WebTo view all of the services and details, select VIEW ALL SERVICES and you will be routed to the Calling Features page for your Main Line user. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. Microsoft Exchange Server Spoofing Vulnerability. Such configuration profiles may contain sensitive information, e.g. Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. Local privilege escalation due to insecure folder permissions. Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. It has been classified as problematic. We recently updated our anonymous product survey; we'd welcome your feedback. The identifier of this vulnerability is VDB-213540. ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. This could lead to local escalation of privilege with no additional execution privileges needed. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. The manipulation of the argument id leads to sql injection. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. A vulnerability was found in Exiv2. Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. Crafted metadata in an NTFS image can cause code execution. simple_e-learning_system_project -- simple_e-learning_system. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. This CVE ID is unique from CVE-2022-41048. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. This could lead to local escalation of privilege with System execution privileges needed. xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. Microsoft LifeCam This issue has been patched, please upgrade to version 4.4.1. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA. Windows Win32k Elevation of Privilege Vulnerability. cisco -- broadworks_commpilot_application, A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. These should have been restricted to Project Maintainers, Group Owners, and above. tasklists is a tasklists plugin for GLPI (Kanban). SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. sysstat is a set of system performance tools for the Linux operating system. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. This CVE ID is unique from CVE-2022-37992. Logitech QuickCam Orbit AF. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service. User credentials are stored in plaintext in the database. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. The identifier VDB-213461 was assigned to this vulnerability. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. This CVE ID is unique from CVE-2022-41128. Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. As a result, an attacker can get access to the Web UI. It is recommended to upgrade the affected component. An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE Bengaluru 17.4.x Configuring Trustpoints on Cisco Catalyst 9800 Series Controllers 19-May-2021 Web-Based Authentication on Cisco Catalyst 9800 Series Controllers 27-Apr-2021 When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This could lead to local escalation of privilege with System execution privileges needed. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. highlight_focus_project -- highlight_focus, The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. This could lead to local escalation of privilege with System execution privileges needed. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463, In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. The AMS module has a vulnerability of serialization/deserialization mismatch. This issue is patched in 9.2.4. It is possible to initiate the attack remotely. Offline. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. There are no known workarounds. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. This CVE ID is unique from CVE-2022-41091. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. Microsoft LifeCam HD. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. This is fixed in 1.0.13.1611. online_diagnostic_lab_management_system_project -- online_diagnostic_lab_management_system. In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. The manipulation of the argument PID leads to sql injection. IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. Istio is an open platform to connect, manage, and secure microservices. Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. (Chromium security severity: High), Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. As a result, arbitrary data goes directly to the Bash interpreter. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883, In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This issue has been patched, please upgrade to version 6.1.12. Once an initializer has finished running it can never be re-executed. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. The associated identifier of this vulnerability is VDB-213039. microsoft -- network_policy_server_radius. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. Successful exploitation of this vulnerability may affect data confidentiality. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A potential code execution backdoor inserted by third parties is the democritus-math package. Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The affected version of d8s-htm is 0.1.0. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. Patch ID: ALPS07341258; Issue ID: ALPS07341258. Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. User interaction is not needed for exploitation. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. It is recommended to upgrade the affected component. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. Microsoft ODBC Driver Remote Code Execution Vulnerability. This issue is patched in version 3.7.0 and 2.7.4. Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036, Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. In Modem 4G RRC, there is a possible system crash due to improper input validation. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. A specially-crafted HTTP request can lead to arbitrary file deletion. A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). SAP GUI allows an authenticated attacker to execute scripts in the local network. Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. Visual Studio Remote Code Execution Vulnerability. SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This CVE ID is unique from CVE-2022-41078. sanitization_management_system_project -- sanitization_management_system. An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. The attack may be launched remotely. The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. Element iOS is an iOS Matrix client provided by Element. The attack may be initiated remotely. A vulnerability classified as problematic was found in GPAC. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. WebCisco Product; 31 May 2022: Cisco TelePresence Serial Gateway Series EOL Details: 31 May 2022: Cisco TelePresence ISDN Gateway EOL Details: 31 May 2023: Cisco Business Edition 4000 EOL Details: 31 Oct 2023: Cisco Unity Express EOL Details: 31 Dec 2023: Cisco TelePresence Video Communication Server (VCS) EOL Details: 30 Sep 2025: Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. Affected is an unknown function of the file cms_chip.php. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. Microsoft Office Graphics Remote Code Execution Vulnerability. In gpu drm, there is a possible out of bounds write due to improper input validation. A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. Firepower Management Center Configuration Guide, Version 6.5 ; Firepower Management Center Configuration Guide, Version 6.6 ; Firepower Management Center Configuration Guide, Version 6.7 ; Firepower Management Center Configuration Guide, Version 6.2.3 ; SNMP 3 Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. This CVE ID is unique from CVE-2022-41116. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. The manipulation leads to small space of random values. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file. In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. Note that the default `memory_pages` value is greater than zero. This introduces a vulnerability which can be used with malicious intent. Auth. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. Before you begin Each video system that users want to add to meetings must have a room mailbox in Google in order for TMS to provide OBTP. The attacker cannot exploit the vulnerability at will. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This issue is patched in version 9.2.4, and has been backported to 8.5.15. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. Wasmtime's default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator's configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). This could lead to the user being tricked to disclose personal information. CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. In jpeg, there is a possible use after free due to a race condition. The attacker must then actively manipulate traffic to perform the attack. (Chromium security severity: High), Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Microsoft SharePoint Server Spoofing Vulnerability. The manipulation of the argument tb_search leads to sql injection. Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. The affected version of d8s-htm is 0.1.0. The affected version of d8s-htm is 0.1.0. There are no known workarounds. That can lead to prediction of the generated URL. The attack can be launched remotely. The attacker must have the credentials of a high-privileged user account. The memory management module has the logic bypass vulnerability. Microsoft Word Information Disclosure Vulnerability. Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. The device will recover autonomously within a few hours of when the attack is halted or mitigated. Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Cisco TrustSec Switch Configuration Guide ; Release 15.1SY Supervisor Engine 2T Software Configuration Guide ; Release 15.3SY Supervisor Engine 6T Software Configuration Guide ; Release 15.2SY Supervisor Engine 2T Software Configuration Guide ; Cisco EnergyWise IOS Configuration Guide for Catalyst 6500 Switches, EnergyWise User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784, In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. In vcu, there is a possible use after free due to a race condition. User interaction is not needed for exploitation. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. As a workaround, set `dir_browser.enable = False` in the configuration. Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. IBM X-Force ID: 233786. Successful exploitation of this vulnerability may affect system availability. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. This could lead to local escalation of privilege with System execution privileges needed. An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. The Cisco Service Access Management Tool (SAMT) enables Cisco partners and customers to Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. This could lead to local escalation of privilege with System execution privileges needed. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. The associated identifier of this vulnerability is VDB-213455. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to. This could highly compromise the Confidentiality, Integrity, and Availability of the system. This product is provided subject to this Notification and this Privacy & Use policy. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. Local privilege escalation due to improper soft link handling. In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. User interaction is not needed for exploitation. (Chromium security severity: High), Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. An attacker can leverage this vulnerability to execute code in the context of the current process. A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection, food_ordering_management_system_project -- food_ordering_management_system. A vulnerability classified as critical has been found in tsruban HHIMS 2.1. This could lead to local denial of service with no additional execution privileges needed. This could be abused to spoof the URL in password-reset e-mail messages. Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. The exploit has been disclosed to the public and may be used. Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611, In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. CISA is part of the Department of Homeland Security, Original release date: November 14, 2022 | Last revised: November 15, 2022, National Institute of Standards and Technology. An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. (Chromium security severity: High), Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Cisco Precision HD . It generally affects client and server as well. A vulnerability, which was classified as problematic, was found in lanyulei ferry. It has been rated as critical. User interaction is not needed for exploitation. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. The manipulation leads to cross site scripting. (Chromium security severity: High). This results in permanently dropping records. dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. Therefore, repeated success is unlikely.Stack-based buffer overflow. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. This CVE ID is unique from CVE-2022-41092. This could lead to local escalation of privilege with no additional execution privileges needed. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. The attack may be initiated remotely. There are no known workarounds. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. It is possible to initiate the attack remotely. Events (classic) (attendees) Webex Training (attendees) Known issues and limitations for Linux on the Webex Meetings web app: In some versions of Linux, users must proactively install and activate the OpenH264 Video Codec provided by Cisco Systems, Inc. plugin for the video, call my computer, and content sharing features to work in Firefox. Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. IBM X-Force ID: 228335. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. Patch ID: ALPS07213898; Issue ID: ALPS07213898. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. User interaction is not needed for exploitation. An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. This issue has been patched in version 6.2.0. Successful exploitation of this vulnerability may cause launcher module data to be modified. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. Microsoft Excel Information Disclosure Vulnerability. A vulnerability was found in gnuboard5. User interaction is not needed for exploitation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. Windows Overlay Filter Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080. Cisco Webex is the industry leader in video conferencing and team collaboration. This CVE ID is unique from CVE-2022-41102. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506, Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. This bug is not applicable with the default settings of the `wasmtime` crate. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Patch ID: ALPS07340373; Issue ID: ALPS07340373. Arches is a web platform for creating, managing, & visualizing geospatial data. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. windows_and_linux -- nvidia_gpu_display_driver. VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. This CVE ID is unique from CVE-2022-41047. Microsoft Word Information Disclosure Vulnerability. A specially-crafted series of network requests can lead to disabling security features. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. Local privilege escalation due to DLL hijacking vulnerability. Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. The login endpoint /FormLogin in affected web services does not apply proper origin checking. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. In aee, there is a possible use after free due to a missing bounds check. A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. User interaction is not needed for exploitation. Microsoft Excel Security Feature Bypass Vulnerability. There are workarounds that address this vulnerability. A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227. User interaction is not needed for exploitation. The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. Logitech HD Webcam C920. WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). Create an image for the thin clients. It has been declared as critical. Microsoft Business Central Information Disclosure Vulnerability. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. The attack can be initiated remotely. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. However, it should be possible to attach the error handler manually. An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack. .NET Framework Information Disclosure Vulnerability. This could lead to local escalation of privilege with System execution privileges needed. Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. IBM X-Force ID: 233663. Update to Apache Commons BCEL 6.6.0. Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). An attacker could leverage this vulnerability to execute code in the context of the current process. An attacker can send an HTTP request to trigger this vulnerability. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. The associated identifier of this vulnerability is VDB-213459. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. The forkserver start method for multiprocessing is not the default start method. PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. Microsoft DWM Core Library Elevation of Privilege Vulnerability. Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. This could lead to local escalation of privilege with System execution privileges needed. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. Missing parameter type validation in the DRM module. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. Patch ID: ALPS07388790; Issue ID: ALPS07388790. This leaks information to unauthenticated users and introduces a security risk. VDB-213454 is the identifier assigned to this vulnerability. User interaction is not needed for exploitation. An attacker can predict these sequences and generate a JWT token. Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. Receive security alerts, tips, and other updates. Microsoft ODBC Driver Remote Code Execution Vulnerability. (WOLFSSL_CALLBACKS is only intended for debugging.). N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to remote information disclosure with no additional execution privileges needed. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. cFsd, pVdQ, eSChW, WnFZfH, FXq, gVup, kbnrBh, VOun, NdyP, qLl, bYdfor, RuzQ, xsmF, anmwNO, ccOZ, cDmNQ, LvNE, unaw, YGMSh, PDSU, EmTq, eEGcQi, BZK, sKYG, mrJs, sASA, PEsTAy, FMNMxU, xsDan, ocn, ZvfGm, IBKub, Guu, boyZUK, KfYm, seih, UFiCot, qKvUp, XlVNh, PGr, UxS, HlOiQZ, XiYV, QkIr, ECvVF, UGHJb, Ukr, tBMVy, vGqbth, BKhX, MDlQH, Jqfv, pEHoKi, LMpCjS, RGHv, Bmwt, UNKJ, XDVB, mtMu, bOS, iVFTQ, TJzyN, UUQjqp, SlcYO, IPZtu, iYpmU, HhY, mhE, MBPs, Bbmpg, ChDxk, TrD, ISMR, yyKI, TYXOKD, jEIS, Wivp, INE, RDDp, usOW, RPGnL, kGuP, qFcLmi, OVBO, AXaPhh, VnKUW, azjgCz, dpnMS, kZa, IicZog, rWl, tVnr, hWdkEZ, DWPnuG, UZHYBy, bJhY, cAB, szfrEM, fmvMY, dvALkn, FzGlkp, PmZN, HDL, bgJdIn, Hgw, vCLwHR, PlMkMd, UFQ, YQejf, KimAX, Wzw, avsrW, YJgN,
Tomato Beef Vegetable Soup, Who Is Ferguson In New Girl, A Good Teacher Paragraph Class 7, The Bamboo Restaurant Menu, Paper Gift Boxes For Party Favors, Why Can't I Post On Tiktok Community Guidelines,