Weekly Vulnerabilities Reports > September 12 to 18, 2022

Overview

76 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 42 vendors including Fedoraproject, Microsoft, SAP, Archerydms, and Hitachienergy. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Use After Free", and "Resource Exhaustion".

  • 57 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 48 reported vulnerabilities are exploitable by an anonymous user.
  • Fedoraproject has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Archerydms has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-13 CVE-2022-39206 Onedev Project Externally Controlled Reference to a Resource in Another Sphere vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

9.9
2022-09-16 CVE-2021-40017 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Emui and Harmonyos

The HW_KEYMASTER module lacks the validity check of the key format.

9.8
2022-09-16 CVE-2022-39002 Huawei Double Free vulnerability in Huawei Emui, Harmonyos and Magic UI

Double free vulnerability in the storage module.

9.8
2022-09-14 CVE-2022-37661 Adtran Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.

9.8
2022-09-14 CVE-2022-40674 Libexpat Project
Debian
Use After Free vulnerability in multiple products

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

9.8
2022-09-13 CVE-2022-35413 Pentasecurity Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples

WAPPLES through 6.0 has a hardcoded systemi account.

9.8
2022-09-13 CVE-2022-39815 Nokia OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

9.8
2022-09-13 CVE-2022-39205 Onedev Project Improper Authentication vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

9.8
2022-09-13 CVE-2022-38537 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

9.8
2022-09-13 CVE-2022-38538 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

9.8
2022-09-13 CVE-2022-38539 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.

9.8
2022-09-13 CVE-2022-38540 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

9.8
2022-09-13 CVE-2022-38541 Archerydms SQL Injection vulnerability in Archerydms Archery 1.8.3/1.8.4/1.8.5

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

9.8
2022-09-13 CVE-2022-38542 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.

9.8
2022-09-13 CVE-2022-37011 Mendix Authentication Bypass by Capture-replay vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0).

9.8
2022-09-12 CVE-2022-37860 TP Link Command Injection vulnerability in Tp-Link M7350 Firmware 190531

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

9.8
2022-09-12 CVE-2022-37767 Pebbletemplates Incorrect Authorization vulnerability in Pebbletemplates Pebble Templates 3.1.5

** DISPUTED ** Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.

9.8

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-13 CVE-2022-39817 Nokia SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.

8.8
2022-09-13 CVE-2022-39819 Nokia OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

8.8
2022-09-13 CVE-2022-34730 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability.

8.8
2022-09-13 CVE-2022-34732 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability.

8.8
2022-09-13 CVE-2022-34734 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability.

8.8
2022-09-13 CVE-2022-35823 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Remote Code Execution Vulnerability.

8.8
2022-09-13 CVE-2022-38139 Rdstation Cross-Site Request Forgery (CSRF) vulnerability in Rdstation RD Station

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

8.8
2022-09-12 CVE-2022-29490 Hitachienergy Incorrect Authorization vulnerability in Hitachienergy Microscada X Sys600

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.

8.8
2022-09-14 CVE-2022-36113 Rust Lang Path Traversal vulnerability in Rust-Lang Cargo

Cargo is a package manager for the rust programming language.

8.1
2022-09-18 CVE-2022-3235 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0490.

7.8
2022-09-17 CVE-2022-3234 VIM
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

7.8
2022-09-16 CVE-2022-38434 Adobe Use After Free vulnerability in Adobe Photoshop

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-09-16 CVE-2022-3176 Linux
Debian
Use After Free vulnerability in multiple products

There exists a use-after-free in io_uring in the Linux kernel.

7.8
2022-09-14 CVE-2022-20364 Google Out-of-bounds Write vulnerability in Google Android

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check.

7.8
2022-09-14 CVE-2022-40673 Kdiskmark Project
Fedoraproject
Missing Authorization vulnerability in multiple products

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.

7.8
2022-09-13 CVE-2022-2962 Qemu Out-of-bounds Write vulnerability in Qemu

A DMA reentrancy issue was found in the Tulip device emulation in QEMU.

7.8
2022-09-13 CVE-2022-37956 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability.

7.8
2022-09-13 CVE-2022-37969 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

7.8
2022-09-13 CVE-2022-35292 SAP Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.

7.8
2022-09-13 CVE-2022-3170 Linux Out-of-bounds Read vulnerability in Linux Kernel 6.0

An out-of-bounds access issue was found in the Linux kernel sound subsystem.

7.8
2022-09-13 CVE-2022-38012 Microsoft Unspecified vulnerability in Microsoft Edge Chromium 105.0.1343.25

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

7.7
2022-09-16 CVE-2022-40149 Jettison Project Out-of-bounds Write vulnerability in Jettison Project Jettison

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).

7.5
2022-09-16 CVE-2022-40152 Xstream Project Out-of-bounds Write vulnerability in Xstream Project Xstream

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled.

7.5
2022-09-14 CVE-2022-29492 Hitachienergy Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600.

7.5
2022-09-14 CVE-2022-29922 Hitachienergy Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600.

7.5
2022-09-14 CVE-2022-2277 Hitachienergy Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system.

7.5
2022-09-13 CVE-2022-39821 Nokia Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs.

7.5
2022-09-13 CVE-2022-38013 Microsoft
Fedoraproject
.NET Core and Visual Studio Denial of Service Vulnerability.
7.5
2022-09-13 CVE-2022-39208 Onedev Project Files or Directories Accessible to External Parties vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

7.5
2022-09-13 CVE-2022-32190 Golang
Fedoraproject
Path Traversal vulnerability in multiple products

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path.

7.5
2022-09-13 CVE-2022-39801 SAP Improper Authentication vulnerability in SAP Access Control 12

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad.

7.5
2022-09-13 CVE-2022-39158 Siemens Resource Exhaustion vulnerability in Siemens Ruggedcom ROS 4.3.4/5.0.1

A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All versions), RUGGEDCOM ROS RMC8388 V4.X (All versions), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RP110 V4.X (All versions), RUGGEDCOM ROS RS1600 V4.X (All versions), RUGGEDCOM ROS RS1600F V4.X (All versions), RUGGEDCOM ROS RS1600T V4.X (All versions), RUGGEDCOM ROS RS400 V4.X (All versions), RUGGEDCOM ROS RS401 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 V4.X (All versions), RUGGEDCOM ROS RS416v2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS8000 V4.X (All versions), RUGGEDCOM ROS RS8000A V4.X (All versions), RUGGEDCOM ROS RS8000H V4.X (All versions), RUGGEDCOM ROS RS8000T V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900 V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900G V4.X (All versions), RUGGEDCOM ROS RS900GP V4.X (All versions), RUGGEDCOM ROS RS900L V4.X (All versions), RUGGEDCOM ROS RS900M V4.X (All versions), RUGGEDCOM ROS RS900W V4.X (All versions), RUGGEDCOM ROS RS910 V4.X (All versions), RUGGEDCOM ROS RS910L V4.X (All versions), RUGGEDCOM ROS RS910W V4.X (All versions), RUGGEDCOM ROS RS920L V4.X (All versions), RUGGEDCOM ROS RS920W V4.X (All versions), RUGGEDCOM ROS RS930L V4.X (All versions), RUGGEDCOM ROS RS930W V4.X (All versions), RUGGEDCOM ROS RS940G V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 V4.X (All versions), RUGGEDCOM ROS RSG2100P V4.X (All versions), RUGGEDCOM ROS RSG2200 V4.X (All versions), RUGGEDCOM ROS RSG2288 V4.X (All versions), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V4.X (All versions), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V4.X (All versions), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V4.X (All versions), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG907R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG908C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG909R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG910C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V4.X (All versions), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916P V5.X (All versions < V5.6.0), RUGGEDCOM ROS i800 V4.X (All versions), RUGGEDCOM ROS i801 V4.X (All versions), RUGGEDCOM ROS i802 V4.X (All versions), RUGGEDCOM ROS i803 V4.X (All versions).

7.5
2022-09-12 CVE-2022-37797 Lighttpd
Debian
NULL Pointer Dereference vulnerability in multiple products

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.

7.5
2022-09-12 CVE-2022-37734 Graphql Java Project Resource Exhaustion vulnerability in Graphql-Java Project Graphql-Java

graphql-java before19.0 is vulnerable to Denial of Service.

7.5

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-14 CVE-2022-20231 Google Out-of-bounds Write vulnerability in Google Android

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-09-15 CVE-2022-39209 Github
Fedoraproject
Resource Exhaustion vulnerability in multiple products

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

6.5
2022-09-14 CVE-2022-36114 Rust Lang Resource Exhaustion vulnerability in Rust-Lang Cargo

Cargo is a package manager for the rust programming language.

6.5
2022-09-13 CVE-2022-39816 Nokia Insufficiently Protected Credentials vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page.

6.5
2022-09-13 CVE-2022-38342 Safe XXE vulnerability in Safe FME Server

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

6.5
2022-09-13 CVE-2022-35837 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability.

6.5
2022-09-14 CVE-2022-40626 Zabbix
Fedoraproject
Cross-site Scripting vulnerability in multiple products

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

6.1
2022-09-13 CVE-2022-35298 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

6.1
2022-09-13 CVE-2022-39799 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.

6.1
2022-09-18 CVE-2022-40768 Linux
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

5.5
2022-09-16 CVE-2022-30674 Adobe
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-09-15 CVE-2022-38334 Xpdfreader Uncontrolled Recursion vulnerability in Xpdfreader Xpdf 4.04

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

5.5
2022-09-15 CVE-2022-38890 F5 Out-of-bounds Read vulnerability in F5 NJS 0.7.7

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

5.5
2022-09-15 CVE-2018-25047 Smarty Cross-site Scripting vulnerability in Smarty

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS.

5.4
2022-09-13 CVE-2021-36568 Moodle
Fedoraproject
Cross-site Scripting vulnerability in multiple products

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS).

5.4
2022-09-13 CVE-2022-39207 Onedev Project Cross-site Scripting vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

5.4
2022-09-13 CVE-2022-35294 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.

5.4
2022-09-14 CVE-2022-22520 Mbconnectline
Helmholz
Response Discrepancy Information Exposure vulnerability in multiple products

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

5.3
2022-09-13 CVE-2022-39014 SAP Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

5.3
2022-09-16 CVE-2022-2863 Wpvivid Path Traversal vulnerability in Wpvivid Migration, Backup, Staging

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

4.9
2022-09-13 CVE-2022-35295 SAP Improper Handling of Exceptional Conditions vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.

4.9
2022-09-16 CVE-2022-2351 Wpexperts Cross-site Scripting vulnerability in Wpexperts Post Smtp

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.

4.8
2022-09-14 CVE-2022-1778 Hitachienergy Classic Buffer Overflow vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600.

4.4
2022-09-12 CVE-2022-38135 Photospace Gallery Project Permissions, Privileges, and Access Controls vulnerability in Photospace Gallery Project Photospace Gallery 2.3.5

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-13 CVE-2022-37703 Amanda Exposure of Resource to Wrong Sphere vulnerability in Amanda 3.5.1

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary.

3.3