22-52.html')[/TD] [/TR] [TR] [TD][LEFT]ahsay -- ahsaycbs[/LEFT][/TD] [TD][LEFT]Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37027]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37027') [MISC]('https://www.compass-security.com/en/research/advisories') [MISC]('https://wiki.ahsay.com/doku.php?id=public:resources:release_notes_v9320') [MISC]('https://www.ahsay.com/jsp/en/downloads/ahsay-downloads_latest-software_ahsaycbs.jsp') [CONFIRM]('https://www.ahsay.com/partners/en/home/index.jsp?pageContentKey=ahsay_assets_latest_hotfix') [MISC]('https://www.compass-security.com/fileadmin/Research/Advisories/2022_12_CSNC-2022-009_AhsayCBS_Java_Runtime_Parameter_Injection.txt')[/TD] [/TR] [TR] [TD][LEFT]ajaxplorer -- ajaxplorer[/LEFT][/TD] [TD][LEFT]An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40358]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40358') [MISC]('https://cxsecurity.com/issue/WLB-2022090059') [MISC]('https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/')[/TD] [/TR] [TR] [TD][LEFT]ami -- aptio[/LEFT][/TD] [TD][LEFT]A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40262]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40262') [MISC]('https://www.binarly.io/advisories/BRLY-2022-009') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]ami -- aptio[/LEFT][/TD] [TD][LEFT]An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40261]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40261') [MISC]('https://www.binarly.io/advisories/BRLY-2022-003') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]ami -- aptio[/LEFT][/TD] [TD][LEFT]An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 Module GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf This issue affects: AMI Aptio 5.x. This issue affects: AMI Aptio 5.x.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40250]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40250') [MISC]('https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html') [MISC]('https://www.binarly.io/advisories/BRLY-2022-016') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]ami -- aptio[/LEFT][/TD] [TD][LEFT]A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: SbPei SHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9 Module GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0d[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40246') [MISC]('https://www.binarly.io/advisories/BRLY-2022-014') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]ami -- multiple_products[/LEFT][/TD] [TD][LEFT]A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26873]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26873') [MISC]('https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html') [MISC]('https://www.binarly.io/advisories/BRLY-2022-027') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]ami -- multiple_products[/LEFT][/TD] [TD][LEFT]An attacker with physical access can exploit this vulnerability to execute arbitrary code during DXE phase. A malicious code installed as a result of vulnerability exploitation in DXE driver could survive across an operating system (OS) boot process and runtime This issue affects: Module name: AMITSE SHA256: 288769fcb374d9280735e259c579e2dc209491f4da43b085d6aabc2d6e6ee57d Module GUID: b1da0adf-4f77-4070-a88e-bffe1c60529a This issue affects: AMI Aptio 5.x.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2154]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2154') [MISC]('https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html') [MISC]('https://www.binarly.io/advisories/BRLY-2022-015') [MISC]('https://www.ami.com/security-center/')[/TD] [/TR] [TR] [TD][LEFT]apache -- airflow[/LEFT][/TD] [TD][LEFT]In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40754') [MISC]('https://github.com/apache/airflow/pull/26409') [MISC]('https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm')[/TD] [/TR] [TR] [TD][LEFT]apache -- airflow[/LEFT][/TD] [TD][LEFT]In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40604]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40604') [MISC]('https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t') [MISC]('https://github.com/apache/airflow/pull/26337')[/TD] [/TR] [TR] [TD][LEFT]apache -- inlong[/LEFT][/TD] [TD][LEFT]In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40955]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40955') [MISC]('https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/22/5')[/TD] [/TR] [TR] [TD][LEFT]apache -- kafka[/LEFT][/TD] [TD][LEFT]A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34917]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34917') [MISC]('https://kafka.apache.org/cve-list')[/TD] [/TR] [TR] [TD][LEFT]apache -- pinot[/LEFT][/TD] [TD][LEFT]In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 [/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26112]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26112') [CONFIRM]('https://lists.apache.org/thread/4pb0r12s2b68d78llk04yd8rh3qk5t9h')[/TD] [/TR] [TR] [TD][LEFT]apache -- pulsar[/LEFT][/TD] [TD][LEFT]Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-24280]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-24280') [MISC]('https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v')[/TD] [/TR] [TR] [TD][LEFT]apache -- pulsar_java_client [/LEFT][/TD] [TD][LEFT]TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-33682]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-33682') [MISC]('https://lists.apache.org/thread/l0ynfl161qghwfcgbbl8ld9hzbl9t3yx')[/TD] [/TR] [TR] [TD][LEFT]apache -- pulsar_java_client [/LEFT][/TD] [TD][LEFT]Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-33683]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-33683') [MISC]('https://lists.apache.org/thread/42v5rsxj36r3nhfxhmhb2x12r5jmvx3x')[/TD] [/TR] [TR] [TD][LEFT]apache -- pulsar_java_client [/LEFT][/TD] [TD][LEFT]Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-33681]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-33681') [MISC]('https://lists.apache.org/thread/fpo6x10trvn20hlk0dmnr5vlz5v4kl3d')[/TD] [/TR] [TR] [TD][LEFT]apache -- xml_graphics[/LEFT][/TD] [TD][LEFT]Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38648]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38648') [MISC]('https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b')[/TD] [/TR] [TR] [TD][LEFT]apache -- xml_graphics[/LEFT][/TD] [TD][LEFT]Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40146]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40146') [MISC]('https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx')[/TD] [/TR] [TR] [TD][LEFT]apache -- xml_graphics[/LEFT][/TD] [TD][LEFT]Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38398]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38398') [MISC]('https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32783]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32783') [MISC]('https://support.apple.com/en-us/HT213257')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32782]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32782') [MISC]('https://support.apple.com/en-us/HT213257')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32818]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32818') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26707]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26707') [MISC]('https://support.apple.com/en-us/HT213257')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32801]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32801') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32798]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32798') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32852]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32852') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32789]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32789') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32880]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32880') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26696]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26696') [MISC]('https://support.apple.com/en-us/HT213257')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos_monterey[/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32796]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32796') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-36521]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36521') [MISC]('https://support.apple.com/en-us/HT211847') [MISC]('https://support.apple.com/en-us/HT211844') [MISC]('https://support.apple.com/en-us/HT211843') [MISC]('https://support.apple.com/en-us/HT211846') [MISC]('https://support.apple.com/en-us/HT211850') [MISC]('https://support.apple.com/en-us/HT211952')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32849]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32849') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32807]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32807') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32868]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32868') [MISC]('https://support.apple.com/en-us/HT213442') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32799]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32799') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32795') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32790]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32790') [MISC]('https://support.apple.com/en-us/HT213256') [MISC]('https://support.apple.com/en-us/HT213257') [MISC]('https://support.apple.com/en-us/HT213254') [MISC]('https://support.apple.com/en-us/HT213255') [MISC]('https://support.apple.com/en-us/HT213253') [MISC]('https://support.apple.com/en-us/HT213258')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32797]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32797') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32786]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32786') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32851]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32851') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32785]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32785') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32788]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32788') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32886]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32886') [MISC]('https://support.apple.com/en-us/HT213442') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2/') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ/')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32882]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32882') [MISC]('https://support.apple.com/en-us/HT213256') [MISC]('https://support.apple.com/en-us/HT213257')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32853]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32853') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32908]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32908') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213444') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32883]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32883') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213444') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32911]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32911') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213444') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32847]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32847') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32854') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32872]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32872') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32863]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32863') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213341')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32861]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32861') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213341')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32792]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32792') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213341') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32816]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32816') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32912]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32912') [MISC]('https://support.apple.com/en-us/HT213442') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32843]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32843') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32825]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32825') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32845]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32845') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32802]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32802') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32823]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32823') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32805]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32805') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32917]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32917') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213444') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32817]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32817') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32819]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32819') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32821]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32821') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32829]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32829') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32815]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32815') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32826]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32826') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32820]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32820') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32848]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32848') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22628]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22628') [MISC]('https://support.apple.com/en-us/HT213186') [MISC]('https://support.apple.com/en-us/HT213187') [MISC]('https://support.apple.com/en-us/HT213182') [MISC]('https://support.apple.com/en-us/HT213193') [MISC]('https://support.apple.com/en-us/HT213183')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32828]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32828') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22629]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22629') [MISC]('https://support.apple.com/en-us/HT213188') [MISC]('https://support.apple.com/en-us/HT213186') [MISC]('https://support.apple.com/en-us/HT213187') [MISC]('https://support.apple.com/en-us/HT213182') [MISC]('https://support.apple.com/en-us/HT213193') [MISC]('https://support.apple.com/en-us/HT213183')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32781]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32781') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213257') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213258')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32864]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32864') [MISC]('https://support.apple.com/en-us/HT213443') [MISC]('https://support.apple.com/en-us/HT213444') [MISC]('https://support.apple.com/en-us/HT213445') [MISC]('https://support.apple.com/en-us/HT213446')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32841]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32841') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32842]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32842') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32831]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32831') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32832]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32832') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22610]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22610') [MISC]('https://support.apple.com/en-us/HT213186') [MISC]('https://support.apple.com/en-us/HT213187') [MISC]('https://support.apple.com/en-us/HT213182') [MISC]('https://support.apple.com/en-us/HT213193') [MISC]('https://support.apple.com/en-us/HT213183')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32787]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32787') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213343') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32814]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32814') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213342') [MISC]('https://support.apple.com/en-us/HT213340') [MISC]('https://support.apple.com/en-us/HT213346')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32800]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32800') [MISC]('https://support.apple.com/en-us/HT213344') [MISC]('https://support.apple.com/en-us/HT213345') [MISC]('https://support.apple.com/en-us/HT213343')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22637]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22637') [MISC]('https://support.apple.com/en-us/HT213186') [MISC]('https://support.apple.com/en-us/HT213187') [MISC]('https://support.apple.com/en-us/HT213182') [MISC]('https://support.apple.com/en-us/HT213193') [MISC]('https://support.apple.com/en-us/HT213183')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26700') [MISC]('https://support.apple.com/en-us/HT213257') [MISC]('https://support.apple.com/en-us/HT213254') [MISC]('https://support.apple.com/en-us/HT213253') [MISC]('https://support.apple.com/en-us/HT213260') [MISC]('https://support.apple.com/en-us/HT213258')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products [/LEFT][/TD] [TD][LEFT]A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22624]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22624') [MISC]('https://support.apple.com/en-us/HT213186') [MISC]('https://support.apple.com/en-us/HT213187') [MISC]('https://support.apple.com/en-us/HT213182') [MISC]('https://support.apple.com/en-us/HT213183')[/TD] [/TR] [TR] [TD][LEFT]apple -- swiftnio_extras[/LEFT][/TD] [TD][LEFT]Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko ( https://github.com/vojtarylko ) and reported publicly on GitHub.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3252]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3252') [MISC]('https://github.com/apple/swift-nio-extras/security/advisories/GHSA-773g-x274-8qmf')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23696]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23696') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23693]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23693') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23694]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23694') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23695]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23695') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23692]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23692') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38931]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38931') [MISC]('https://github.com/zer0yu/CVE_Request/blob/master/baijiacms/baijiacmsv4_ssrf.md')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23685]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23685') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37884]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37884') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37877]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37877') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37878]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37878') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37879]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37879') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37880]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37880') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37881]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37881') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37882]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37882') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]aruba_networks -- clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37883]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37883') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt')[/TD] [/TR] [TR] [TD][LEFT]arvados -- arvados[/LEFT][/TD] [TD][LEFT]Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39238]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39238') [CONFIRM]('https://github.com/arvados/arvados/security/advisories/GHSA-87jr-xwhg-cxjv')[/TD] [/TR] [TR] [TD][LEFT]aspire_software -- open_aviation_strategic_engineering_system[/LEFT][/TD] [TD][LEFT]OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40337]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40337') [MISC]('https://www.aspiresoftware.com/companies/oases/') [MISC]('https://gist.github.com/Delson704557/df06fcee0b2676d611aef799e1c4a0e6') [MISC]('https://oases.aero/')[/TD] [/TR] [TR] [TD][LEFT]assura -- global_northstar_club_management[/LEFT][/TD] [TD][LEFT]There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-26959]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-26959') [MISC]('https://www.assurainc.com/services/advisory-services/threat-vuln-assessment/') [MISC]('https://assura.atlassian.net/wiki/spaces/VULNS/pages/1842675717/CVE-2022-26959+Northstar+Club+Management+software+version+6.3+-+Full+Blind+Time-based+SQL+Injection')[/TD] [/TR] [TR] [TD][LEFT]atlassian -- jira[/LEFT][/TD] [TD][LEFT]The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39960]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39960') [MISC]('https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e') [CONFIRM]('https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-history')[/TD] [/TR] [TR] [TD][LEFT]awslabs -- fhir-works-on-aws-authz-smart[/LEFT][/TD] [TD][LEFT]fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s OAuth scope permits when making “search-type” requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39230]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39230') [CONFIRM]('https://github.com/awslabs/fhir-works-on-aws-authz-smart/security/advisories/GHSA-vv7x-7w4m-q72f')[/TD] [/TR] [TR] [TD][LEFT]axiosys -- bento4[/LEFT][/TD] [TD][LEFT]An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40775]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40775') [MISC]('https://github.com/axiomatic-systems/Bento4/issues/758')[/TD] [/TR] [TR] [TD][LEFT]axiosys -- bento4[/LEFT][/TD] [TD][LEFT]An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40774]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40774') [MISC]('https://github.com/axiomatic-systems/Bento4/issues/757')[/TD] [/TR] [TR] [TD][LEFT]bilgi_teknolojileri -- identity_and_directory_management_system[/LEFT][/TD] [TD][LEFT]The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2265]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2265') [CONFIRM]('https://www.usom.gov.tr/bildirim/tr-22-0636')[/TD] [/TR] [TR] [TD][LEFT]bilgi_teknolojileri -- university_library_automation_system[/LEFT][/TD] [TD][LEFT]University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2266]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2266') [CONFIRM]('https://www.usom.gov.tr/bildirim/tr-22-0637')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38177]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38177') [CONFIRM]('https://kb.isc.org/docs/cve-2022-38177') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3') [DEBIAN]('https://www.debian.org/security/2022/dsa-5235') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2795') [CONFIRM]('https://kb.isc.org/docs/cve-2022-2795') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3') [DEBIAN]('https://www.debian.org/security/2022/dsa-5235') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]By sending specific queries to the resolver, an attacker can cause named to crash.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3080]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3080') [CONFIRM]('https://kb.isc.org/docs/cve-2022-3080') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3') [DEBIAN]('https://www.debian.org/security/2022/dsa-5235') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2881]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2881') [CONFIRM]('https://kb.isc.org/docs/cve-2022-2881') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2906]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2906') [CONFIRM]('https://kb.isc.org/docs/cve-2022-2906') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3')[/TD] [/TR] [TR] [TD][LEFT]bind -- bind[/LEFT][/TD] [TD][LEFT]By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38178]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38178') [CONFIRM]('https://kb.isc.org/docs/cve-2022-38178') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/3') [DEBIAN]('https://www.debian.org/security/2022/dsa-5235') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/')[/TD] [/TR] [TR] [TD][LEFT]bolt -- bolt_cms[/LEFT][/TD] [TD][LEFT]Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36532]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36532') [MISC]('http://bolt.com') [MISC]('https://lutrasecurity.com/en/articles/cve-2022-36532/')[/TD] [/TR] [TR] [TD][LEFT]bpcbt -- smartvista_svfe2[/LEFT][/TD] [TD][LEFT]SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38619]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38619') [MISC]('https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-mcc-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38619') [MISC]('http://bpcbt.com') [MISC]('http://smartvista.com')[/TD] [/TR] [TR] [TD][LEFT]bpcbt -- smartvista_svfe2[/LEFT][/TD] [TD][LEFT]SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38617]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38617') [MISC]('http://bpcbt.com') [MISC]('https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-voice-audit-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38617') [MISC]('http://smartvista.com')[/TD] [/TR] [TR] [TD][LEFT]bpcbt -- smartvista_svfe2[/LEFT][/TD] [TD][LEFT]SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38618]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38618') [MISC]('http://bpcbt.com') [MISC]('http://smartvista.com') [MISC]('https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-tariff-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38618')[/TD] [/TR] [TR] [TD][LEFT]budibase -- budibase[/LEFT][/TD] [TD][LEFT]Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3225]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3225') [MISC]('https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df') [CONFIRM]('https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245')[/TD] [/TR] [TR] [TD][LEFT]craft_cms -- craft_cms[/LEFT][/TD] [TD][LEFT]Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37247]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37247') [MISC]('https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627') [MISC]('https://labs.integrity.pt/advisories/cve-2022-37247/')[/TD] [/TR] [TR] [TD][LEFT]craft_cms -- craft_cms[/LEFT][/TD] [TD][LEFT]Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37251]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37251') [MISC]('https://labs.integrity.pt/advisories/cve-2022-37251/') [MISC]('http://craft.com')[/TD] [/TR] [TR] [TD][LEFT]craft_cms -- craft_cms[/LEFT][/TD] [TD][LEFT]Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37246') [MISC]('https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679b') [MISC]('https://labs.integrity.pt/advisories/cve-2022-37246/')[/TD] [/TR] [TR] [TD][LEFT]crestron -- airmedia[/LEFT][/TD] [TD][LEFT]Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40298]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40298') [MISC]('https://www.crestron.com/Security/Security_Advisories') [MISC]('https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf')[/TD] [/TR] [TR] [TD][LEFT]databank -- database_software_accreditation_tracking/presentation_module[/LEFT][/TD] [TD][LEFT]Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2315]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2315') [CONFIRM]('https://www.usom.gov.tr/bildirim/tr-22-0634')[/TD] [/TR] [TR] [TD][LEFT]delta_industrial_automation -- diaenergie[/LEFT][/TD] [TD][LEFT]Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3214]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3214') [MISC]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-03')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40426]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40426') [MISC]('https://github.com/democritus-project/d8s-asns/issues/8') [MISC]('https://pypi.org/project/democritus-networking/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40427]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40427') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-domains/issues/7')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38880]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38880') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://github.com/democritus-project/d8s-urls/issues/8')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38881]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38881') [MISC]('https://pypi.org/project/d8s-archives/') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://github.com/democritus-project/d8s-archives/issues/12')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38882]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38882') [MISC]('https://github.com/democritus-project/d8s-json/issues/9') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://pypi.org/project/d8s-json/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38883]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38883') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://pypi.org/project/d8s-math/') [MISC]('https://github.com/democritus-project/d8s-math/issues/11')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40811]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40811') [MISC]('https://pypi.org/project/democritus-file-system/') [MISC]('https://github.com/democritus-project/d8s-urls/issues/11')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38885]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38885') [MISC]('https://pypi.org/project/d8s-netstrings/') [MISC]('https://github.com/democritus-project/d8s-netstrings/issues/4') [MISC]('https://pypi.org/project/democritus-strings/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38886]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38886') [MISC]('https://github.com/democritus-project/d8s-xml/issues/10') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://pypi.org/project/d8s-xml/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38887]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38887') [MISC]('https://pypi.org/project/d8s-python/') [MISC]('https://pypi.org/project/democritus-strings/') [MISC]('https://github.com/democritus-project/d8s-python/issues/36')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40812]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40812') [MISC]('https://pypi.org/project/democritus-file-system/') [MISC]('https://github.com/democritus-project/d8s-pdfs/issues/6')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40428]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40428') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-mpeg/issues/5')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40432]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40432') [MISC]('https://pypi.org/project/d8s-strings/') [MISC]('https://pypi.org/project/democritus-hypothesis/') [MISC]('https://github.com/democritus-project/d8s-strings/issues/21')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38884]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38884') [MISC]('https://github.com/democritus-project/d8s-grammars/issues/6') [MISC]('https://pypi.org/project/d8s-grammars/') [MISC]('https://pypi.org/project/democritus-strings/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40429]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40429') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-ip-addresses/issues/12')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40430]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40430') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-utility/issues/9')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40425]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40425') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-html/issues/11')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40810]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40810') [MISC]('https://github.com/democritus-project/d8s-ip-addresses/issues/13') [MISC]('https://pypi.org/project/democritus-hypothesis/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40431]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40431') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-pdfs/issues/5')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40424]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40424') [MISC]('https://pypi.org/project/democritus-networking/') [MISC]('https://github.com/democritus-project/d8s-urls/issues/9')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40806]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40806') [MISC]('https://pypi.org/project/democritus-hypothesis/') [MISC]('https://github.com/democritus-project/d8s-uuids/issues/5')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40807]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40807') [MISC]('https://pypi.org/project/democritus-hypothesis/') [MISC]('https://github.com/democritus-project/d8s-domains/issues/8')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40808]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40808') [MISC]('https://github.com/democritus-project/d8s-dates/issues/26') [MISC]('https://pypi.org/project/democritus-hypothesis/')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40809]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40809') [MISC]('https://pypi.org/project/democritus-hypothesis/') [MISC]('https://github.com/democritus-project/d8s-dicts/issues/6')[/TD] [/TR] [TR] [TD][LEFT]democritus -- democritus[/LEFT][/TD] [TD][LEFT]The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40805]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40805') [MISC]('https://pypi.org/project/democritus-hypothesis/') [MISC]('https://github.com/democritus-project/d8s-urls/issues/10')[/TD] [/TR] [TR] [TD][LEFT]doufox -- doufox[/LEFT][/TD] [TD][LEFT]Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38621]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38621') [MISC]('https://github.com/Doufox/Doufox/issues/7')[/TD] [/TR] [TR] [TD][LEFT]drakkan -- sftpgo[/LEFT][/TD] [TD][LEFT]SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39220]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39220') [CONFIRM]('https://github.com/drakkan/sftpgo/security/advisories/GHSA-cf7g-cm7q-rq7f')[/TD] [/TR] [TR] [TD][LEFT]drawio -- drawio[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3223]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3223') [MISC]('https://github.com/jgraph/drawio/commit/ea012baba6fb2e903797fa6306833ca4f31ab361') [CONFIRM]('https://huntr.dev/bounties/125791b6-3a68-4235-8866-6bc3a52332ba')[/TD] [/TR] [TR] [TD][LEFT]emakin -- 6kare_emakin[/LEFT][/TD] [TD][LEFT]6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-25491]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-25491') [MISC]('https://gist.github.com/mhmtayberk/969add4b6c77f122a3a3a0cb00e2975b')[/TD] [/TR] [TR] [TD][LEFT]enumatech -- secp256kl-js[/LEFT][/TD] [TD][LEFT]The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41340]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41340') [MISC]('https://github.com/lionello/secp256k1-js/compare/1.0.1...1.1.0') [MISC]('https://github.com/lionello/secp256k1-js/issues/11') [MISC]('https://www.npmjs.com/package/@lionello/secp256k1-js') [MISC]('https://github.com/lionello/secp256k1-js/commit/302800f0370b42e360a33774bb808274ac729c2e')[/TD] [/TR] [TR] [TD][LEFT]erlang -- erlang_otp[/LEFT][/TD] [TD][LEFT]In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37026]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37026') [MISC]('https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15') [MISC]('https://erlangforums.com/c/erlang-news-announcements/91') [CONFIRM]('https://erlangforums.com/t/otp-25-1-released/1854')[/TD] [/TR] [TR] [TD][LEFT]evoh -- claimable[/LEFT][/TD] [TD][LEFT]Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35621]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35621') [MISC]('https://github.com/MacherCS/CVE_Evoh_Contract')[/TD] [/TR] [TR] [TD][LEFT]fabasoft -- fabasoft_cloud_enterprise_client[/LEFT][/TD] [TD][LEFT]The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-29908]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29908') [MISC]('https://www.compass-security.com/fileadmin/Research/Advisories/2022_13_CSNC-2022-010_LPE_Cloud_Client.txt') [MISC]('https://help.cloud.fabasoft.com/index.php?topic=doc/Technical-Information-eng/the-fabasoft-cloud-enterprise-client.htm')[/TD] [/TR] [TR] [TD][LEFT]fastly -- js-compute-runtime[/LEFT][/TD] [TD][LEFT]The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the `Math.random` and `crypto.getRandomValues` methods fail to use sufficiently random values. The initial value to seed the PRNG (pseudorandom number generator) is baked-in to the final WebAssembly module, making the sequence of random values for that specific WebAssembly module predictable. An attacker can use the fixed seed to predict random numbers generated by these functions and bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators. The problem has been patched in version 0.5.3. No known workarounds exist.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39218]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39218') [CONFIRM]('https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-cmr8-5w4c-44v8')[/TD] [/TR] [TR] [TD][LEFT]festo -- multiple_products[/LEFT][/TD] [TD][LEFT]Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3079]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3079') [CONFIRM]('https://cert.vde.com/en/advisories/VDE-2022-036')[/TD] [/TR] [TR] [TD][LEFT]ffmpeg -- ffmpeg [/LEFT][/TD] [TD][LEFT]A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc(). An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05[/i][/LEFT][i][/i][/TD][i] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2566]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2566') [MISC]('https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05')[/TD] [/i][/TR][i] [TR] [TD][LEFT]forgerock -- ldap_connector[/LEFT][/TD] [TD][LEFT]When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-0143]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-0143') [MISC]('https://backstage.forgerock.com/downloads/browse/idm/featured/connectors') [MISC]('https://backstage.forgerock.com/knowledge/kb/article/a11380515')[/TD] [/TR] [TR] [TD][LEFT]frrouting -- frrouting[/LEFT][/TD] [TD][LEFT]An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37032]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37032') [CONFIRM]('https://bugzilla.suse.com/show_bug.cgi?id=1202023') [MISC]('https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921') [MISC]('https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed')[/TD] [/TR] [TR] [TD][LEFT]genesys -- pureconnect[/LEFT][/TD] [TD][LEFT]Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37775]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37775') [MISC]('http://genesys.com') [MISC]('https://cxsecurity.com/issue/WLB-2022090038') [MISC]('https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf') [MISC]('http://packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html')[/TD] [/TR] [TR] [TD][LEFT]ghas-to-csv -- ghas-to-csv[/LEFT][/TD] [TD][LEFT]some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39217]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39217') [MISC]('https://github.com/some-natalie/ghas-to-csv/commit/d0b521928fa734513b5cd9c7d9d8e09db50e884a') [CONFIRM]('https://github.com/some-natalie/ghas-to-csv/security/advisories/GHSA-634p-93h9-92vh')[/TD] [/TR] [TR] [TD][LEFT]glpi -- glpi [/LEFT][/TD] [TD][LEFT]The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-39190]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-39190') [CONFIRM]('https://github.com/pluginsGLPI/sccm/security/advisories/GHSA-3324-57w6-jxcq') [MISC]('https://github.com/pluginsGLPI/sccm/commit/29a7f92d32a0cf9aa3f22c52c50b738274d2813e')[/TD] [/TR] [TR] [TD][LEFT]glpi -- glpi[/LEFT][/TD] [TD][LEFT]/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35914]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35914') [MISC]('http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed') [MISC]('https://github.com/glpi-project/glpi/releases') [MISC]('https://glpi-project.org/fr/glpi-10-0-3-disponible/')[/TD] [/TR] [TR] [TD][LEFT]grafana -- grafana[/LEFT][/TD] [TD][LEFT]Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/ [/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35957]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35957') [CONFIRM]('https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q')[/TD] [/TR] [TR] [TD][LEFT]grafana -- grafana [/LEFT][/TD] [TD][LEFT]Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36062]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36062') [CONFIRM]('https://github.com/grafana/grafana/security/advisories/GHSA-p978-56hq-r492')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- curl[/LEFT][/TD] [TD][LEFT]When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35252]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35252') [MISC]('https://hackerone.com/reports/1613943')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35248]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35248') [MISC]('https://hackerone.com/reports/1448268')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32219]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32219') [MISC]('https://hackerone.com/reports/1140631')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35251]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35251') [MISC]('https://hackerone.com/reports/1401268')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35250]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35250') [MISC]('https://hackerone.com/reports/917946')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32211]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32211') [MISC]('https://hackerone.com/reports/1581059')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35249]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35249') [MISC]('https://hackerone.com/reports/1410246')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32220]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32220') [MISC]('https://hackerone.com/reports/1410246')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35247]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35247') [MISC]('https://hackerone.com/reports/1447440')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32217]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32217') [MISC]('https://hackerone.com/reports/1394399')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35246') [MISC]('https://hackerone.com/reports/1458020')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32229]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32229') [MISC]('https://hackerone.com/reports/1446767')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32227]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32227') [MISC]('https://hackerone.com/reports/1517377')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32226]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32226') [MISC]('https://hackerone.com/reports/1410357')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat[/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32218]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32218') [MISC]('https://hackerone.com/reports/1406953')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat [/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32228]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32228') [MISC]('https://hackerone.com/reports/1377105')[/TD] [/TR] [TR] [TD][LEFT]hackerone -- rocket.chat_mobile_app[/LEFT][/TD] [TD][LEFT]An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30124]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30124') [MISC]('https://hackerone.com/reports/1126414')[/TD] [/TR] [TR] [TD][LEFT]hashicorp -- consul[/LEFT][/TD] [TD][LEFT]HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-41803]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-41803') [MISC]('https://www.hashicorp.com/blog/category/consul') [MISC]('https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627')[/TD] [/TR] [TR] [TD][LEFT]hashicorp -- multiple_products [/LEFT][/TD] [TD][LEFT]HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40716]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40716') [MISC]('https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628') [MISC]('https://discuss.hashicorp.com')[/TD] [/TR] [TR] [TD][LEFT]hashicorp -- vault[/LEFT][/TD] [TD][LEFT]An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40186]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40186') [MISC]('https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550') [MISC]('https://discuss.hashicorp.com')[/TD] [/TR] [TR] [TD][LEFT]hcltech -- hcl_digital_experience[/LEFT][/TD] [TD][LEFT]User input included in error response, which could be used in a phishing attack.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-27774]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-27774') [MISC]('https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100491')[/TD] [/TR] [TR] [TD][LEFT]helpsystems -- cobalt_strike[/LEFT][/TD] [TD][LEFT]An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39197]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39197') [MISC]('https://www.cobaltstrike.com/blog/tag/release/') [MISC]('https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/')[/TD] [/TR] [TR] [TD][LEFT]hoek -- hoek[/LEFT][/TD] [TD][LEFT]hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-36604]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36604') [MISC]('https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452)') [MISC]('https://github.com/hapijs/hoek/issues/352')[/TD] [/TR] [TR] [TD][LEFT]honeywell -- softmaster[/LEFT][/TD] [TD][LEFT]If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2333]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2333') [CONFIRM]('https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf') [CONFIRM]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02')[/TD] [/TR] [TR] [TD][LEFT]honeywell -- softmaster[/LEFT][/TD] [TD][LEFT]A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2332]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2332') [CONFIRM]('https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf') [CONFIRM]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02')[/TD] [/TR] [TR] [TD][LEFT]hpe -- integrated_lights-out_5[/LEFT][/TD] [TD][LEFT]A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28637]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28637') [MISC]('https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us')[/TD] [/TR] [TR] [TD][LEFT]hpe -- integrated_lights-out_5[/LEFT][/TD] [TD][LEFT]An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28638]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28638') [MISC]('https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us')[/TD] [/TR] [TR] [TD][LEFT]hpe -- integrated_lights-out_5[/LEFT][/TD] [TD][LEFT]A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28639]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28639') [MISC]('https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us')[/TD] [/TR] [TR] [TD][LEFT]hpe -- integrated_lights-out_5[/LEFT][/TD] [TD][LEFT]A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28640]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28640') [MISC]('https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us')[/TD] [/TR] [TR] [TD][LEFT]huawei -- cv81-wdm_fw[/LEFT][/TD] [TD][LEFT]A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37395]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37395') [MISC]('https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220810-01-8cfecdcc-en')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39003]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39003') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-40019]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-40019') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-36600]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36600') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39002]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39002') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-40023]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-40023') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- emui/magic_ui[/LEFT][/TD] [TD][LEFT]Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-36601]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36601') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39001]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39001') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39000]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39000') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-46836]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46836') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39008]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39008') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-40017]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-40017') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39010]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39010') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39009]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39009') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39007]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39007') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39006]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39006') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39005]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39005') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39004]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39004') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-40024]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-40024') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- harmonyos[/LEFT][/TD] [TD][LEFT]The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38999]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38999') [MISC]('https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845') [MISC]('https://consumer.huawei.com/en/support/bulletin/2022/9/')[/TD] [/TR] [TR] [TD][LEFT]huawei -- jad-al50[/LEFT][/TD] [TD][LEFT]A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-46834]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46834') [MISC]('https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220819-01-7e0a6103-en')[/TD] [/TR] [TR] [TD][LEFT]huawei -- multiple_products[/LEFT][/TD] [TD][LEFT]There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-36602]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36602') [MISC]('https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en')[/TD] [/TR] [TR] [TD][LEFT]huawei -- ws7200-10[/LEFT][/TD] [TD][LEFT]There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-46835]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46835') [MISC]('https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en')[/TD] [/TR] [TR] [TD][LEFT]huawei -- ws7200-10[/LEFT][/TD] [TD][LEFT]There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-33735]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-33735') [MISC]('https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220628-01-2eda0853-en')[/TD] [/TR] [TR] [TD][LEFT]hyperledger -- besu[/LEFT][/TD] [TD][LEFT]Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36025]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36025') [CONFIRM]('https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x')[/TD] [/TR] [TR] [TD][LEFT]ibm -- common_cryptographic_architecture[/LEFT][/TD] [TD][LEFT]IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22423]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22423') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/223596') [CONFIRM]('https://www.ibm.com/support/pages/node/6695893')[/TD] [/TR] [TR] [TD][LEFT]ibm -- hyperledger_fabric[/LEFT][/TD] [TD][LEFT]A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35253]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35253') [MISC]('https://github.com/hyperledger/fabric/pull/3577') [MISC]('https://github.com/hyperledger/fabric/pull/3576') [MISC]('https://github.com/hyperledger/fabric/pull/3572')[/TD] [/TR] [TR] [TD][LEFT]ibm -- infosphere[/LEFT][/TD] [TD][LEFT]IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40748]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40748') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/236586') [CONFIRM]('https://www.ibm.com/support/pages/node/6695961')[/TD] [/TR] [TR] [TD][LEFT]ibm -- jazz[/LEFT][/TD] [TD][LEFT]IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35721]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35721') [CONFIRM]('https://www.ibm.com/support/pages/node/6695811') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/231380')[/TD] [/TR] [TR] [TD][LEFT]ibm -- maximo_asset_management[/LEFT][/TD] [TD][LEFT]IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40616]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40616') [CONFIRM]('https://www.ibm.com/support/pages/node/6621599') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/236311')[/TD] [/TR] [TR] [TD][LEFT]ibm -- spectrum_protect_plus[/LEFT][/TD] [TD][LEFT]IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40608]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40608') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/235873') [CONFIRM]('https://www.ibm.com/support/pages/node/6620209')[/TD] [/TR] [TR] [TD][LEFT]ibm -- spectrum_protect_plus[/LEFT][/TD] [TD][LEFT]Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40234]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40234') [CONFIRM]('https://www.ibm.com/support/pages/node/6619947') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/235718')[/TD] [/TR] [TR] [TD][LEFT]ibm – sterling_partner_engagement_manager [/LEFT][/TD] [TD][LEFT]IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34348]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34348') [CONFIRM]('https://www.ibm.com/support/pages/node/6695927') [XF]('https://exchange.xforce.ibmcloud.com/vulnerabilities/230017')[/TD] [/TR] [TR] [TD][LEFT]icecoder -- icecoder[/LEFT][/TD] [TD][LEFT]ICEcoder v8.1 allows attackers to execute a directory traversal.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34026]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34026') [MISC]('https://gist.github.com/enferas/85cdbadf5cba32ec7c8db6ea9e6833bf') [MISC]('https://github.com/icecoder/ICEcoder/blob/master/classes/Settings.php') [MISC]('http://icecoder.com') [MISC]('https://github.com/icecoder/ICEcoder/blob/master/lib/settings.php') [MISC]('https://github.com/icecoder/ICEcoder')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- minarca[/LEFT][/TD] [TD][LEFT]Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3251]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3251') [MISC]('https://github.com/ikus060/minarca/commit/7b5c7e6cbd59268d5cd4f1b5f42e721db116f71a') [CONFIRM]('https://huntr.dev/bounties/b9a1b411-060b-4235-9426-e39bd0a1d6d9')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- minarca[/LEFT][/TD] [TD][LEFT]Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3268]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3268') [CONFIRM]('https://huntr.dev/bounties/00e464ce-53b9-485d-ac62-6467881654c2') [MISC]('https://github.com/ikus060/minarca/commit/7b5c7e6cbd59268d5cd4f1b5f42e721db116f71a')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- rdiffweb[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3232]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3232') [CONFIRM]('https://huntr.dev/bounties/15c8fd98-7f50-4d46-b013-42710af1f99c') [MISC]('https://github.com/ikus060/rdiffweb/commit/422791ea45713aaaa865bdca74addb9fffd93a71')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- rdiffweb[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3233]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3233') [CONFIRM]('https://huntr.dev/bounties/5ec206e0-eca0-4957-9af4-fdd9185d1db3') [MISC]('https://github.com/ikus060/rdiffweb/commit/18a5aabd48fa6d2d2771a25f95610c28a1a097ca')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- rdiffweb[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3267]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3267') [CONFIRM]('https://huntr.dev/bounties/7b6ec9f4-4fe9-4716-8dba-3491ffa3f6f2') [MISC]('https://github.com/ikus060/rdiffweb/commit/20fc0d304412cc569b21f31e52cb8b94094d6314')[/TD] [/TR] [TR] [TD][LEFT]ikus-soft -- rdiffweb[/LEFT][/TD] [TD][LEFT]Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3250]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3250') [CONFIRM]('https://huntr.dev/bounties/39889a3f-8bb7-448a-b0d4-a18c671bbd23') [MISC]('https://github.com/ikus060/rdiffweb/commit/ac334dd27ceadac0661b1e2e059a8423433c3fee')[/TD] [/TR] [TR] [TD][LEFT]ikus060 -- rdiffweb[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3274]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3274') [MISC]('https://github.com/ikus060/rdiffweb/commit/e974df75bdbcff3996ad70bd1b4424ec1485ea3f') [CONFIRM]('https://huntr.dev/bounties/8834c356-4ddb-4be7-898b-d76f480e9c3f')[/TD] [/TR] [TR] [TD][LEFT]ikus060 -- rdiffweb[/LEFT][/TD] [TD][LEFT]Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3269]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3269') [CONFIRM]('https://huntr.dev/bounties/67c25969-5e7a-4424-817e-e1a918f63cc6') [MISC]('https://github.com/ikus060/rdiffweb/commit/39e7dcd4a1f44d2a7bd92b79d78a800910b1b22b')[/TD] [/TR] [TR] [TD][LEFT]imagemagick -- imagemagick[/LEFT][/TD] [TD][LEFT]A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3213]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3213') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2126824') [MISC]('https://access.redhat.com/security/cve/CVE-2022-3213') [MISC]('https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2') [MISC]('https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750')[/TD] [/TR] [TR] [TD][LEFT]incibe -- grandstream_gsd3710[/LEFT][/TD] [TD][LEFT]In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2070]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2070') [CONFIRM]('https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710')[/TD] [/TR] [TR] [TD][LEFT]incibe -- grandstream_gsd3710[/LEFT][/TD] [TD][LEFT]an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2025]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2025') [CONFIRM]('https://www.incibe-cert.es/en/early-warning/security-advisories/buffer-overflow-vulnerabilities-grandstream-gsd3710')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh20[/LEFT][/TD] [TD][LEFT]An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36338]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36338') [MISC]('https://www.insyde.com/security-pledge') [MISC]('https://www.insyde.com/security-pledge/SA-2022029') [MISC]('https://binarly.io/advisories/BRLY-2022-017/index.html')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh2o[/LEFT][/TD] [TD][LEFT]An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35894]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35894') [MISC]('https://www.insyde.com/security-pledge') [MISC]('https://www.insyde.com/security-pledge/SA-2022030') [MISC]('https://binarly.io/advisories/BRLY-2022-018/index.html')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh2o[/LEFT][/TD] [TD][LEFT]An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35895]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35895') [MISC]('https://binarly.io/advisories/BRLY-2022-024/index.html') [MISC]('https://www.insyde.com/security-pledge/SA-2022033') [MISC]('https://www.insyde.com/security-pledge')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh2o[/LEFT][/TD] [TD][LEFT]An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35408]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35408') [MISC]('https://www.insyde.com/security-pledge') [MISC]('https://www.insyde.com/security-pledge/SA-2022031') [MISC]('https://binarly.io/advisories/BRLY-2022-022/index.html')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh2o[/LEFT][/TD] [TD][LEFT]An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35896]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35896') [MISC]('https://www.insyde.com/security-pledge/SA-2022034') [MISC]('https://www.insyde.com/security-pledge') [MISC]('https://binarly.io/advisories/BRLY-2022-025/index.html')[/TD] [/TR] [TR] [TD][LEFT]insyde -- insydeh2o[/LEFT][/TD] [TD][LEFT]An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35893]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35893') [MISC]('https://www.insyde.com/security-pledge/SA-2022035') [MISC]('https://www.insyde.com/security-pledge') [MISC]('https://binarly.io/advisories/BRLY-2022-026/index.html')[/TD] [/TR] [TR] [TD][LEFT]interview_management_system -- interview_management_system[/LEFT][/TD] [TD][LEFT]Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38576]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38576') [MISC]('https://github.com/gith-boot/bug_report/blob/main/vendors/janobe/interview-management-system/SQLi-1.md')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23554]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23554') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23553]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23553') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23556]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23556') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23551]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23551') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23552]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23552') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23555]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23555') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23550]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23550') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23557]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23557') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23560]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23560') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23559]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23559') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]irfanview -- irfanview[/LEFT][/TD] [TD][LEFT]IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-23558]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-23558') [MISC]('https://www.irfanview.com/plugins.htm') [MISC]('https://github.com/nhiephon/Research')[/TD] [/TR] [TR] [TD][LEFT]ivanty -- endpoint_manager_client[/LEFT][/TD] [TD][LEFT]The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30121]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30121') [MISC]('https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US')[/TD] [/TR] [TR] [TD][LEFT]jasper -- jasper[/LEFT][/TD] [TD][LEFT]JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40755]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40755') [MISC]('https://github.com/jasper-software/jasper/issues/338')[/TD] [/TR] [TR] [TD][LEFT]jeesns -- jeesns[/LEFT][/TD] [TD][LEFT]A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38550]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38550') [MISC]('https://github.com/Pick-program/JEESNS/issues/1')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- anchore_container_image_scanner[/LEFT][/TD] [TD][LEFT]Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41225]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41225') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2821')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- apprenda[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41251]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41251') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2710') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- bigpanda_notifier[/LEFT][/TD] [TD][LEFT]Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41248]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41248') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- bigpanda_notifier[/LEFT][/TD] [TD][LEFT]Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41247]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41247') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- build-publisher[/LEFT][/TD] [TD][LEFT]Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41230]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41230') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1994')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- build-publisher[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41232]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41232') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2139')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- build-publisher[/LEFT][/TD] [TD][LEFT]Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41231]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41231') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2139')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- compuware_common_configuration[/LEFT][/TD] [TD][LEFT]Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41226]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41226') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2832')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- cons3rt[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41253]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41253') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2751') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- cons3rt[/LEFT][/TD] [TD][LEFT]Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41254]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41254') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2751') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- cons3rt[/LEFT][/TD] [TD][LEFT]Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41255]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41255') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- cons3rt[/LEFT][/TD] [TD][LEFT]Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41252]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41252') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2752') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- dotci[/LEFT][/TD] [TD][LEFT]Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41239]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41239') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2884')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- dotci[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41238]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41238') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2867')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- dotci[/LEFT][/TD] [TD][LEFT]Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41237]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41237') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1737')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- extreme-feedback[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41242]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41242') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2001')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41224]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41224') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2886')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- ns-nd_integration_performance_publisher[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41227]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41227') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- ns-nd_integration_performance_publisher[/LEFT][/TD] [TD][LEFT]Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41229]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41229') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2858')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- ns-nd_integration_performance_publisher[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41228]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41228') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- rqm[/LEFT][/TD] [TD][LEFT]Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41241]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41241') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2805')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- rundeck[/LEFT][/TD] [TD][LEFT]Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41234]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41234') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2169')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- rundeck[/LEFT][/TD] [TD][LEFT]Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41233]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41233') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2170')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- scm_httpclient[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41250]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41250') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2708') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- scm_httpclient[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41249]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41249') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2708') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/21/5')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- security_inspector[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41236]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41236') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- smalltest[/LEFT][/TD] [TD][LEFT]Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41243]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41243') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2068')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- view26_test-reporting[/LEFT][/TD] [TD][LEFT]Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41244]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41244') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2069')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- walti[/LEFT][/TD] [TD][LEFT]Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41240]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41240') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1870')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- wildfly_deployer[/LEFT][/TD] [TD][LEFT]Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41235]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41235') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- worksoft_execution_manager[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41246') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- worksoft_execution_manager[/LEFT][/TD] [TD][LEFT]A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41245]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41245') [CONFIRM]('https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237')[/TD] [/TR] [TR] [TD][LEFT]jetbrains -- intellij_idea[/LEFT][/TD] [TD][LEFT]The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40978]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40978') [CONFIRM]('https://www.jetbrains.com/privacy-security/issues-fixed/')[/TD] [/TR] [TR] [TD][LEFT]jetbrains -- team_city[/LEFT][/TD] [TD][LEFT]In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40979]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40979') [MISC]('https://www.jetbrains.com/privacy-security/issues-fixed/')[/TD] [/TR] [TR] [TD][LEFT]jettison -- jettison[/LEFT][/TD] [TD][LEFT]Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40149]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40149') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538') [CONFIRM]('https://github.com/jettison-json/jettison/issues/45')[/TD] [/TR] [TR] [TD][LEFT]jettison -- jettison[/LEFT][/TD] [TD][LEFT]Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40150]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40150') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549') [CONFIRM]('https://github.com/jettison-json/jettison/issues/45')[/TD] [/TR] [TR] [TD][LEFT]jfinal_cms -- jfinal_cms[/LEFT][/TD] [TD][LEFT]JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37205]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37205') [MISC]('https://github.com/AgainstTheLight/CVE-2022-37205/blob/main/README.md') [MISC]('https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql8.md')[/TD] [/TR] [TR] [TD][LEFT]jfinal_cms -- jfinal_cms[/LEFT][/TD] [TD][LEFT]Final CMS 5.1.0 is vulnerable to SQL Injection.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37204]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37204') [MISC]('https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql7.md') [MISC]('https://github.com/AgainstTheLight/CVE-2022-37204/blob/main/README.md')[/TD] [/TR] [TR] [TD][LEFT]jfinal_cms -- jfinal_cms[/LEFT][/TD] [TD][LEFT]JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37203]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37203') [MISC]('https://github.com/AgainstTheLight/CVE-2022-37203/blob/main/README.md') [MISC]('https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql3.md')[/TD] [/TR] [TR] [TD][LEFT]jodit_editor -- jodit_editor[/LEFT][/TD] [TD][LEFT]Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23461]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23461') [CONFIRM]('https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/')[/TD] [/TR] [TR] [TD][LEFT]kayrasoft -- kayrasoft[/LEFT][/TD] [TD][LEFT]Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2177]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2177') [CONFIRM]('https://www.usom.gov.tr/bildirim/tr-22-0630')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23948]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23948') [MISC]('https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607') [MISC]('https://seclists.org/oss-sec/2022/q1/101') [MISC]('https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-43310]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-43310') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r') [MISC]('https://seclists.org/oss-sec/2022/q1/101')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23950]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23950') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-9r9r-f8xc-m875') [MISC]('https://seclists.org/oss-sec/2022/q1/101') [MISC]('https://github.com/keylime/keylime/commit/ea5d0373fa2c050d5d95404eb779be7e8327b911')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23949]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23949') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-87gh-qc28-j9mm') [MISC]('https://github.com/keylime/keylime/commit/e429e95329fc60608713ddfb82f4a92ee3b3d2d9') [MISC]('https://seclists.org/oss-sec/2022/q1/101') [MISC]('https://github.com/keylime/keylime/commit/65c2b737129b5837f4a03660aeb1191ced275a57') [MISC]('https://github.com/keylime/keylime/commit/387e320dc22c89f4f47c68cb37eb9eec2137f34b')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23952]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23952') [MISC]('https://seclists.org/oss-sec/2022/q1/101') [MISC]('https://github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8')[/TD] [/TR] [TR] [TD][LEFT]keylime -- keylime[/LEFT][/TD] [TD][LEFT]In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23951]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23951') [MISC]('https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2') [MISC]('https://seclists.org/oss-sec/2022/q1/101') [MISC]('https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355')[/TD] [/TR] [TR] [TD][LEFT]kfm -- kfm[/LEFT][/TD] [TD][LEFT]Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40359]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40359') [MISC]('https://cxsecurity.com/issue/WLB-2022090057') [MISC]('https://code.google.com/archive/p/kfm/downloads')[/TD] [/TR] [TR] [TD][LEFT]kisa -- bigfileagent[/LEFT][/TD] [TD][LEFT]An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23766]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23766') [MISC]('https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66925')[/TD] [/TR] [TR] [TD][LEFT]kisa -- nis-hap11ac[/LEFT][/TD] [TD][LEFT]This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23768]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23768') [MISC]('https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66928')[/TD] [/TR] [TR] [TD][LEFT]kisa -- securegate[/LEFT][/TD] [TD][LEFT]This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23767]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23767') [MISC]('https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66926')[/TD] [/TR] [TR] [TD][LEFT]kitty -- kitty[/LEFT][/TD] [TD][LEFT]In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41322]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41322') [MISC]('https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2') [MISC]('https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f') [MISC]('https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes') [MISC]('https://bugs.gentoo.org/868543')[/TD] [/TR] [TR] [TD][LEFT]knot -- resolver[/LEFT][/TD] [TD][LEFT]Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40188]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40188') [CONFIRM]('https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558')[/TD] [/TR] [TR] [TD][LEFT]kubernetes -- cri-o[/LEFT][/TD] [TD][LEFT]Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2995]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2995') [MISC]('https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/') [MISC]('https://github.com/cri-o/cri-o/pull/6159')[/TD] [/TR] [TR] [TD][LEFT]librenms -- librenms[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3231]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3231') [MISC]('https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8') [CONFIRM]('https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f')[/TD] [/TR] [TR] [TD][LEFT]liferay -- liferay_portal[/LEFT][/TD] [TD][LEFT]Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28981]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28981') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28981-path-traversal-vulnerability-in-hypermedia-rest-apis')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28977]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28977') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash') [MISC]('http://liferay.com')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28982]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28982') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28982-reflected-xss-with-tag-name-in-%253Cliferay-asset-asset-tags-selector%253E') [MISC]('http://liferay.com')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39975]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39975') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28980]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28980') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_*-parameters-in-applied-fragment-filters')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38512]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38512') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28979]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28979') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget') [MISC]('https://issues.liferay.com/browse/LPE-17381')[/TD] [/TR] [TR] [TD][LEFT]liferay -- multiple_products[/LEFT][/TD] [TD][LEFT]Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28978]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28978') [MISC]('http://liferay.com') [MISC]('https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel[/LEFT][/TD] [TD][LEFT]An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36402]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36402') [MISC]('https://bugzilla.openanolis.cn/show_bug.cgi?id=2072')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel[/LEFT][/TD] [TD][LEFT]A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3239]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3239') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel[/LEFT][/TD] [TD][LEFT]mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41222]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41222') [MISC]('https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3') [MISC]('https://bugs.chromium.org/p/project-zero/issues/detail?id=2347') [MISC]('https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2') [MISC]('http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel[/LEFT][/TD] [TD][LEFT]In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41218]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41218') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c') [MISC]('https://lore.kernel.org/all/[email protected]/') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/23/4') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/24/1') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/24/2')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel[/LEFT][/TD] [TD][LEFT]drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40768]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40768') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c') [MISC]('https://www.openwall.com/lists/oss-security/2022/09/09/1') [MISC]('https://lore.kernel.org/all/[email protected]/') [MLIST]('http://www.openwall.com/lists/oss-security/2022/09/19/1')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux_kernel [/LEFT][/TD] [TD][LEFT]There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2785]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2785') [CONFIRM]('https://git.kernel.org/bpf/bpf/c/86f44fcec22c') [CONFIRM]('https://lore.kernel.org/bpf/[email protected]/T/#t')[/TD] [/TR] [TR] [TD][LEFT]linux -- linux-pam[/LEFT][/TD] [TD][LEFT]The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28321]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28321') [MISC]('https://www.suse.com/security/cve/CVE-2022-28321.html') [MISC]('http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/') [MISC]('https://bugzilla.suse.com/show_bug.cgi?id=1197654')[/TD] [/TR] [TR] [TD][LEFT]logcheck -- logcheck[/LEFT][/TD] [TD][LEFT]In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2017-20148]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-20148') [MISC]('https://bugs.gentoo.org/630752') [GENTOO]('https://security.gentoo.org/glsa/202209-10')[/TD] [/TR] [TR] [TD][LEFT]mattermost -- mattermost[/LEFT][/TD] [TD][LEFT]Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3257]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3257') [MISC]('https://hackerone.com/reports/1620170') [MISC]('https://mattermost.com/security-updates/')[/TD] [/TR] [TR] [TD][LEFT]mcwebserver -- mcwebserver[/LEFT][/TD] [TD][LEFT]McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39221]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39221') [CONFIRM]('https://github.com/J-onasJones/McWebserver/security/advisories/GHSA-gcvq-42cx-r46q') [MISC]('https://github.com/J-onasJones/McWebserver/pull/1')[/TD] [/TR] [TR] [TD][LEFT]measuresoft -- scadapro[/LEFT][/TD] [TD][LEFT]The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3263]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3263') [CONFIRM]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01')[/TD] [/TR] [TR] [TD][LEFT]mediawiki -- mediawiki[/LEFT][/TD] [TD][LEFT]An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28201]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28201') [MISC]('https://phabricator.wikimedia.org/T297571') [MISC]('https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html') [MLIST]('https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html')[/TD] [/TR] [TR] [TD][LEFT]mediawiki -- mediawiki[/LEFT][/TD] [TD][LEFT]A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28204]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28204') [MISC]('https://phabricator.wikimedia.org/T297754')[/TD] [/TR] [TR] [TD][LEFT]mediawiki -- mediawiki[/LEFT][/TD] [TD][LEFT]A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28203]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28203') [MISC]('https://phabricator.wikimedia.org/T297731') [MLIST]('https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html')[/TD] [/TR] [TR] [TD][LEFT]mend -- cloudreve[/LEFT][/TD] [TD][LEFT]Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-32167]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-32167') [MISC]('https://www.mend.io/vulnerability-database/CVE-2022-32167')[/TD] [/TR] [TR] [TD][LEFT]microsoft -- endpoint_configuration_manager[/LEFT][/TD] [TD][LEFT]Microsoft Endpoint Configuration Manager Spoofing Vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37972]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37972') [MISC]('https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37972')[/TD] [/TR] [TR] [TD][LEFT]microsoft -- networkd-dispatcher[/LEFT][/TD] [TD][LEFT]A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-29799]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29799') [MISC]('https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/')[/TD] [/TR] [TR] [TD][LEFT]microsoft -- networkd-dispatcher[/LEFT][/TD] [TD][LEFT]A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-29800]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29800') [MISC]('https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/')[/TD] [/TR] [TR] [TD][LEFT]microsoft -- windows_ui_desktop [/LEFT][/TD] [TD][LEFT]A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35257]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35257') [MISC]('https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed')[/TD] [/TR] [TR] [TD][LEFT]microweber -- microweber[/LEFT][/TD] [TD][LEFT]Code Injection in GitHub repository microweber/microweber prior to 1.3.2.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3242]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3242') [CONFIRM]('https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf') [MISC]('https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c')[/TD] [/TR] [TR] [TD][LEFT]microweber -- microweber[/LEFT][/TD] [TD][LEFT]HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3245]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3245') [MISC]('https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc') [CONFIRM]('https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0')[/TD] [/TR] [TR] [TD][LEFT]modern_campus -- omni_cms[/LEFT][/TD] [TD][LEFT]Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40766]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40766') [MISC]('https://gist.github.com/Mr-Akuma/8d84b564fb051caa1b1ea31b24f6b9fb') [MISC]('https://moderncampus.com/products/web-content-management.html')[/TD] [/TR] [TR] [TD][LEFT]msi -- center[/LEFT][/TD] [TD][LEFT]Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38532]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38532') [MISC]('https://github.com/nam3lum/msi-central_privesc')[/TD] [/TR] [TR] [TD][LEFT]mz_automation -- libiec61850[/LEFT][/TD] [TD][LEFT]MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2973]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2973') [MISC]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01')[/TD] [/TR] [TR] [TD][LEFT]mz_automation -- libiec61850[/LEFT][/TD] [TD][LEFT]MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2971]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2971') [MISC]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01')[/TD] [/TR] [TR] [TD][LEFT]mz_automation -- libiec61850[/LEFT][/TD] [TD][LEFT]MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2970]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2970') [MISC]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01')[/TD] [/TR] [TR] [TD][LEFT]mz_automation -- libiec61850 [/LEFT][/TD] [TD][LEFT]MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2972]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2972') [MISC]('https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01')[/TD] [/TR] [TR] [TD][LEFT]necta -- wifi_mouse[/LEFT][/TD] [TD][LEFT]Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3218]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3218') [MISC]('https://github.com/rapid7/metasploit-framework/pull/16985') [MISC]('https://www.exploit-db.com/exploits/50972') [MISC]('https://www.exploit-db.com/exploits/49601') [MISC]('https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py')[/TD] [/TR] [TR] [TD][LEFT]nepxion_discovery -- nepxion_discovery[/LEFT][/TD] [TD][LEFT]Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23464]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23464') [MISC]('https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/')[/TD] [/TR] [TR] [TD][LEFT]nepxion_discovery -- nepxion_discovery [/LEFT][/TD] [TD][LEFT]Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23463]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23463') [MISC]('https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/')[/TD] [/TR] [TR] [TD][LEFT]netgear -- n300_router[/LEFT][/TD] [TD][LEFT]Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37232]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37232') [MISC]('https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x429cbc.md') [MISC]('https://www.netgear.com/support/download/?model=WNR2000v4') [MISC]('https://www.netgear.com/about/security/')[/TD] [/TR] [TR] [TD][LEFT]netgear -- n300_wireless_router_wnr2000v4[/LEFT][/TD] [TD][LEFT]Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-31937]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-31937') [MISC]('https://www.netgear.com/support/download/?model=WNR2000v4') [MISC]('https://github.com/Davidteeri/Bug-Report/blob/main/netgear-n300-0x4297B4.md') [MISC]('https://www.netgear.com/about/security/')[/TD] [/TR] [TR] [TD][LEFT]netgear -- nighthawk_router[/LEFT][/TD] [TD][LEFT]Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37235]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37235') [MISC]('https://github.com/Davidteeri/Bug-Report/blob/main/netgear-R7000-0x461bc.md') [MISC]('https://www.netgear.com/about/security/') [MISC]('https://www.netgear.com/support/download/?model=R7000')[/TD] [/TR] [TR] [TD][LEFT]netgear -- nighthawk_router[/LEFT][/TD] [TD][LEFT]Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37234]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37234') [MISC]('https://github.com/Davidteeri/Bug-Report/blob/main/netgear-R7000-0x461bc-strncpy.md') [MISC]('https://www.netgear.com/about/security/') [MISC]('https://www.netgear.com/support/download/?model=R7000')[/TD] [/TR] [TR] [TD][LEFT]netgear -- wpn824ext_wifi_range_extender[/LEFT][/TD] [TD][LEFT]An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38955]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38955') [MISC]('https://www.netgear.com/about/security/') [MISC]('https://hackmd.io/@eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s')[/TD] [/TR] [TR] [TD][LEFT]netgear -- wpn824ext_wifi_range_extender[/LEFT][/TD] [TD][LEFT]An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38956]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38956') [MISC]('https://www.netgear.com/about/security/') [MISC]('https://hackmd.io/@eupX2KdkT6iNpqJUWk9p4A/SyAnOSd1s')[/TD] [/TR] [TR] [TD][LEFT]netlify -- netlify-ipx[/LEFT][/TD] [TD][LEFT]netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39239]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39239') [CONFIRM]('https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98')[/TD] [/TR] [TR] [TD][LEFT]nextcloud -- security-advisories[/LEFT][/TD] [TD][LEFT]Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39210]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39210') [CONFIRM]('https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f') [MISC]('https://github.com/nextcloud/android/pull/10544')[/TD] [/TR] [TR] [TD][LEFT]nextcloud -- security-advisories[/LEFT][/TD] [TD][LEFT]Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39212]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39212') [CONFIRM]('https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wq3g-2x46-q2gv') [MISC]('https://github.com/nextcloud/spreed/pull/7673')[/TD] [/TR] [TR] [TD][LEFT]nextcloud -- security-advisories[/LEFT][/TD] [TD][LEFT]Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39211]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39211') [MISC]('https://github.com/nextcloud/server/pull/32988') [CONFIRM]('https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8') [MISC]('https://github.com/nextcloud/server/pull/33031')[/TD] [/TR] [TR] [TD][LEFT]nhn -- toast_ui_grid[/LEFT][/TD] [TD][LEFT]Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23458]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23458') [CONFIRM]('https://securitylab.github.com/advisories/GHSL-2022-029_nhn_tui_grid/') [MISC]('https://github.com/nhn/tui.grid/commit/e9db5968675ae113c07efc091cce210f2b26854f')[/TD] [/TR] [TR] [TD][LEFT]nokia -- 1350_optical_management_system[/LEFT][/TD] [TD][LEFT]An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40712]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40712') [MISC]('https://www.gruppotim.it/it/footer/red-team.html')[/TD] [/TR] [TR] [TD][LEFT]nokia -- 1350_optical_management_system[/LEFT][/TD] [TD][LEFT]An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40713]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40713') [MISC]('https://www.gruppotim.it/it/footer/red-team.html')[/TD] [/TR] [TR] [TD][LEFT]nokia -- 1350_optical_management_system[/LEFT][/TD] [TD][LEFT]An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40714]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40714') [MISC]('https://www.gruppotim.it/it/footer/red-team.html')[/TD] [/TR] [TR] [TD][LEFT]nokia -- 1350_optical_management_system[/LEFT][/TD] [TD][LEFT]An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40715]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40715') [MISC]('https://www.gruppotim.it/it/footer/red-team.html')[/TD] [/TR] [TR] [TD][LEFT]octoprint -- octoprint[/LEFT][/TD] [TD][LEFT]Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2872]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2872') [MISC]('https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0') [CONFIRM]('https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56')[/TD] [/TR] [TR] [TD][LEFT]octoprint -- octoprint[/LEFT][/TD] [TD][LEFT]Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3068]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3068') [CONFIRM]('https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884') [MISC]('https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571')[/TD] [/TR] [TR] [TD][LEFT]octoprint -- octoprint[/LEFT][/TD] [TD][LEFT]If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2888]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2888') [MISC]('https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4') [CONFIRM]('https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40117]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40117') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection2.md') [MISC]('https://github.com/zakee94/online-banking-system/issues/17')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40113]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40113') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection3.md') [MISC]('https://github.com/zakee94/online-banking-system/issues/18')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40122]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40122') [MISC]('https://github.com/zakee94/online-banking-system/issues/15') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection10.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40118]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40118') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection4.md') [MISC]('https://github.com/zakee94/online-banking-system/issues/19')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40114]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40114') [MISC]('https://github.com/zakee94/online-banking-system/issues/16') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection5.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40116]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40116') [MISC]('https://github.com/zakee94/online-banking-system/issues/13') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection9.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40119]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40119') [MISC]('https://github.com/zakee94/online-banking-system/issues/11') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection6.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40120]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40120') [MISC]('https://github.com/zakee94/online-banking-system/issues/14') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection7.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40121]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40121') [MISC]('https://github.com/zakee94/online-banking-system/issues/12') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection8.md')[/TD] [/TR] [TR] [TD][LEFT]online banking system -- online banking system[/LEFT][/TD] [TD][LEFT]Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40115]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40115') [MISC]('https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection1.md') [MISC]('https://github.com/zakee94/online-banking-system/issues/10')[/TD] [/TR] [TR] [TD][LEFT]online_pet_shop_web_application -- online_pet_shop_web_application[/LEFT][/TD] [TD][LEFT]Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40934]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40934') [MISC]('https://github.com/lime-10010/Bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/SQLi-3.md')[/TD] [/TR] [TR] [TD][LEFT]online_pet_shop_web_application -- online_pet_shop_web_application[/LEFT][/TD] [TD][LEFT]Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40933]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40933') [MISC]('https://github.com/lime-10010/Bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/SQLi-1.md')[/TD] [/TR] [TR] [TD][LEFT]online_pet_shop_web_application -- online_pet_shop_web_application[/LEFT][/TD] [TD][LEFT]Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40935]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40935') [MISC]('https://github.com/lime-10010/Bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/SQLi-2.md')[/TD] [/TR] [TR] [TD][LEFT]open5gs -- open5gs[/LEFT][/TD] [TD][LEFT]When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39063]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39063') [MISC]('https://www.synopsys.com/blogs/software-security/cyrc-advisory-open5gs/')[/TD] [/TR] [TR] [TD][LEFT]openwrt -- openwrt[/LEFT][/TD] [TD][LEFT]Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38333]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38333') [MISC]('https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176') [MISC]('https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176') [MISC]('https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176')[/TD] [/TR] [TR] [TD][LEFT]opswat -- metadefender[/LEFT][/TD] [TD][LEFT]A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40778]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40778') [MISC]('https://www.opswat.com/products/metadefender/icap') [CONFIRM]('https://docs.opswat.com/mdicap/release-notes')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35030]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35030') [MISC]('https://drive.google.com/file/d/15y2h3Z7LR3mgpoQ2QE2yM_my9i8A77AA/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35030.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35037]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35037') [MISC]('https://drive.google.com/file/d/12SuaaZOa_I7ndwttQqaLWkBTWcIfTgu9/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35037.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35070]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35070') [MISC]('https://drive.google.com/file/d/13_Iq4Uj3B4iz07N8qWYhx_bZd618F6YN/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35070.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35024]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35024') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35024.md') [MISC]('https://drive.google.com/file/d/1s0VrWOJea_RRUJpZ0zgHV83NwGZlrIMt/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35060]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35060') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35060.md') [MISC]('https://drive.google.com/file/d/1VYQgASJR85XpuaakJJxRh_HmAoa61Nce/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35039]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35039') [MISC]('https://drive.google.com/file/d/1EEF3Qb6qqaQrSdkxuaTLJB92bCfSi3od/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35039.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35038]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35038') [MISC]('https://drive.google.com/file/d/1jhHvfkoD7fuMWbrhYxbOnJaSeW-Y2lKI/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35038.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35032]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35032') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35032.md') [MISC]('https://drive.google.com/file/d/1dldtU6kKgZbFdgQi4Md0p3t8RPOtKTG-/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35023]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35023') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35023.md') [MISC]('https://drive.google.com/file/d/17O7YeqDeVdrBJ1doBw46AvPIwQyYu0wM/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35036]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35036') [MISC]('https://drive.google.com/file/d/1tcZhjgZse-a8W6vOiBmdQhxtAVr2xyK0/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35036.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35028]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35028') [MISC]('https://drive.google.com/file/d/15hma-XPdkV0NfZZweuyYuxa8rMAfKbRG/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35028.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35065]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35065') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35065.md') [MISC]('https://drive.google.com/file/d/1emVd7wtL-kIhpSrl0ynkuci2KsSnaoO9/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35031]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35031') [MISC]('https://drive.google.com/file/d/1ekHL103KNESRt8yFKhRfnhyzqlYRRUfs/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35031.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35029]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35029') [MISC]('https://drive.google.com/file/d/1x0eGL9tYqc7BEapsTqD78FTu9H8GKZ6l/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35029.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35034]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35034') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35034.md') [MISC]('https://drive.google.com/file/d/14qQpo_APymGhcKMU8B0epT20ImFC02LR/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35062]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35062') [MISC]('https://drive.google.com/file/d/10KZeJTraCRuFED4y6Dv0XyPA-QJydKSa/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35062.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35027]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35027') [MISC]('https://drive.google.com/file/d/1UEIyEM_nozYHYjSfc0HbbVnrR2oV9QJQ/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35027.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35026]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35026') [MISC]('https://drive.google.com/file/d/13A5FLmr3NiQZMNUpd9ir3owrnbn5lZbO/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35026.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35035]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35035') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35035.md') [MISC]('https://drive.google.com/file/d/1sRs48QDA0PSTYLUdkGyh_tvqs61yXNi7/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35061]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35061') [MISC]('https://drive.google.com/file/d/1q7LJap9D_gyo-L64b3Nhfc4zEC-_mcH3/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35061.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35063]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35063') [MISC]('https://drive.google.com/file/d/1VW_6SXTGWABHMqW6m-hpfpbedaJFFG5b/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35063.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35025]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35025') [MISC]('https://drive.google.com/file/d/1aXat1h1gl1HqxVNdS1ryFVp8Y3nD4TGZ/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35025.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35066]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35066') [MISC]('https://drive.google.com/file/d/1zUk2e65kK-htzApaQZguAQgT6nqq4S7J/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35066.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35064]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35064') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35064.md') [MISC]('https://drive.google.com/file/d/1btOL19V9nmB4BCUBSQ2fViABe3tMZ8mp/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35067]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35067') [MISC]('https://drive.google.com/file/d/12PsreXrpGGy0Rx2URDd4XmlPPh5wVLmF/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35067.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35068]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35068') [MISC]('https://drive.google.com/file/d/193D7sPydmZiciaRD3r1UK_V3VT17GJFA/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35068.md')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35069]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35069') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35069.md') [MISC]('https://drive.google.com/file/d/1MRrjkDzgaSXPuA994xggZcEAH-QfAvXK/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35021]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35021') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35021.md') [MISC]('https://drive.google.com/file/d/1Aer3pVGg3ZZrdlGOfMhdnSqAjOQj_3xK/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]otfcc -- otfcc[/LEFT][/TD] [TD][LEFT]OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35022]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35022') [MISC]('https://drive.google.com/file/d/15eb-k1eDCeVLgb1G9JUSFHmGHHkDc79z/view?usp=sharing') [MISC]('https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35022.md')[/TD] [/TR] [TR] [TD][LEFT]owasp -- modsecurity_core_rule_set[/LEFT][/TD] [TD][LEFT]The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39955]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39955') [CONFIRM]('https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/')[/TD] [/TR] [TR] [TD][LEFT]owasp -- modsecurity_core_rule_set[/LEFT][/TD] [TD][LEFT]The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39957]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39957') [CONFIRM]('https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/')[/TD] [/TR] [TR] [TD][LEFT]owasp -- modsecurity_core_rule_set[/LEFT][/TD] [TD][LEFT]The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39958]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39958') [CONFIRM]('https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/')[/TD] [/TR] [TR] [TD][LEFT]owasp -- modsecurity_core_rule_set[/LEFT][/TD] [TD][LEFT]The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39956]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39956') [CONFIRM]('https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/')[/TD] [/TR] [TR] [TD][LEFT]pagekit -- pagekit[/LEFT][/TD] [TD][LEFT]A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38916]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38916') [MISC]('https://github.com/pagekit/pagekit/issues/970')[/TD] [/TR] [TR] [TD][LEFT]parantez_teknoloji -- kohac[/LEFT][/TD] [TD][LEFT]The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-0495]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-0495') [CONFIRM]('https://www.usom.gov.tr/bildirim/tr-22-0635')[/TD] [/TR] [TR] [TD][LEFT]paritytech -- frontier[/LEFT][/TD] [TD][LEFT]Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. This issue has been patched in commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39242]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39242') [MISC]('https://github.com/paritytech/frontier/pull/851') [CONFIRM]('https://github.com/paritytech/frontier/security/advisories/GHSA-v57h-6hmh-g2p4')[/TD] [/TR] [TR] [TD][LEFT]parse-community -- parse-server[/LEFT][/TD] [TD][LEFT]Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow users to authenticate using the Parse Server authentication adapter where `appIds` is set as a string instead of an array of strings authenticate requests from an app with a different app ID than the one specified in the `appIds` configuration. For this vulnerability to be exploited, an attacker needs to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID. This issue is patched in versions 4.10.16 and 5.2.7. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39231]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39231') [CONFIRM]('https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22')[/TD] [/TR] [TR] [TD][LEFT]parse-community -- parse-server[/LEFT][/TD] [TD][LEFT]Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object. Note that assigning a session to another user does not usually change the privileges of either of the two users, and a user cannot assign their own session to another user. This issue is patched in version 4.10.15 and above, and 5.2.6 and above. To mitigate this issue in unpatched versions add a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39225]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39225') [CONFIRM]('https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp')[/TD] [/TR] [TR] [TD][LEFT]pbc -- pbc[/LEFT][/TD] [TD][LEFT]An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38936]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38936') [MISC]('https://github.com/cloudwu/pbc/issues/158')[/TD] [/TR] [TR] [TD][LEFT]pds -- vista_7[/LEFT][/TD] [TD][LEFT]The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34002]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34002') [MISC]('https://assurainc.com') [MISC]('https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion')[/TD] [/TR] [TR] [TD][LEFT]pimcore -- pimcore[/LEFT][/TD] [TD][LEFT]If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3255]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3255') [CONFIRM]('https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902') [MISC]('https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b')[/TD] [/TR] [TR] [TD][LEFT]processmaker -- processmaker[/LEFT][/TD] [TD][LEFT]ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38577]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38577') [MISC]('http://processmaker.com') [MISC]('https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing') [MISC]('http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.html')[/TD] [/TR] [TR] [TD][LEFT]profanity -- profanity[/LEFT][/TD] [TD][LEFT]profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40769]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40769') [MISC]('https://github.com/johguse/profanity/issues/61') [MISC]('https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c') [MISC]('https://github.com/johguse/profanity')[/TD] [/TR] [TR] [TD][LEFT]protobuf -- multiple_products[/LEFT][/TD] [TD][LEFT]A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-1941]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1941') [CONFIRM]('https://cloud.google.com/support/bulletins#GCP-2022-019') [CONFIRM]('https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf')[/TD] [/TR] [TR] [TD][LEFT]python-jwt -- python-jwt[/LEFT][/TD] [TD][LEFT]python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39227]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39227') [MISC]('https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9') [CONFIRM]('https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp') [MISC]('https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25708]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25708') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22094]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22094') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25686]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25686') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22095]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22095') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25688]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25688') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22093]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22093') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25706]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25706') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25696]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25696') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22091]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22091') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22092]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22092') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25656]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25656') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25690]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25690') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25693]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25693') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25653]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25653') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22089]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22089') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22074]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22074') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22081]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22081') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25654]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25654') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25670]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25670') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22105]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22105') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-22066]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22066') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- multiple_products[/LEFT][/TD] [TD][LEFT]Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25669]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25669') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]qualcomm -- snapdragon_wired_infrastructure_and_networking[/LEFT][/TD] [TD][LEFT]Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25652]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25652') [CONFIRM]('https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin')[/TD] [/TR] [TR] [TD][LEFT]rapid7 -- insightvm[/LEFT][/TD] [TD][LEFT]Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2019-5641]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5641') [CONFIRM]('https://docs.rapid7.com/release-notes/insightvm/20220830/')[/TD] [/TR] [TR] [TD][LEFT]redis -- redis[/LEFT][/TD] [TD][LEFT]Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35951]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35951') [CONFIRM]('https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9') [FEDORA]('https://lists.fedoraproject.org/archives/list/[email protected]/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/')[/TD] [/TR] [TR] [TD][LEFT]renlm -- mygraph[/LEFT][/TD] [TD][LEFT]MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.[/LEFT][/TD] [TD][CENTER]2022-09-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39240]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39240') [CONFIRM]('https://github.com/renlm/MyGraph/security/advisories/GHSA-hj4j-923h-927j')[/TD] [/TR] [TR] [TD][LEFT]rockwell_automation-- thinmanager_thinserver[/LEFT][/TD] [TD][LEFT]Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38742]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38742') [MISC]('https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847')[/TD] [/TR] [TR] [TD][LEFT]ruby-arr-pm -- ruby-arr-pm[/LEFT][/TD] [TD][LEFT]Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the `extract` and `files` methods of the `RPM::File` class of this library. Version 0.0.12 patches these issues. A workaround for this issue is to ensure any RPMs being processed contain valid/known payload compressor values such as gzip, bzip2, xz, zstd, and lzma. The payload compressor field in an rpm can be checked by using the rpm command line tool.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39224]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39224') [MISC]('https://github.com/jordansissel/ruby-arr-pm/pull/15') [CONFIRM]('https://github.com/jordansissel/ruby-arr-pm/security/advisories/GHSA-88cv-mj24-8w3q') [MISC]('https://github.com/jordansissel/ruby-arr-pm/pull/14')[/TD] [/TR] [TR] [TD][LEFT]safe -- fme_server[/LEFT][/TD] [TD][LEFT]Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38339]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38339') [MISC]('https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]safe -- fme_server[/LEFT][/TD] [TD][LEFT]Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38340]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38340') [MISC]('https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload')[/TD] [/TR] [TR] [TD][LEFT]safe -- fme_server[/LEFT][/TD] [TD][LEFT]Safe Software FME Server v2021.2.5 and below does not employ server-side validation.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38341]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38341') [MISC]('https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/,') [MISC]('https://community.safe.com/s/article/Known-Issue-Lack-of-server-side-validation-when-creating-a-new-user-in-FME-Server') [MISC]('https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40759]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40759') [MISC]('https://github.com/Samsung/mTower/issues/80') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1249')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40758]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40758') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1224') [MISC]('https://github.com/Samsung/mTower/issues/81')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40760]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40760') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1188') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/crypto/libtomcrypt/include/tomcrypt_hash.h#L397') [MISC]('https://github.com/Samsung/mTower/issues/81')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40761]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40761') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/tee/tee_svc_cryp.c#L1248') [MISC]('https://github.com/Samsung/mTower/issues/83') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/tee/tee_obj.c#L109')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40762]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40762') [MISC]('https://github.com/Samsung/mTower/issues/82') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api.c#L319')[/TD] [/TR] [TR] [TD][LEFT]samsung -- mtower[/LEFT][/TD] [TD][LEFT]A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40757]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40757') [MISC]('https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1031') [MISC]('https://github.com/Samsung/mTower/issues/81')[/TD] [/TR] [TR] [TD][LEFT]scala -- scala[/LEFT][/TD] [TD][LEFT]Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36944]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36944') [MISC]('https://www.scala-lang.org/download/') [MISC]('https://github.com/scala/scala/pull/10118')[/TD] [/TR] [TR] [TD][LEFT]smokeping -- smokeping[/LEFT][/TD] [TD][LEFT]In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2016-20015]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-20015') [MISC]('https://bugs.gentoo.org/602652')[/TD] [/TR] [TR] [TD][LEFT]smokeping -- smokeping[/LEFT][/TD] [TD][LEFT]In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2017-20147]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-20147') [MISC]('https://bugs.gentoo.org/631140') [GENTOO]('https://security.gentoo.org/glsa/202209-08')[/TD] [/TR] [TR] [TD][LEFT]snipe-it -- snipe-it[/LEFT][/TD] [TD][LEFT]Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3173]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3173') [CONFIRM]('https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9') [MISC]('https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2')[/TD] [/TR] [TR] [TD][LEFT]solidigm -- ssd_dc_products[/LEFT][/TD] [TD][LEFT]Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-33076]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-33076') [MISC]('https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf')[/TD] [/TR] [TR] [TD][LEFT]solidigm -- ssd_dc_products[/LEFT][/TD] [TD][LEFT]Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-33081]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-33081') [MISC]('https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf')[/TD] [/TR] [TR] [TD][LEFT]solidigm -- ssd_dc_products[/LEFT][/TD] [TD][LEFT]Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-33079]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-33079') [MISC]('https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf')[/TD] [/TR] [TR] [TD][LEFT]sophos -- firewall[/LEFT][/TD] [TD][LEFT]A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3236]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3236') [CONFIRM]('https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- news247_news_magazine_(cms)[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-41731]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-41731') [MISC]('http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html') [MISC]('https://www.sourcecodester.com') [MISC]('https://cxsecurity.com/issue/WLB-2022090039')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- online_tours_and_travels_management_system[/LEFT][/TD] [TD][LEFT]Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40093]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40093') [MISC]('https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-3.md')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- online_tours_and_travels_management_system[/LEFT][/TD] [TD][LEFT]Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40092]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40092') [MISC]('https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- online_tours_and_travels_management_system[/LEFT][/TD] [TD][LEFT]Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40091]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40091') [MISC]('https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-1.md')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_college[/LEFT][/TD] [TD][LEFT]Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40088]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40088') [MISC]('https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip') [MISC]('https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html') [MISC]('https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-xss-1f13228233a')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_college[/LEFT][/TD] [TD][LEFT]A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40089]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40089') [MISC]('https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip') [MISC]('https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html') [MISC]('https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-rfi-cff8d827572e')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_college[/LEFT][/TD] [TD][LEFT]Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40087]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40087') [MISC]('https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip') [MISC]('https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html') [MISC]('https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-unauthenticated-arbitrary-file-upload-rce-44341831bec8')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_task_managing_system[/LEFT][/TD] [TD][LEFT]SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40030]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40030') [MISC]('https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html') [MISC]('http://simple.com') [MISC]('https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_task_managing_system[/LEFT][/TD] [TD][LEFT]SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40026]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40026') [MISC]('https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL1.md')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_task_managing_system[/LEFT][/TD] [TD][LEFT]SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40027]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40027') [MISC]('https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md') [MISC]('https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html') [MISC]('http://simple.com')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_task_managing_system[/LEFT][/TD] [TD][LEFT]SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40028]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40028') [MISC]('https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md') [MISC]('https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html') [MISC]('http://simple.com')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_task_managing_system[/LEFT][/TD] [TD][LEFT]SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40029]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40029') [MISC]('https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md') [MISC]('https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html') [MISC]('http://simple.com')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- storage_unit_rental_management_system[/LEFT][/TD] [TD][LEFT]A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-42597]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-42597') [MISC]('https://cxsecurity.com/issue/WLB-2022090036') [MISC]('https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html')[/TD] [/TR] [TR] [TD][LEFT]steal -- steal[/LEFT][/TD] [TD][LEFT]A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37259]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37259') [MISC]('https://github.com/stealjs/steal/issues/1528') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54124') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L54129')[/TD] [/TR] [TR] [TD][LEFT]steal -- steal[/LEFT][/TD] [TD][LEFT]Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37265]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37265') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4569') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/babel.js#L4216') [MISC]('https://github.com/stealjs/steal/issues/1534')[/TD] [/TR] [TR] [TD][LEFT]steal -- steal[/LEFT][/TD] [TD][LEFT]Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37258]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37258') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362') [MISC]('https://github.com/stealjs/steal/issues/1527') [MISC]('https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L369')[/TD] [/TR] [TR] [TD][LEFT]supremainc -- biostar_2[/LEFT][/TD] [TD][LEFT]A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38351]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38351') [MISC]('https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx') [MISC]('https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator/')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35090]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35090') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35090.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35085') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35085.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35091]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35091') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35091.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35094]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35094') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35094.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35093]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35093') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35093.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35092]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35092') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35092.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35097]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35097') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35097.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35098]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35098') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35098.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35089]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35089') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35089.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35099]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35099') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35099.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/182')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35088]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35088') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35088.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40008]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40008') [MISC]('https://github.com/matthiaskramm/swftools/issues/188')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40009]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40009') [MISC]('https://github.com/matthiaskramm/swftools/issues/190')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35096]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35096') [MISC]('https://github.com/matthiaskramm/swftools/issues/182') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35096.md')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35087]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35087') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35087.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35095]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35095') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35095.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/182')[/TD] [/TR] [TR] [TD][LEFT]swftools -- swftools[/LEFT][/TD] [TD][LEFT]SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35086]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35086') [MISC]('https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35086.md') [MISC]('https://github.com/matthiaskramm/swftools/issues/181')[/TD] [/TR] [TR] [TD][LEFT]tacitine -- firewall[/LEFT][/TD] [TD][LEFT]This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40630]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40630') [MISC]('https://tacitine.com/newdownload/CVE-2022-40630.pdf') [MISC]('https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363')[/TD] [/TR] [TR] [TD][LEFT]tacitine -- firewall[/LEFT][/TD] [TD][LEFT]This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40628]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40628') [MISC]('https://tacitine.com/newdownload/CVE-2022-40628.pdf') [MISC]('https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363')[/TD] [/TR] [TR] [TD][LEFT]tacitine -- firewall[/LEFT][/TD] [TD][LEFT]This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40629]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40629') [MISC]('https://tacitine.com/newdownload/CVE-2022-40629.pdf') [MISC]('https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363')[/TD] [/TR] [TR] [TD][LEFT]tenable -- visam_vbase[/LEFT][/TD] [TD][LEFT]When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3217]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3217') [MISC]('https://www.tenable.com/security/research/tra-2022-31')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40865]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40865') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSchedWifi.md') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSchedWifi.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40864]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40864') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSmartPowerManagement.md') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSmartPowerManagement.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40862]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40862') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromNatStaticSetting.md') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromNatStaticSetting.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40860]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40860') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/formSetQosBand.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40851]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40851') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac18[/LEFT][/TD] [TD][LEFT]Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40861]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40861') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/formSetQosBand.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac18[/LEFT][/TD] [TD][LEFT]Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40854') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40071]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40071') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/2')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40067]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40067') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/9')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40068]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40068') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/10')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40070]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40070') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/8')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40075]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40075') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/1')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40072]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40072') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/7')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40069]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40069') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/6')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40074]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40074') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/3')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40076]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40076') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/4')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac21[/LEFT][/TD] [TD][LEFT]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40073]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40073') [MISC]('https://github.com/xxy1126/Vuln/tree/main/Tenda%20AC21/5')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40103]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40103') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formSetAutoPing.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40104]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40104') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formwrlSSIDget.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40102]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40102') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formwrlSSIDset.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40106]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40106') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_set_local_time.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40105]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40105') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formWifiMacFilterGet.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40100]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40100') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/Command_Injection_formexeCommand.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40101]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40101') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formWifiMacFilterSet.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- i9[/LEFT][/TD] [TD][LEFT]Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40107]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40107') [MISC]('https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/Tenda/Tenda_i9/buffer_overflow_formexeCommand.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- multiple_products[/LEFT][/TD] [TD][LEFT]Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40869]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40869') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromDhcpListClient-list.md') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromDhcpListClient-list.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w20e[/LEFT][/TD] [TD][LEFT]Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40868]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40868') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formDelDhcpRule.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w20e[/LEFT][/TD] [TD][LEFT]Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40855]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40855') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formSetPortMapping.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w20e [/LEFT][/TD] [TD][LEFT]Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40867]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40867') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formIPMacBindDel.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w20e [/LEFT][/TD] [TD][LEFT]Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40866]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40866') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/setDebugCfg.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- ac15[/LEFT][/TD] [TD][LEFT]Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40853]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40853') [MISC]('https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/form_fast_setting_wifi_set.md')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35959]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35959') [MISC]('https://github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14eb') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35965]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35965') [MISC]('https://github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeea') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35964]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35964') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668') [MISC]('https://github.com/tensorflow/tensorflow/commit/2a458fc4866505be27c62f81474ecb2b870498fa')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35963]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35963') [MISC]('https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35935]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35935') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9') [MISC]('https://github.com/tensorflow/tensorflow/commit/c65c67f88ad770662e8f191269a907bf2b94b1bf')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35941]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35941') [MISC]('https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f') [MISC]('https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35939]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35939') [MISC]('https://github.com/tensorflow/tensorflow/commit/b4d4b4cb019bd7240a52daa4ba61e3cc814f0384') [MISC]('https://github.com/tensorflow/tensorflow/blob/266558ac4c1f361e9a178ee9d3f0ce2e648ae499/tensorflow/lite/kernels/internal/reference/reference_ops.h#L659-L698') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35938]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35938') [MISC]('https://github.com/tensorflow/tflite-micro/blob/1bc98621180a350eb4e8d3318ea8e228c7559b37/tensorflow/lite/micro/kernels/gather_nd.cc#L143-L154') [MISC]('https://github.com/tensorflow/tflite-micro/commit/4142e47e9e31db481781b955ed3ff807a781b494') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3m3g-pf5v-5hpj')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35937]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35937') [MISC]('https://github.com/tensorflow/tensorflow/blob/f463040eb3997e42e60a2ffc6dc72de7ef11dbb4/tensorflow/lite/kernels/gather_nd.cc#L105-L111') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h') [MISC]('https://github.com/tensorflow/tensorflow/commit/595a65a3e224a0362d7e68c2213acfc2b499a196')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36027]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36027') [MISC]('https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr') [MISC]('https://github.com/tensorflow/tensorflow/issues/53767')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35934]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35934') [MISC]('https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35967]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35967') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x') [MISC]('https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35972]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35972') [MISC]('https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35968]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35968') [MISC]('https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35969]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35969') [MISC]('https://github.com/tensorflow/tensorflow/commit/50156d547b9a1da0144d7babe665cf690305b33c') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35970]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35970') [MISC]('https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35971]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35971') [MISC]('https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35966]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35966') [MISC]('https://github.com/tensorflow/tensorflow/commit/7cdf9d4d2083b739ec81cfdace546b0c99f50622') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35973]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35973') [MISC]('https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35974]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35974') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x') [MISC]('https://github.com/tensorflow/tensorflow/commit/73ad1815ebcfeb7c051f9c2f7ab5024380ca8613')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35979]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35979') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x') [MISC]('https://github.com/tensorflow/tensorflow/commit/49b3824d83af706df0ad07e4e677d88659756d89')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35940]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35940') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x') [MISC]('https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192') [MISC]('https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35960]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35960') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4') [MISC]('https://github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7') [MISC]('https://github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.cc#L322-L325')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35983]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35983') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4') [MISC]('https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36018]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36018') [MISC]('https://github.com/tensorflow/tensorflow/commit/88f93dfe691563baa4ae1e80ccde2d5c7a143821') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36000]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36000') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v') [MISC]('https://github.com/tensorflow/tensorflow/commit/aed36912609fc07229b4d0a7b44f3f48efc00fd0')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35982]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35982') [MISC]('https://github.com/tensorflow/tensorflow/commit/40adbe4dd15b582b0210dfbf40c243a62f5119fa') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35952]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35952') [MISC]('https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2') [MISC]('https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35981]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35981') [MISC]('https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36026]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36026') [MISC]('https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35995]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35995') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4') [MISC]('https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35999]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35999') [MISC]('https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36012]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36012') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5') [MISC]('https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc') [MISC]('https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36011]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36011') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f') [MISC]('https://github.com/tensorflow/tensorflow/commit/1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36017]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36017') [MISC]('https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36003]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36003') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq') [MISC]('https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36015]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36015') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j') [MISC]('https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0') [MISC]('https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36016]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36016') [MISC]('https://github.com/tensorflow/tensorflow/commit/6104f0d4091c260ce9352f9155f7e9b725eab012') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc') [MISC]('https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36014]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36014') [MISC]('https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5') [MISC]('https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq') [MISC]('https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36013]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36013') [MISC]('https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5') [MISC]('https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36019]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36019') [MISC]('https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35998]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35998') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5') [MISC]('https://github.com/tensorflow/tensorflow/commit/c8ba76d48567aed347508e0552a257641931024d')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35987]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35987') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49') [MISC]('https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35984]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35984') [MISC]('https://github.com/tensorflow/tensorflow/commit/72180be03447a10810edca700cbc9af690dfeb51') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36005]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36005') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm') [MISC]('https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35985]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35985') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp') [MISC]('https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35986]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35986') [MISC]('https://github.com/tensorflow/tensorflow/commit/7a4591fd4f065f4fa903593bc39b2f79530a74b8') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36001]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36001') [MISC]('https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35988]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35988') [MISC]('https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35989]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35989') [MISC]('https://github.com/tensorflow/tensorflow/commit/32d7bd3defd134f21a4e344c8dfd40099aaf6b18') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35990]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35990') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh') [MISC]('https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35991]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35991') [MISC]('https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35992]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35992') [MISC]('https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35993]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35993') [MISC]('https://github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35994]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35994') [MISC]('https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35996]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35996') [MISC]('https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35997]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35997') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf') [MISC]('https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36002]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36002') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg') [MISC]('https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f')[/TD] [/TR] [TR] [TD][LEFT]tensorflow -- tensorflow[/LEFT][/TD] [TD][LEFT]TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36004]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36004') [MISC]('https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3') [CONFIRM]('https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q')[/TD] [/TR] [TR] [TD][LEFT]tesla -- model_3[/LEFT][/TD] [TD][LEFT]Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37709]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37709') [MISC]('https://youtu.be/cPhYW5FzA9A') [MISC]('https://fmsh-seclab.github.io/') [MISC]('https://github.com/fmsh-seclab/TesMla')[/TD] [/TR] [TR] [TD][LEFT]testlink -- testlink[/LEFT][/TD] [TD][LEFT]TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35194]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35194') [MISC]('https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35194') [MISC]('https://github.com/HuangYuHsiangPhone/CVEs/')[/TD] [/TR] [TR] [TD][LEFT]testlink -- testlink[/LEFT][/TD] [TD][LEFT]TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35196]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35196') [MISC]('https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35196') [MISC]('https://github.com/HuangYuHsiangPhone/CVEs/')[/TD] [/TR] [TR] [TD][LEFT]tibco -- multiple_products[/LEFT][/TD] [TD][LEFT]The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30579]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30579') [CONFIRM]('https://www.tibco.com/services/support/advisories') [CONFIRM]('https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579')[/TD] [/TR] [TR] [TD][LEFT]tibco -- tibco_ebx[/LEFT][/TD] [TD][LEFT]The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30577]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30577') [CONFIRM]('https://www.tibco.com/services/support/advisories') [CONFIRM]('https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-cve-2022-30577')[/TD] [/TR] [TR] [TD][LEFT]tibco -- tibco_ebx_add-ons[/LEFT][/TD] [TD][LEFT]The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-30578]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-30578') [CONFIRM]('https://www.tibco.com/services/support/advisories') [CONFIRM]('https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-add-ons-cve-2022')[/TD] [/TR] [TR] [TD][LEFT]tinyproxy -- tinyproxy[/LEFT][/TD] [TD][LEFT]Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40468]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40468') [MISC]('https://github.com/tinyproxy/tinyproxy') [MISC]('https://github.com/tinyproxy/tinyproxy/issues/457') [MISC]('https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40142]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40142') [N/A]('https://success.trendmicro.com/solution/000291528') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1190/')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40139]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40139') [N/A]('https://success.trendmicro.com/solution/000291528')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40140]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40140') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1189/') [N/A]('https://success.trendmicro.com/solution/000291528')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40144]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40144') [N/A]('https://www.ipa.go.jp/security/ciadr/vul/20220913-jvn.html') [N/A]('https://success.trendmicro.com/solution/000291528') [N/A]('https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553') [N/A]('https://jvn.jp/en/jp/JVN36454862/index.html')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40143]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40143') [N/A]('https://success.trendmicro.com/solution/000291528') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1191/')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- apex_one[/LEFT][/TD] [TD][LEFT]A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40141]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40141') [N/A]('https://success.trendmicro.com/solution/000291528')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- housecall[/LEFT][/TD] [TD][LEFT]A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38764]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38764') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1178/') [N/A]('https://helpcenter.trendmicro.com/en-us/article/tmka-11092')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- mobile_security[/LEFT][/TD] [TD][LEFT]A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40980]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40980') [N/A]('https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- security[/LEFT][/TD] [TD][LEFT]Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34893]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34893') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1175/') [N/A]('https://helpcenter.trendmicro.com/en-us/article/tmka-11053')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- security[/LEFT][/TD] [TD][LEFT]Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37348]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37348') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1177/') [N/A]('https://helpcenter.trendmicro.com/en-us/article/tmka-11058')[/TD] [/TR] [TR] [TD][LEFT]trend_micro -- security[/LEFT][/TD] [TD][LEFT]Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37347]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37347') [N/A]('https://www.zerodayinitiative.com/advisories/ZDI-22-1176/') [N/A]('https://helpcenter.trendmicro.com/en-us/article/tmka-11058')[/TD] [/TR] [TR] [TD][LEFT]uboot -- uboot [/LEFT][/TD] [TD][LEFT]There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2347]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2347') [MISC]('https://seclists.org/oss-sec/2022/q3/41')[/TD] [/TR] [TR] [TD][LEFT]ucms -- ucms[/LEFT][/TD] [TD][LEFT]UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38527]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38527') [MISC]('https://github.com/Zoe0427/UCMS-v1.6/blob/gh-pages/UCMS_v1.6.0%20XSS.md')[/TD] [/TR] [TR] [TD][LEFT]valine -- valine[/LEFT][/TD] [TD][LEFT]Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38545]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38545') [MISC]('https://github.com/xCss/Valine/issues/400')[/TD] [/TR] [TR] [TD][LEFT]velneo -- vclient[/LEFT][/TD] [TD][LEFT]Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-45035]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-45035') [CONFIRM]('https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication') [CONFIRM]('https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/')[/TD] [/TR] [TR] [TD][LEFT]veritas -- desktop_and_laptop_option[/LEFT][/TD] [TD][LEFT]A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41319]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41319') [MISC]('https://www.veritas.com/content/support/en_US/security/VTS22-010')[/TD] [/TR] [TR] [TD][LEFT]veritas -- veritas_system_recovery[/LEFT][/TD] [TD][LEFT]Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41320]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41320') [MISC]('https://www.veritas.com/content/support/en_US/security/VTS21-002')[/TD] [/TR] [TR] [TD][LEFT]vim -- vim[/LEFT][/TD] [TD][LEFT]Use After Free in GitHub repository vim/vim prior to 9.0.0490.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3235]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3235') [CONFIRM]('https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af') [MISC]('https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0')[/TD] [/TR] [TR] [TD][LEFT]vim -- vim[/LEFT][/TD] [TD][LEFT]Use After Free in GitHub repository vim/vim prior to 9.0.0530.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3256]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3256') [MISC]('https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad') [CONFIRM]('https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3')[/TD] [/TR] [TR] [TD][LEFT]vim -- vim[/LEFT][/TD] [TD][LEFT]Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.[/LEFT][/TD] [TD][CENTER]2022-09-17[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3234]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3234') [MISC]('https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d') [CONFIRM]('https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da')[/TD] [/TR] [TR] [TD][LEFT]vim -- vim [/LEFT][/TD] [TD][LEFT]NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3278]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3278') [MISC]('https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e') [CONFIRM]('https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612')[/TD] [/TR] [TR] [TD][LEFT]vmware -- spring_data_rest[/LEFT][/TD] [TD][LEFT]Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-31679]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-31679') [MISC]('https://tanzu.vmware.com/security/cve-2022-31679')[/TD] [/TR] [TR] [TD][LEFT]vuetify -- vuetify[/LEFT][/TD] [TD][LEFT]The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.[/LEFT][/TD] [TD][CENTER]2022-09-18[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-25873]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-25873') [MISC]('https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3024406') [MISC]('https://security.snyk.io/vuln/SNYK-JS-VUETIFY-3019858') [MISC]('https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVUETIFYJS-3024407') [MISC]('https://codepen.io/5v3n-08/pen/MWGKEjY') [MISC]('https://github.com/vuetifyjs/vuetify/issues/15757') [MISC]('https://github.com/vuetifyjs/vuetify/commit/ade1434927f55a0eccf3d54f900f24c5fa85a176')[/TD] [/TR] [TR] [TD][LEFT]wasm3 -- wasm3[/LEFT][/TD] [TD][LEFT]WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-39974]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-39974') [MISC]('https://github.com/wasm3/wasm3/issues/379')[/TD] [/TR] [TR] [TD][LEFT]watchdog -- anti-virus[/LEFT][/TD] [TD][LEFT]Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38611]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38611') [MISC]('https://gist.github.com/dru1d-foofus/835423de77c3522d53b9e7bdf5a28dfe')[/TD] [/TR] [TR] [TD][LEFT]wayland -- wayland [/LEFT][/TD] [TD][LEFT]An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-3782]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-3782') [MISC]('https://gitlab.freedesktop.org/wayland/wayland/-/issues/224')[/TD] [/TR] [TR] [TD][LEFT]wedding_planner -- wedding_planner[/LEFT][/TD] [TD][LEFT]Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38509]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38509') [MISC]('https://github.com/ptanly/bug_report/blob/main/vendors/pushpam02/wedding-planner/SQLi-1.md')[/TD] [/TR] [TR] [TD][LEFT]western_digital -- discovery_desktop_app[/LEFT][/TD] [TD][LEFT]WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-29835]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29835') [MISC]('https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396')[/TD] [/TR] [TR] [TD][LEFT]whatsapp -- whatsapp[/LEFT][/TD] [TD][LEFT]An integer overflow in WhatsApp could result in remote code execution in an established video call.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36934]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36934') [CONFIRM]('https://www.whatsapp.com/security/advisories/2022/')[/TD] [/TR] [TR] [TD][LEFT]whatsapp -- whatsapp[/LEFT][/TD] [TD][LEFT]An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-27492]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-27492') [CONFIRM]('https://www.whatsapp.com/security/advisories/2022/')[/TD] [/TR] [TR] [TD][LEFT]withsecure -- multiple_products[/LEFT][/TD] [TD][LEFT]A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28886]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28886') [MISC]('https://www.f-secure.com/en/business/support-and-downloads/security-advisories') [MISC]('https://www.withsecure.com/en/support/security-advisories')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38079]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38079') [CONFIRM]('https://patchstack.com/database/vulnerability/backup-scheduler/wordpress-backup-scheduler-plugin-1-5-13-cross-site-request-forgery-csrf-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/backup-scheduler/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38454]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38454') [CONFIRM]('https://patchstack.com/database/vulnerability/kraken-image-optimizer/wordpress-kraken-io-image-optimizer-plugin-2-6-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/kraken-image-optimizer/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38085') [CONFIRM]('https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/read-more/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38460]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38460') [CONFIRM]('https://patchstack.com/database/vulnerability/notice-board/wordpress-notice-board-plugin-1-1-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/notice-board/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38095]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38095') [CONFIRM]('https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability') [CONFIRM]('https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-1580]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1580') [MISC]('https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2958]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2958') [MISC]('https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86a')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-29489]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-29489') [CONFIRM]('https://patchstack.com/database/vulnerability/sucuri-scanner/wordpress-sucuri-security-plugin-1-8-33-cross-site-request-forgery-csrf-vulnerability') [CONFIRM]('https://wordpress.org/plugins/sucuri-scanner/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2913]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2913') [MISC]('https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38470]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38470') [CONFIRM]('https://wordpress.org/plugins/customer-reviews-woocommerce/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40132]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40132') [CONFIRM]('https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-2-16-0-cross-site-request-forgery-csrf-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/seriously-simple-podcasting/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2912]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2912') [MISC]('https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38061]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38061') [CONFIRM]('https://wordpress.org/plugins/export-post-info/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-2-0-authenticated-csv-injection-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2575]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2575') [MISC]('https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-1591]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1591') [MISC]('https://wpscan.com/vulnerability/b1a52c7e-3422-40dd-af5a-ea4c622a87aa')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2887]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2887') [MISC]('https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2567]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2567') [MISC]('https://wpscan.com/vulnerability/dfa21dde-a9fc-4a35-9602-c3fde907ca54')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2654]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2654') [MISC]('https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2655]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2655') [MISC]('https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2669]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2669') [MISC]('https://wpscan.com/vulnerability/792d9f22-abf6-47b2-a247-d0cdb705cd81')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2709]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2709') [MISC]('https://wpscan.com/vulnerability/1c551234-9c59-41a0-ab74-beea2d27df6b')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2710]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2710') [MISC]('https://wpscan.com/vulnerability/f730f584-2370-49f9-a094-a5bc521671c1')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2753]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2753') [MISC]('https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2799]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2799') [MISC]('https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2635]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2635') [MISC]('https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2754') [MISC]('https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2840]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2840') [MISC]('https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2863]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2863') [MISC]('https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2351]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2351') [MISC]('https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2798]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2798') [MISC]('https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2877]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2877') [MISC]('https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-1194]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-1194') [MISC]('https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38073]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38073') [CONFIRM]('https://wordpress.org/plugins/awesome-support/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36798]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36798') [CONFIRM]('https://patchstack.com/database/vulnerability/mega-addons-for-visual-composer/wordpress-mega-addons-for-wpbakery-page-builder-plugin-4-2-7-cross-site-request-forgery-csrf-vulnerability') [CONFIRM]('https://wordpress.org/plugins/mega-addons-for-visual-composer/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37342]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37342') [CONFIRM]('https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/add-actions-and-filters/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38704]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38704') [CONFIRM]('https://wordpress.org/plugins/seo-redirection/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37338]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37338') [CONFIRM]('https://wordpress.org/plugins/blossom-recipe-maker/') [CONFIRM]('https://patchstack.com/database/vulnerability/blossom-recipe-maker/wordpress-blossom-recipe-maker-plugin-1-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36340]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36340') [CONFIRM]('https://plugins.svn.wordpress.org/mailoptin/trunk/changelog.txt') [CONFIRM]('https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36791]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36791') [CONFIRM]('https://wordpress.org/plugins/torro-forms/') [CONFIRM]('https://patchstack.com/database/vulnerability/torro-forms/wordpress-torro-forms-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37328]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37328') [CONFIRM]('https://patchstack.com/database/vulnerability/timeline-awesome/wordpress-history-timeline-plugin-1-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/timeline-awesome/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40671]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40671') [CONFIRM]('https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-cross-site-request-forgery-csrf-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/rate-my-post/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36365]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36365') [CONFIRM]('https://patchstack.com/database/vulnerability/wha-crossword/wordpress-wha-crossword-plugin-1-1-10-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities') [CONFIRM]('https://wordpress.org/plugins/wha-crossword/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36417]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36417') [CONFIRM]('https://wordpress.org/plugins/cardoza-3d-tag-cloud/') [CONFIRM]('https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-multiple-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40672]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40672') [CONFIRM]('https://patchstack.com/database/vulnerability/cpo-shortcodes/wordpress-cpo-shortcodes-plugin-1-5-0-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/cpo-shortcodes/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36383]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36383') [CONFIRM]('https://patchstack.com/database/vulnerability/wha-wordsearch/wordpress-word-search-puzzles-game-plugin-2-0-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities') [CONFIRM]('https://wordpress.org/plugins/wha-wordsearch/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36390]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36390') [CONFIRM]('https://patchstack.com/database/vulnerability/calendar-event/wordpress-event-calendar-calendar-plugin-1-4-6-authenticated-reflected-cross-site-scripting-xss-vulnerability') [CONFIRM]('https://wordpress.org/plugins/calendar-event/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36388]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36388') [CONFIRM]('https://wordpress.org/plugins/yds-support-ticket-system/') [CONFIRM]('https://patchstack.com/database/vulnerability/yds-support-ticket-system/wordpress-yds-support-ticket-system-plugin-1-0-cross-site-request-forgery-csrf-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3144]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3144') [MISC]('https://www.wordfence.com/vulnerability-advisories/#CVE-2022-3144') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2780937%40wordfence&new=2780937%40wordfence&sfp_email=&sfph_mail=') [MISC]('https://wordpress.org/plugins/wordfence/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38703]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38703') [CONFIRM]('https://patchstack.com/database/vulnerability/maxbuttons/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-2-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/maxbuttons/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37330]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37330') [CONFIRM]('https://patchstack.com/database/vulnerability/wha-crossword/wordpress-wha-crossword-plugin-1-1-10-authenticated-stored-cross-site-scripting-xss-vulnerability') [CONFIRM]('https://wordpress.org/plugins/wha-crossword/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38134]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38134') [CONFIRM]('https://wordpress.org/plugins/customer-reviews-woocommerce/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3142]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3142') [MISC]('https://wpscan.com/vulnerability/8acc0fc6-efe6-4662-b9ac-6342a7823328') [MISC]('https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3036]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3036') [MISC]('https://wpscan.com/vulnerability/0dbc85dd-736c-492e-9db8-acb7195771aa')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40310]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40310') [CONFIRM]('https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-race-condition-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/rate-my-post/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37339]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37339') [CONFIRM]('https://patchstack.com/database/vulnerability/meet-my-team/wordpress-meet-my-team-plugin-2-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability') [CONFIRM]('https://wordpress.org/plugins/meet-my-team/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40219]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40219') [CONFIRM]('https://wordpress.org/plugins/favicon-switcher/') [CONFIRM]('https://patchstack.com/database/vulnerability/favicon-switcher/wordpress-favicon-switcher-plugin-1-2-11-cross-site-request-forgery-csrf-vulnerability')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40217]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40217') [CONFIRM]('https://patchstack.com/database/vulnerability/wpide/wordpress-wpide-plugin-2-6-authenticated-arbitrary-file-edit-upload-vulnerability') [CONFIRM]('https://wordpress.org/plugins/wpide/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-35238]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-35238') [CONFIRM]('https://wordpress.org/plugins/awesome-filterable-portfolio/') [CONFIRM]('https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-plugin-settings-change-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40215]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40215') [CONFIRM]('https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-7-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/vc-tabs/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3021]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3021') [MISC]('https://wpscan.com/vulnerability/3c5ff229-85c2-49c2-8fb9-6419a8002a4e')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40193]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40193') [CONFIRM]('https://wordpress.org/plugins/awesome-filterable-portfolio/') [CONFIRM]('https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40213]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40213') [CONFIRM]('https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/gs-testimonial/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40195]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40195') [CONFIRM]('https://patchstack.com/database/vulnerability/address-email-and-phone-validation/wordpress-pca-predict-plugin-1-0-3-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/address-email-and-phone-validation/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40194]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40194') [CONFIRM]('https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve') [CONFIRM]('https://wordpress.org/plugins/customer-reviews-woocommerce/#developers')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3141]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3141') [MISC]('https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514') [MISC]('https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-36386]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-36386') [CONFIRM]('https://wordpress.org/plugins/wp-all-import/#developers') [CONFIRM]('https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2937]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2937') [MISC]('https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2937') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=')[/TD] [/TR] [TR] [TD][LEFT]xpdf -- xpdf[/LEFT][/TD] [TD][LEFT]XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38928]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38928') [MISC]('https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40154]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40154') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50393') [CONFIRM]('https://github.com/x-stream/xstream/issues/304')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40155]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40155') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50428') [CONFIRM]('https://github.com/x-stream/xstream/issues/304')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40156]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40156') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50841') [CONFIRM]('https://github.com/x-stream/xstream/issues/304')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40151]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40151') [CONFIRM]('https://github.com/x-stream/xstream/issues/304') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40153]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40153') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858') [CONFIRM]('https://github.com/x-stream/xstream/issues/304')[/TD] [/TR] [TR] [TD][LEFT]xstream -- xstream[/LEFT][/TD] [TD][LEFT]Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40152]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40152') [CONFIRM]('https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434') [CONFIRM]('https://github.com/x-stream/xstream/issues/304')[/TD] [/TR] [TR] [TD][LEFT]yetiforce -- yetiforce_customer_relationship_management[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-2924]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2924') [MISC]('https://github.com/yetiforcecompany/yetiforcecrm/commit/b716ecea340783b842498425faa029800bd30420') [CONFIRM]('https://huntr.dev/bounties/f0f3aded-6e97-4cf2-980a-c90f2c6ca0e0')[/TD] [/TR] [TR] [TD][LEFT]yetiforce -- yetiforce_customer_relationship_management[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3000]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3000') [CONFIRM]('https://huntr.dev/bounties/a060d3dd-6fdd-4958-82a9-364df1cb770c') [MISC]('https://github.com/yetiforcecompany/yetiforcecrm/commit/eebc12601495ada38495076bec12841b2477516b')[/TD] [/TR] [TR] [TD][LEFT]yetiforce -- yetiforce_customer_relationship_management[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3004]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3004') [CONFIRM]('https://huntr.dev/bounties/461e5f8f-17cf-4be4-9149-111d0bd92d14') [MISC]('https://github.com/yetiforcecompany/yetiforcecrm/commit/cd82ecce44d83f1f6c10c7766bf36f3026de024a')[/TD] [/TR] [TR] [TD][LEFT]yetiforce -- yetiforce_customer_relationship_management[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3005]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3005') [CONFIRM]('https://huntr.dev/bounties/4b144433-a979-4c4e-a627-659838acc217') [MISC]('https://github.com/yetiforcecompany/yetiforcecrm/commit/e55886781509fe39951fc7528347696474a17884')[/TD] [/TR] [TR] [TD][LEFT]z-blogphp -- z-blogphp[/LEFT][/TD] [TD][LEFT]A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40357]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40357') [MISC]('https://github.com/zblogcn/zblogphp/issues/336')[/TD] [/TR] [TR] [TD][LEFT]zapier -- code_by_zapier[/LEFT][/TD] [TD][LEFT]Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)[/LEFT][/TD] [TD][CENTER]2022-09-21[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28802]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28802') [MISC]('https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/') [MISC]('https://www.zenity.io/blog/zapescape-vulnerability-disclosure/')[/TD] [/TR] [TR] [TD][LEFT]zentao -- demo15[/LEFT][/TD] [TD][LEFT]Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source: https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig .[/LEFT][/TD] [TD][CENTER]2022-09-19[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-37700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-37700') [MISC]('https://medium.com/@sc0p3hacker/cve-2022-37700-directory-transversal-in-zentao-easy-soft-alm-2573c1f0fc21') [MISC]('https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig') [MISC]('http://zentao.com')[/TD] [/TR] [TR] [TD][LEFT]zohocorp -- manageengine_password_manager_pro[/LEFT][/TD] [TD][LEFT]Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40300]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40300') [MISC]('https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html')[/TD] [/TR] [TR] [TD][LEFT]zoo_management_system -- zoo_management_system[/LEFT][/TD] [TD][LEFT]In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40932]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40932') [MISC]('https://github.com/lime-10010/Bug_report/blob/main/vendors/pushpam02/zoo-management-system/RCE-1.md')[/TD] [/TR] [TR] [TD][LEFT]zoom -- on-premise_meeting_connector_mmr[/LEFT][/TD] [TD][LEFT]Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.[/LEFT][/TD] [TD][CENTER]2022-09-16[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-28758]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-28758') [MISC]('https://explore.zoom.us/en/trust/security/security-bulletin/')[/TD] [/TR] [TR] [TD][LEFT]zte_global -- zxvstb [/LEFT][/TD] [TD][LEFT]There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.[/LEFT][/TD] [TD][CENTER]2022-09-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-23144]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-23144') [MISC]('https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224')[/TD] [/TR] [TR] [TD][LEFT]zutty -- zutty[/LEFT][/TD] [TD][LEFT]In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-41138]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-41138') [MISC]('https://bugs.gentoo.org/868495') [MISC]('https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38') [MISC]('https://github.com/tomszilagyi/zutty/compare/0.12...0.13')[/TD] [/TR] [TR] [TD][LEFT]zyxel -- gs1900-8[/LEFT][/TD] [TD][LEFT]An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.[/LEFT][/TD] [TD][CENTER]2022-09-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34746]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34746') [CONFIRM]('https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches')[/TD] [/TR] [TR] [TD][LEFT]zzcms -- zzcms[/LEFT][/TD] [TD][LEFT]An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40443]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40443') [MISC]('https://github.com/liong007/ZZCMS/issues/1')[/TD] [/TR] [TR] [TD][LEFT]zzcms -- zzcms[/LEFT][/TD] [TD][LEFT]ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40444]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40444') [MISC]('https://github.com/liong007/ZZCMS/issues/2')[/TD] [/TR] [TR] [TD][LEFT]zzcms -- zzcms[/LEFT][/TD] [TD][LEFT]ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40446]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40446') [MISC]('https://github.com/liong007/ZZCMS/issues/4')[/TD] [/TR] [TR] [TD][LEFT]zzcms -- zzcms[/LEFT][/TD] [TD][LEFT]ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.[/LEFT][/TD] [TD][CENTER]2022-09-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-40447]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-40447') [MISC]('https://github.com/liong007/ZZCMS/issues/5')[/TD] [/TR] [/i][/TABLE][i][/i][/CENTER][i] [Back to top]('https://us-cert.cisa.gov#top')

This product is provided subject to this Notification and this Privacy & Use policy.

Continue reading…[/i]