Weekly Vulnerabilities Reports > October 17 to 23, 2022

Overview

526 new vulnerabilities reported during this period, including 75 critical vulnerabilities and 195 high severity vulnerabilities. This weekly summary report vulnerabilities in 725 products from 148 vendors including Oracle, Linux, Juniper, Jenkins, and Netapp. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Memory Leak", "Use After Free", and "SQL Injection".

  • 404 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 127 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 275 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 79 reported vulnerabilities.
  • Tenda has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

75 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-10-19 CVE-2022-43401 Jenkins Protection Mechanism Failure vulnerability in Jenkins Script Security

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-19 CVE-2022-43402 Jenkins Protection Mechanism Failure vulnerability in Jenkins Groovy

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-19 CVE-2022-43403 Jenkins Protection Mechanism Failure vulnerability in Jenkins Script Security

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-19 CVE-2022-43404 Jenkins Protection Mechanism Failure vulnerability in Jenkins Script Security

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-19 CVE-2022-43405 Jenkins Unspecified vulnerability in Jenkins Groovy Libraries

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-19 CVE-2022-43406 Jenkins Protection Mechanism Failure vulnerability in Jenkins Groovy Libraries

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2022-10-17 CVE-2022-2884 Gitlab OS Command Injection vulnerability in Gitlab

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

9.9
2022-10-17 CVE-2022-2992 Gitlab Command Injection vulnerability in Gitlab

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

9.9
2022-10-21 CVE-2022-3649 Linux
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in Linux Kernel.

9.8
2022-10-21 CVE-2022-26870 Dell Improper Authentication vulnerability in Dell Powerstoreos 2.1.0.0/2.1.0.1

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability.

9.8
2022-10-21 CVE-2022-43400 Siemens Incorrect Authorization vulnerability in Siemens Siveillance Video Mobile Server

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)).

9.8
2022-10-21 CVE-2022-3203 Oringnet Hidden Functionality vulnerability in Oringnet Iap-420+ Firmware and Iap-420 Firmware

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled.

9.8
2022-10-21 CVE-2021-42553 ST Classic Buffer Overflow vulnerability in ST Stm32 MW USB Host

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS.

9.8
2022-10-21 CVE-2022-37454 Extended Keccak Code Package Project
Debian
Fedoraproject
PHP
Python
Sha3 Project
Pysha3 Project
Pypy
Integer Overflow or Wraparound vulnerability in multiple products

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.

9.8
2022-10-20 CVE-2022-3620 Exim Use After Free vulnerability in Exim 20221018

A vulnerability was found in Exim and classified as problematic.

9.8
2022-10-20 CVE-2022-42233 Tenda Improper Authentication vulnerability in Tenda 11N Firmware 5.07.33Cn

Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.

9.8
2022-10-20 CVE-2022-42021 Best Student Result Management System Project SQL Injection vulnerability in Best Student Result Management System Project Best Student Result Management System 1.0

Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.

9.8
2022-10-20 CVE-2022-37298 Shinken Monitoring Missing Authentication for Critical Function vulnerability in Shinken-Monitoring Shinken Monitoring 2.4.3

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control.

9.8
2022-10-20 CVE-2022-37598 Uglifyjs Project Unspecified vulnerability in Uglifyjs Project Uglifyjs 3.13.2

** DISPUTED ** Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js.

9.8
2022-10-20 CVE-2022-27624 Synology Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management.

9.8
2022-10-20 CVE-2022-27625 Synology Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Synology Diskstation Manager

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management.

9.8
2022-10-20 CVE-2022-3327 Ikus Soft Missing Authentication for Critical Function vulnerability in Ikus-Soft Rdiffweb

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.

9.8
2022-10-19 CVE-2022-43024 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

9.8
2022-10-19 CVE-2022-43025 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.

9.8
2022-10-19 CVE-2022-43026 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.

9.8
2022-10-19 CVE-2022-43027 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.

9.8
2022-10-19 CVE-2022-43028 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.

9.8
2022-10-19 CVE-2022-43029 Tenda Out-of-bounds Write vulnerability in Tenda TX3 Firmware 16.03.13.11

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

9.8
2022-10-19 CVE-2022-43019 Opencats Deserialization of Untrusted Data vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.

9.8
2022-10-19 CVE-2022-43184 Dlink Command Injection vulnerability in Dlink Dir-878 Firmware 1.30B08

D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.

9.8
2022-10-19 CVE-2022-41415 Acer Out-of-bounds Write vulnerability in Acer Altos W2000H-W570H F4 Firmware R01.03.0018

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component.

9.8
2022-10-19 CVE-2022-25687 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

9.8
2022-10-19 CVE-2022-25718 Qualcomm Unspecified vulnerability in Qualcomm products

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

9.8
2022-10-19 CVE-2022-25720 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

9.8
2022-10-19 CVE-2022-25748 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames.

9.8
2022-10-19 CVE-2016-20016 Mvpower Unspecified vulnerability in Mvpower Tv-7104He Firmware and Tv7108He Firmware

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI.

9.8
2022-10-19 CVE-2016-20017 Dlink Command Injection vulnerability in Dlink Dsl-2750B Firmware

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

9.8
2022-10-18 CVE-2022-21587 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).

9.8
2022-10-18 CVE-2022-39428 Oracle Unspecified vulnerability in Oracle web Applications Desktop Integrator

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).

9.8
2022-10-18 CVE-2022-39198 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.

9.8
2022-10-18 CVE-2022-33872 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

9.8
2022-10-18 CVE-2022-33873 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.

9.8
2022-10-18 CVE-2022-33874 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

9.8
2022-10-18 CVE-2022-41544 GET Simple Unspecified vulnerability in Get-Simple Getsimple CMS 3.3.16

GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.

9.8
2022-10-18 CVE-2022-43260 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.

9.8
2022-10-18 CVE-2022-35846 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortitester

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.

9.8
2022-10-18 CVE-2022-40684 Fortinet Missing Authentication for Critical Function vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

9.8
2022-10-18 CVE-2022-3583 Canteen Management System Project SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0

A vulnerability was found in SourceCodester Canteen Management System 1.0.

9.8
2022-10-18 CVE-2022-40889 Phpok Deserialization of Untrusted Data vulnerability in PHPok 6.1

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

9.8
2022-10-18 CVE-2022-39056 Changingtec SQL Injection vulnerability in Changingtec Rava Certificate Validation System 3

RAVA certificate validation system has insufficient validation for user input.

9.8
2022-10-18 CVE-2022-22241 Juniper Deserialization of Untrusted Data vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization.

9.8
2022-10-17 CVE-2022-42149 Keking Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.0.0

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

9.8
2022-10-17 CVE-2022-40055 Gxgroup Improper Restriction of Excessive Authentication Attempts vulnerability in Gxgroup Gpon ONT Titanium 2122A Firmware T2122V1.26Exl

An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.

9.8
2022-10-17 CVE-2020-35539 Wordpress Improper Input Validation vulnerability in Wordpress 5.1

A flaw was found in Wordpress 5.1.

9.8
2022-10-17 CVE-2022-0699 Osgeo Double Free vulnerability in Osgeo Shapelib 1.5.0

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases.

9.8
2022-10-17 CVE-2022-22128 Tableau Path Traversal vulnerability in Tableau Server

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release.

9.8
2022-10-17 CVE-2022-23769 Megazone Improper Authentication vulnerability in Megazone Reversewall-Mds

Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS.

9.8
2022-10-17 CVE-2022-23770 Wisa Path Traversal vulnerability in Wisa Smart Wing CMS

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors.

9.8
2022-10-17 CVE-2022-42154 74Cms Unrestricted Upload of File with Dangerous Type vulnerability in 74Cms 74Cmsse 3.13.0

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.

9.8
2022-10-17 CVE-2022-42166 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

9.8
2022-10-17 CVE-2022-42167 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

9.8
2022-10-17 CVE-2022-42168 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

9.8
2022-10-17 CVE-2022-42169 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.

9.8
2022-10-17 CVE-2022-42170 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

9.8
2022-10-17 CVE-2022-42171 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

9.8
2022-10-17 CVE-2022-42237 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.

9.8
2022-10-17 CVE-2022-42163 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

9.8
2022-10-17 CVE-2022-42164 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

9.8
2022-10-17 CVE-2022-42165 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

9.8
2022-10-17 CVE-2022-2052 Trumpf Unspecified vulnerability in Trumpf products

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords.

9.8
2022-10-17 CVE-2022-42980 GO Admin Use of Hard-coded Credentials vulnerability in Go-Admin 2.0.12

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.

9.8
2022-10-19 CVE-2022-1523 Fujielectric Out-of-bounds Write vulnerability in Fujielectric D300Win

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.

9.1
2022-10-19 CVE-2022-25719 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

9.1
2022-10-17 CVE-2020-8974 Zigor Unrestricted Upload of File with Dangerous Type vulnerability in Zigor ZGR Tps200 NG Firmware 2.00

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction.

9.1
2022-10-17 CVE-2022-32176 GIN VUE Admin Project Unrestricted Upload of File with Dangerous Type vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library.

9.0

195 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-10-21 CVE-2022-3640 Linux Use After Free vulnerability in Linux Kernel

A vulnerability, which was classified as critical, was found in Linux Kernel.

8.8
2022-10-20 CVE-2022-36958 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

8.8
2022-10-20 CVE-2022-42344 Magento
Adobe
Improper Input Validation vulnerability in multiple products

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability.

8.8
2022-10-20 CVE-2022-42198 Simple Exam Reviewer Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.

8.8
2022-10-20 CVE-2022-42199 Simple Exam Reviewer Management System Project Cross-Site Request Forgery (CSRF) vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0

Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.

8.8
2022-10-19 CVE-2022-41835 F5 Improper Privilege Management vulnerability in F5 F5Os-A and F5Os-C

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

8.8
2022-10-19 CVE-2022-1414 Redhat Improper Input Validation vulnerability in Redhat 3Scale API Management 2.0

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields.

8.8
2022-10-19 CVE-2022-43407 Jenkins Inappropriate Encoding for Output Context vulnerability in Jenkins Input Step

Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.

8.8
2022-10-19 CVE-2022-43416 Jenkins Unspecified vulnerability in Jenkins Katalon

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.

8.8
2022-10-19 CVE-2022-23734 Github Deserialization of Untrusted Data vulnerability in Github Enterprise Server

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge.

8.8
2022-10-19 CVE-2022-39267 Xbifrost Improper Authentication vulnerability in Xbifrost Bifrost

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments.

8.8
2022-10-19 CVE-2022-39260 GIT SCM
Fedoraproject
Apple
Out-of-bounds Write vulnerability in multiple products

Git is an open source, scalable, distributed revision control system.

8.8
2022-10-19 CVE-2022-25750 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile

8.8
2022-10-18 CVE-2022-41500 Eyoucms Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9

EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.

8.8
2022-10-18 CVE-2022-21613 Oracle Unspecified vulnerability in Oracle Enterprise Data Quality 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard).

8.8
2022-10-18 CVE-2022-39427 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.8
2022-10-18 CVE-2022-3579 Cashier Queuing System Project Improper Enforcement of Message or Data Structure vulnerability in Cashier Queuing System Project Cashier Queuing System 1.0

A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0.

8.8
2022-10-18 CVE-2022-3584 Canteen Management System Project Improper Enforcement of Message or Data Structure vulnerability in Canteen Management System Project Canteen Management System 1.0

A vulnerability was found in SourceCodester Canteen Management System 1.0.

8.8
2022-10-18 CVE-2022-22239 Juniper Improper Privilege Management vulnerability in Juniper Junos OS Evolved

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems.

8.8
2022-10-18 CVE-2022-22246 Juniper Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file.

8.8
2022-10-17 CVE-2020-8976 Zigor Cross-Site Request Forgery (CSRF) vulnerability in Zigor ZGR Tps200 NG Firmware 2.00

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user.

8.8
2022-10-17 CVE-2022-3158 Rockwellautomation SQL Injection vulnerability in Rockwellautomation Factorytalk Vantagepoint

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability.

8.8
2022-10-17 CVE-2022-38743 Rockwellautomation Unspecified vulnerability in Rockwellautomation Factorytalk Vantagepoint

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability.

8.8
2022-10-17 CVE-2022-3368 Avira Improper Privilege Management vulnerability in Avira Security 1.1.71.30554

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios.

8.8
2022-10-17 CVE-2022-42029 Chamilo Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11.16

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

8.8
2022-10-17 CVE-2019-14841 Redhat Improper Preservation of Permissions vulnerability in Redhat Decision Manager and Process Automation

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header.

8.8
2022-10-17 CVE-2022-23771 Iptime Cross-Site Request Forgery (CSRF) vulnerability in Iptime products

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products.

8.8
2022-10-17 CVE-2022-42221 Netgear Command Injection vulnerability in Netgear R6220 Firmware 1.1.0.1141.0.1

Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.

8.8
2022-10-17 CVE-2022-3550 X ORG
Debian
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

A vulnerability classified as critical was found in X.org Server.

8.8
2022-10-17 CVE-2022-42983 Anji Plus Authentication Bypass by Spoofing vulnerability in Anji-Plus Report 0.9.8.6

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.

8.8
2022-10-19 CVE-2022-3608 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

8.4
2022-10-18 CVE-2022-22229 Juniper Cross-site Scripting vulnerability in Juniper Paragon Active Assurance Control Center

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device.

8.4
2022-10-21 CVE-2022-1066 Aethon Missing Authorization vulnerability in Aethon TUG Home Base Server

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

8.2
2022-10-21 CVE-2022-1070 Aethon Unspecified vulnerability in Aethon TUG Home Base Server

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

8.1
2022-10-20 CVE-2022-27626 Synology Race Condition vulnerability in Synology Diskstation Manager

A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management.

8.1
2022-10-19 CVE-2022-23241 Netapp Unspecified vulnerability in Netapp Clustered Data Ontap 9.11.1

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

8.1
2022-10-18 CVE-2022-21612 Oracle Unspecified vulnerability in Oracle Enterprise Data Quality 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard).

8.1
2022-10-18 CVE-2022-39406 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Common Components 9.2

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework).

8.1
2022-10-18 CVE-2022-39424 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.1
2022-10-18 CVE-2022-39425 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.1
2022-10-18 CVE-2022-39426 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.1
2022-10-18 CVE-2022-41541 TP Link Authentication Bypass by Capture-replay vulnerability in Tp-Link Ax10 Firmware V1211117

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token.

8.1
2022-10-18 CVE-2022-31122 Wire Improper Authentication vulnerability in Wire Server

Wire is an encrypted communication and collaboration platform.

8.1
2022-10-17 CVE-2020-8973 Zigor Unspecified vulnerability in Zigor ZGR Tps200 NG Firmware 2.00

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests.

8.1
2022-10-17 CVE-2022-3564 Linux Use After Free vulnerability in Linux Kernel

A vulnerability classified as critical was found in Linux Kernel.

8.0
2022-10-17 CVE-2022-3565 Linux Use After Free vulnerability in Linux Kernel

A vulnerability, which was classified as critical, has been found in Linux Kernel.

8.0
2022-10-17 CVE-2022-2527 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content.

8.0
2022-10-17 CVE-2022-3534 Linux Use After Free vulnerability in Linux Kernel

A vulnerability classified as critical has been found in Linux Kernel.

8.0
2022-10-21 CVE-2022-41309 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-41310 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42933 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42934 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42935 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42936 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42937 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation.

7.8
2022-10-21 CVE-2022-42938 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability.

7.8
2022-10-21 CVE-2022-42939 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability.

7.8
2022-10-21 CVE-2022-42940 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability.

7.8
2022-10-21 CVE-2022-42941 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation.

7.8
2022-10-21 CVE-2022-42942 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation.

7.8
2022-10-21 CVE-2022-42943 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation.

7.8
2022-10-21 CVE-2022-42944 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation.

7.8
2022-10-21 CVE-2022-36122 Automox Incorrect Permission Assignment for Critical Resource vulnerability in Automox

The Automox Agent before 40 on Windows incorrectly sets permissions on key files.

7.8
2022-10-21 CVE-2022-3636 Linux Use After Free vulnerability in Linux Kernel

A vulnerability, which was classified as critical, was found in Linux Kernel.

7.8
2022-10-21 CVE-2022-3625 Linux
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in Linux Kernel.

7.8
2022-10-20 CVE-2022-2069 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files.

7.8
2022-10-20 CVE-2022-3577 Linux Out-of-bounds Write vulnerability in Linux Kernel 5.19

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver.

7.8
2022-10-20 CVE-2022-42176 Pctechsoft Use of Hard-coded Credentials vulnerability in Pctechsoft Pcsecure 5.0.8.Xw

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.

7.8
2022-10-20 CVE-2020-12744 Verint Improper Preservation of Permissions vulnerability in Verint Desktop and Process Analytics 15.2

The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.

7.8
2022-10-19 CVE-2022-41741 F5
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.

7.8
2022-10-19 CVE-2022-41709 Markdownify Project Unspecified vulnerability in Markdownify Project Markdownify 1.4.1

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify.

7.8
2022-10-19 CVE-2022-43040 Gpac Out-of-bounds Write vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.

7.8
2022-10-19 CVE-2022-43042 Gpac Out-of-bounds Write vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.

7.8
2022-10-19 CVE-2022-22077 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile

7.8
2022-10-19 CVE-2022-25660 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-10-19 CVE-2022-25661 Qualcomm Release of Invalid Pointer or Reference vulnerability in Qualcomm products

Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-10-19 CVE-2022-25723 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile

7.8
2022-10-19 CVE-2022-33210 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value.

7.8
2022-10-19 CVE-2022-33217 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel.

7.8
2022-10-18 CVE-2022-36438 Asus Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily).

7.8
2022-10-18 CVE-2021-3305 Feishu Unquoted Search Path or Element vulnerability in Feishu

Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.

7.8
2022-10-18 CVE-2022-22251 Juniper Insufficiently Protected Credentials vulnerability in Juniper Junos

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment.

7.8
2022-10-17 CVE-2022-3569 Synacor Improper Privilege Management vulnerability in Synacor Zimbra Collaboration Suite

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

7.8
2022-10-17 CVE-2022-41751 Jhead Project
Fedoraproject
OS Command Injection vulnerability in multiple products

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

7.8
2022-10-17 CVE-2022-3541 Linux Use After Free vulnerability in Linux Kernel

A vulnerability classified as critical has been found in Linux Kernel.

7.8
2022-10-17 CVE-2022-3545 Linux Use After Free vulnerability in Linux Kernel

A vulnerability has been found in Linux Kernel and classified as critical.

7.8
2022-10-18 CVE-2022-21590 Oracle Unspecified vulnerability in Oracle BI Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API).

7.6
2022-10-21 CVE-2022-23462 Softmotions Out-of-bounds Write vulnerability in Softmotions Iowow

IOWOW is a C utility library and persistent key/value storage engine.

7.5
2022-10-21 CVE-2022-34439 Dell Allocation of Resources Without Limits or Throttling vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability.

7.5
2022-10-21 CVE-2022-26423 Aethon Missing Authorization vulnerability in Aethon TUG Home Base Server

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

7.5
2022-10-21 CVE-2022-3639 Gitlab Resource Exhaustion vulnerability in Gitlab

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.

7.5
2022-10-21 CVE-2022-41575 Gradle Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials).

7.5
2022-10-21 CVE-2022-3638 F5 Memory Leak vulnerability in F5 Nginx

A vulnerability was found in Nginx and classified as problematic.

7.5
2022-10-20 CVE-2022-37453 Softing Out-of-bounds Write vulnerability in Softing products

An issue was discovered in Softing OPC UA C++ SDK before 6.10.

7.5
2022-10-20 CVE-2022-39823 Softing Use After Free vulnerability in Softing OPC and OPC UA C++ Software Development KIT

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10.

7.5
2022-10-20 CVE-2022-3621 Linux
Debian
Improper Resource Shutdown or Release vulnerability in multiple products

A vulnerability was found in Linux Kernel.

7.5
2022-10-20 CVE-2022-3623 Linux Race Condition vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

7.5
2022-10-20 CVE-2022-3576 Synology Out-of-bounds Read vulnerability in Synology Diskstation Manager

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management.

7.5
2022-10-19 CVE-2022-36795 F5 Incorrect Calculation vulnerability in F5 products

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.

7.5
2022-10-19 CVE-2022-41624 F5 Memory Leak vulnerability in F5 products

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.

7.5
2022-10-19 CVE-2022-41691 F5 Release of Invalid Pointer or Reference vulnerability in F5 Big-Ip Application Security Manager

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

7.5
2022-10-19 CVE-2022-41787 F5 NULL Pointer Dereference vulnerability in F5 Big-Ip Local Traffic Manager

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.

7.5
2022-10-19 CVE-2022-41806 F5 Resource Exhaustion vulnerability in F5 Big-Ip Advanced Firewall Manager

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.

7.5
2022-10-19 CVE-2022-41832 F5 Memory Leak vulnerability in F5 products

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.

7.5
2022-10-19 CVE-2022-41833 F5 Resource Exhaustion vulnerability in F5 products

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

7.5
2022-10-19 CVE-2022-41836 F5 Unspecified vulnerability in F5 products

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

7.5
2022-10-19 CVE-2013-4253 Redhat Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.

7.5
2022-10-19 CVE-2022-1738 Fujielectric Out-of-bounds Read vulnerability in Fujielectric D300Win

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.

7.5
2022-10-19 CVE-2022-42227 Jsonlint Project Out-of-bounds Write vulnerability in Jsonlint Project Jsonlint 1.0

jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.

7.5
2022-10-19 CVE-2022-43415 Jenkins XXE vulnerability in Jenkins Repo 1.14.0/1.15.0

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.5
2022-10-19 CVE-2022-43429 Jenkins Protection Mechanism Failure vulnerability in Jenkins Compuware Topaz for Total Test

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

7.5
2022-10-19 CVE-2022-43430 Jenkins XXE vulnerability in Jenkins Compuware Topaz for Total Test

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.5
2022-10-19 CVE-2020-23648 Asus Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability.

7.5
2022-10-19 CVE-2022-25662 Qualcomm Release of Invalid Pointer or Reference vulnerability in Qualcomm products

Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-10-19 CVE-2022-25736 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.5
2022-10-19 CVE-2022-25749 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames.

7.5
2022-10-19 CVE-2022-33077 Nopcommerce Authorization Bypass Through User-Controlled Key vulnerability in Nopcommerce

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.

7.5
2022-10-19 CVE-2022-40798 Ocomon Project Unspecified vulnerability in Ocomon Project Ocomon 3.3/4.0

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control.

7.5
2022-10-18 CVE-2022-21598 Oracle Unspecified vulnerability in Oracle Siebel Core - DB Deployment and Configuration Accessible Data

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities).

7.5
2022-10-18 CVE-2022-21614 Oracle Unspecified vulnerability in Oracle Enterprise Data Quality 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard).

7.5
2022-10-18 CVE-2022-21620 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2022-10-18 CVE-2022-21622 Oracle Unspecified vulnerability in Oracle SOA Suite 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters).

7.5
2022-10-18 CVE-2022-21623 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0/13.5.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console).

7.5
2022-10-18 CVE-2022-21634 Oracle Unspecified vulnerability in Oracle Graalvm 20.3.7/21.3.3/22.2.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter).

7.5
2022-10-18 CVE-2022-39412 Oracle Unspecified vulnerability in Oracle Access Manager 12.2.1.4.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console).

7.5
2022-10-18 CVE-2022-39422 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2022-10-18 CVE-2022-3594 Linux Unspecified vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

7.5
2022-10-18 CVE-2022-42188 Lavalite Path Traversal vulnerability in Lavalite 9.0.0

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

7.5
2022-10-18 CVE-2022-29055 Fortinet Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

7.5
2022-10-18 CVE-2022-41547 Opensecurity Unspecified vulnerability in Opensecurity Mobile Security Framework

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script.

7.5
2022-10-18 CVE-2022-43259 Tenda Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.18/15.03.05.19

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

7.5
2022-10-18 CVE-2022-41479 Devexpress Authorization Bypass Through User-Controlled Key vulnerability in Devexpress Asp.Net web Forms Controls 19.2.3

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter.

7.5
2022-10-18 CVE-2022-39058 Changingtec Path Traversal vulnerability in Changingtec Rava Certificate Validation System 3

RAVA certification validation system has a path traversal vulnerability.

7.5
2022-10-18 CVE-2022-22192 Juniper Improper Input Validation vulnerability in Juniper Junos OS Evolved

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22201 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22211 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos OS Evolved

A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22218 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process.

7.5
2022-10-18 CVE-2022-22223 Juniper Improper Input Validation vulnerability in Juniper Junos

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition.

7.5
2022-10-18 CVE-2022-22228 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22231 Juniper NULL Pointer Dereference vulnerability in Juniper Junos 21.4

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22232 Juniper NULL Pointer Dereference vulnerability in Juniper Junos 21.4/22.1

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22235 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22236 Juniper Access of Uninitialized Pointer vulnerability in Juniper Junos

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

7.5
2022-10-18 CVE-2022-22247 Juniper Improper Input Validation vulnerability in Juniper Junos OS Evolved 21.3/21.4/22.1

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition.

7.5
2022-10-17 CVE-2020-8975 Zigor Information Exposure vulnerability in Zigor ZGR Tps200 NG Firmware 2.00

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.

7.5
2022-10-17 CVE-2022-3382 Hiwin Unspecified vulnerability in Hiwin Robot System Software 3.3.21.9869

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source.

7.5
2022-10-17 CVE-2022-3517 Minimatch Project Unspecified vulnerability in Minimatch Project Minimatch

A vulnerability was found in the minimatch package.

7.5
2022-10-17 CVE-2022-3559 Exim
Fedoraproject
Use After Free vulnerability in multiple products

A vulnerability was found in Exim and classified as problematic.

7.5
2022-10-17 CVE-2019-14840 Redhat Insufficiently Protected Credentials vulnerability in Redhat Decision Manager 7.0

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

7.5
2022-10-17 CVE-2022-2931 Gitlab Resource Exhaustion vulnerability in Gitlab

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.

7.5
2022-10-17 CVE-2022-3031 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.

7.5
2022-10-17 CVE-2022-3283 Gitlab Resource Exhaustion vulnerability in Gitlab

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.

7.5
2022-10-17 CVE-2022-3554 X ORG Memory Leak vulnerability in X.Org Libx11

A vulnerability has been found in X.org libX11 and classified as problematic.

7.5
2022-10-17 CVE-2022-3555 X ORG Memory Leak vulnerability in X.Org Libx11

A vulnerability was found in X.org libX11 and classified as problematic.

7.5
2022-10-17 CVE-2022-3281 Wago Expected Behavior Violation vulnerability in Wago products

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot.

7.5
2022-10-17 CVE-2022-3501 Otrs Missing Authorization vulnerability in Otrs

Article template contents with sensitive data could be accessed from agents without permissions.

7.5
2022-10-17 CVE-2022-42975 Phoenixframework Unspecified vulnerability in Phoenixframework Phoenix

socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding.

7.5
2022-10-18 CVE-2022-21615 Oracle Unspecified vulnerability in Oracle Enterprise Data Quality 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard).

7.4
2022-10-17 CVE-2022-2533 Gitlab Improper Authentication vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.

7.4
2022-10-18 CVE-2022-39421 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.3
2022-10-18 CVE-2022-22248 Juniper Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Junos OS Evolved

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session.

7.3
2022-10-17 CVE-2022-3421 Google Improper Privilege Management vulnerability in Google Drive

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user.

7.3
2022-10-17 CVE-2022-2428 Gitlab Cross-site Scripting vulnerability in Gitlab

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

7.3
2022-10-17 CVE-2022-3060 Gitlab Injection vulnerability in Gitlab

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests

7.3
2022-10-21 CVE-2022-38104 Oxilab Unspecified vulnerability in Oxilab Accordions

Auth.

7.2
2022-10-21 CVE-2022-42189 Emlog Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 1.6.0

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.

7.2
2022-10-20 CVE-2022-36957 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2022-10-20 CVE-2022-38108 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2022-10-20 CVE-2022-42201 Simple Exam Reviewer Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.

7.2
2022-10-20 CVE-2022-31366 EVE NG Unrestricted Upload of File with Dangerous Type vulnerability in Eve-Ng 2.0.3112

An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.

7.2
2022-10-19 CVE-2022-41617 F5 Command Injection vulnerability in F5 Big-Ip Application Security Manager

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

7.2
2022-10-18 CVE-2022-42218 Open Source Sacco Management System Project SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0

Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.

7.2
2022-10-18 CVE-2022-21596 Oracle Unspecified vulnerability in Oracle Database 19C

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server.

7.2
2022-10-18 CVE-2022-21600 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
7.2
2022-10-18 CVE-2022-21603 Oracle Unspecified vulnerability in Oracle Database - Sharding 19C/21C

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server.

7.2
2022-10-18 CVE-2022-41537 Online Tours Travels Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php.

7.2
2022-10-18 CVE-2022-35844 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

7.2
2022-10-18 CVE-2022-41504 Billing System Project Unrestricted Upload of File with Dangerous Type vulnerability in Billing System Project Billing System 1.0

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2
2022-10-18 CVE-2022-39057 Changingtec Command Injection vulnerability in Changingtec Rava Certificate Validation System 3

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field.

7.2
2022-10-17 CVE-2022-3552 Boxbilling Unrestricted Upload of File with Dangerous Type vulnerability in Boxbilling

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

7.2
2022-10-17 CVE-2022-42142 Online Tours AND Travels Management System Project Unspecified vulnerability in Online Tours and Travels Management System Project Online Tours and Travels Management System 1.0

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.

7.2
2022-10-17 CVE-2022-42143 Open Source Sacco Management System Project SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.

7.2
2022-10-17 CVE-2022-41498 Billing System Project SQL Injection vulnerability in Billing System Project Billing System 1.0

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.

7.2
2022-10-17 CVE-2022-3131 Codexpert SQL Injection vulnerability in Codexpert Search Logger

The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

7.2
2022-10-17 CVE-2022-3150 WP Custom Cursors Project SQL Injection vulnerability in WP Custom Cursors Project WP Custom Cursors

The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

7.2
2022-10-17 CVE-2022-3243 Smackcoders SQL Injection vulnerability in Smackcoders AN Ultimate Wordpress Importer CUM Migration AS CSV & XML

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

7.2
2022-10-17 CVE-2022-3549 Simple Cold Storage Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0.

7.2
2022-10-19 CVE-2022-41742 F5
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file.

7.1
2022-10-19 CVE-2022-25665 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile

7.1
2022-10-18 CVE-2022-21593 Oracle Unspecified vulnerability in Oracle Http Server 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans).

7.1
2022-10-17 CVE-2022-3566 Linux Race Condition vulnerability in Linux Kernel

A vulnerability, which was classified as problematic, was found in Linux Kernel.

7.1
2022-10-17 CVE-2022-3567 Linux Race Condition vulnerability in Linux Kernel

A vulnerability has been found in Linux Kernel and classified as problematic.

7.1
2022-10-21 CVE-2022-3635 Linux
Debian
Use After Free vulnerability in multiple products

A vulnerability, which was classified as critical, has been found in Linux Kernel.

7.0
2022-10-19 CVE-2022-41743 F5 Out-of-bounds Write vulnerability in F5 Nginx Ingress Controller and Nginx Plus

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file.

7.0
2022-10-19 CVE-2022-33214 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.0

242 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-10-20 CVE-2020-9285 Sonos Unspecified vulnerability in Sonos ONE Firmware

Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device.

6.8
2022-10-19 CVE-2022-35860 Corsair Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.

6.8
2022-10-21 CVE-2022-34437 Dell OS Command Injection vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability.

6.7
2022-10-21 CVE-2022-34438 Dell Improper Privilege Management vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error.

6.7
2022-10-19 CVE-2022-25666 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

6.7
2022-10-21 CVE-2022-3597 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file.

6.5
2022-10-21 CVE-2022-3598 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file.

6.5
2022-10-21 CVE-2022-3599 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file.

6.5
2022-10-21 CVE-2022-3626 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file.

6.5
2022-10-21 CVE-2022-3627 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file.

6.5
2022-10-20 CVE-2022-42197 Simple Exam Reviewer Management System Project Improper Privilege Management vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

6.5
2022-10-19 CVE-2022-41770 F5 Resource Exhaustion vulnerability in F5 products

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.

6.5
2022-10-19 CVE-2022-41813 F5 Improper Input Validation vulnerability in F5 products

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

6.5
2022-10-19 CVE-2022-2805 Redhat Cleartext Storage of Sensitive Information vulnerability in Redhat Virtualization 4.0

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style.

6.5
2022-10-19 CVE-2022-43020 Opencats SQL Injection vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.

6.5
2022-10-19 CVE-2022-43021 Opencats SQL Injection vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.

6.5
2022-10-19 CVE-2022-43022 Opencats SQL Injection vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.

6.5
2022-10-19 CVE-2022-43023 Opencats SQL Injection vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

6.5
2022-10-19 CVE-2022-41707 Relatedcode Unspecified vulnerability in Relatedcode Messenger

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application.

6.5
2022-10-19 CVE-2022-43408 Jenkins Inappropriate Encoding for Output Context vulnerability in Jenkins Stage View 2.26

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.

6.5
2022-10-19 CVE-2022-43419 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Katalon

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

6.5
2022-10-19 CVE-2022-43032 Axiosys Memory Leak vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 v1.6.0-639.

6.5
2022-10-19 CVE-2022-43033 Axiosys Use After Free vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 1.6.0-639.

6.5
2022-10-19 CVE-2022-43034 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 v1.6.0-639.

6.5
2022-10-19 CVE-2022-43035 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 v1.6.0-639.

6.5
2022-10-19 CVE-2022-43037 Axiosys Memory Leak vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 1.6.0-639.

6.5
2022-10-19 CVE-2022-43038 Axiosys Out-of-bounds Write vulnerability in Axiosys Bento4 1.6.0639

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.

6.5
2022-10-18 CVE-2022-21601 Oracle Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.4.0/12.0.0.5/12.0.0.6.0

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).

6.5
2022-10-18 CVE-2022-21635 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
6.5
2022-10-18 CVE-2022-21636 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management).

6.5
2022-10-18 CVE-2022-39408 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2022-10-18 CVE-2022-39410 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2022-10-18 CVE-2022-22224 Juniper Unspecified vulnerability in Juniper Junos

An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition.

6.5
2022-10-18 CVE-2022-22226 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device.

6.5
2022-10-18 CVE-2022-22230 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service).

6.5
2022-10-18 CVE-2022-22237 Juniper Improper Authentication vulnerability in Juniper Junos

An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity.

6.5
2022-10-18 CVE-2022-22238 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

6.5
2022-10-18 CVE-2022-22249 Juniper Unspecified vulnerability in Juniper Junos

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).

6.5
2022-10-18 CVE-2022-22250 Juniper Unspecified vulnerability in Juniper Junos

An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS).

6.5
2022-10-17 CVE-2022-28291 Tenable Insufficiently Protected Credentials vulnerability in Tenable Nessus

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping.

6.5
2022-10-17 CVE-2022-2455 Gitlab Resource Exhaustion vulnerability in Gitlab

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.

6.5
2022-10-17 CVE-2022-2592 Gitlab Improper Input Validation vulnerability in Gitlab

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

6.5
2022-10-17 CVE-2022-3067 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.

6.5
2022-10-17 CVE-2022-3165 Qemu
Fedoraproject
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format.

6.5
2022-10-17 CVE-2022-3279 Gitlab Improper Handling of Exceptional Conditions vulnerability in Gitlab

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs

6.5
2022-10-17 CVE-2022-3291 Gitlab Deserialization of Untrusted Data vulnerability in Gitlab

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

6.5
2022-10-17 CVE-2022-3540 Hunter2 Project Cleartext Storage of Sensitive Information vulnerability in Hunter2 Project Hunter2

An issue has been discovered in hunter2 affecting all versions before 2.1.0.

6.5
2022-10-17 CVE-2022-41471 74Cms Incorrect Permission Assignment for Critical Resource vulnerability in 74Cms 74Cmsse 3.12.0

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.

6.5
2022-10-17 CVE-2022-3551 X ORG
Debian
Fedoraproject
Memory Leak vulnerability in multiple products

A vulnerability, which was classified as problematic, has been found in X.org Server.

6.5
2022-10-17 CVE-2022-3553 X ORG Improper Resource Shutdown or Release vulnerability in X.Org X Server

A vulnerability, which was classified as problematic, was found in X.org Server.

6.5
2022-10-17 CVE-2022-3082 Miniorange Improper Access Control vulnerability in Miniorange Discord Integration

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example

6.5
2022-10-17 CVE-2022-39052 Otrs Infinite Loop vulnerability in Otrs

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system

6.5
2022-10-21 CVE-2022-1059 Aethon Cross-site Scripting vulnerability in Aethon TUG Home Base Server

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

6.1
2022-10-20 CVE-2022-26954 Nopcommerce Open Redirect vulnerability in Nopcommerce

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.

6.1
2022-10-19 CVE-2022-43014 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.

6.1
2022-10-19 CVE-2022-43015 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.

6.1
2022-10-19 CVE-2022-43016 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.

6.1
2022-10-19 CVE-2022-43017 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.

6.1
2022-10-19 CVE-2022-43018 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.

6.1
2022-10-19 CVE-2022-42466 Apache Cross-site Scripting vulnerability in Apache Isis

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved.

6.1
2022-10-18 CVE-2022-21606 Oracle Cross-site Scripting vulnerability in Oracle Database Server 19C

Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server.

6.1
2022-10-18 CVE-2022-21630 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).

6.1
2022-10-18 CVE-2022-21631 Oracle Cross-site Scripting vulnerability in Oracle JD Edwards Enterpriseone Tools

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC).

6.1
2022-10-18 CVE-2022-21639 Oracle Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise 8.59/8.60

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration).

6.1
2022-10-18 CVE-2022-42113 Liferay Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.

6.1
2022-10-18 CVE-2022-42116 Liferay Cross-site Scripting vulnerability in Liferay DXP 7.0

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.

6.1
2022-10-18 CVE-2022-42117 Liferay Cross-site Scripting vulnerability in Liferay DXP 7.0

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

6.1
2022-10-18 CVE-2022-42202 TP Link Cross-site Scripting vulnerability in Tp-Link Tl-Wr841N Firmware 4.17.16Build120201Rel.54750N

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).

6.1
2022-10-18 CVE-2022-3580 Cashier Queuing System Project Improper Enforcement of Message or Data Structure vulnerability in Cashier Queuing System Project Cashier Queuing System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1.

6.1
2022-10-18 CVE-2022-3581 Cashier Queuing System Project Improper Enforcement of Message or Data Structure vulnerability in Cashier Queuing System Project Cashier Queuing System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0.

6.1
2022-10-18 CVE-2022-3339 Mcafee Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link.

6.1
2022-10-18 CVE-2022-22242 Juniper Cross-site Scripting vulnerability in Juniper Junos

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web.

6.1
2022-10-17 CVE-2022-40606 Mitre Cross-site Scripting vulnerability in Mitre Caldera

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.

6.1
2022-10-17 CVE-2022-42147 Keking Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.

6.1
2022-10-17 CVE-2022-40605 Mitre Cross-site Scripting vulnerability in Mitre Caldera

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.

6.1
2022-10-17 CVE-2022-3149 WP Custom Cursors Project Cross-site Scripting vulnerability in WP Custom Cursors Project WP Custom Cursors

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks.

6.1
2022-10-19 CVE-2022-3607 Octoprint Injection vulnerability in Octoprint

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.

6.0
2022-10-18 CVE-2022-21621 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

6.0
2022-10-18 CVE-2022-39423 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

6.0
2022-10-18 CVE-2022-36439 Asus Unspecified vulnerability in Asus products

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges.

6.0
2022-10-18 CVE-2022-41540 TP Link Use of Hard-coded Credentials vulnerability in Tp-Link Ax10 Firmware V1211117

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router.

5.9
2022-10-18 CVE-2022-22208 Juniper Use After Free vulnerability in Juniper Junos

A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS).

5.9
2022-10-18 CVE-2022-22219 Juniper Unspecified vulnerability in Juniper Junos and Junos OS Evolved

Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition.

5.9
2022-10-18 CVE-2022-22220 Juniper Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS).

5.9
2022-10-18 CVE-2022-22225 Juniper Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS).

5.9
2022-10-17 CVE-2022-3206 Passster Project Inadequate Encryption Strength vulnerability in Passster Project Passster

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode.

5.9
2022-10-18 CVE-2022-21609 Oracle Unspecified vulnerability in Oracle Business Intelligence 5.9.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server).

5.7
2022-10-17 CVE-2022-3563 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

A vulnerability classified as problematic has been found in Linux Kernel.

5.7
2022-10-17 CVE-2022-3531 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.7
2022-10-17 CVE-2022-3532 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.7
2022-10-17 CVE-2022-3533 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.7
2022-10-21 CVE-2022-39259 Jadx Project Unspecified vulnerability in Jadx Project Jadx

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files.

5.5
2022-10-21 CVE-2022-3570 Libtiff Out-of-bounds Write vulnerability in Libtiff

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

5.5
2022-10-21 CVE-2022-3642 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

A vulnerability classified as problematic has been found in Linux Kernel.

5.5
2022-10-21 CVE-2022-3637 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

A vulnerability has been found in Linux Kernel and classified as problematic.

5.5
2022-10-21 CVE-2022-3630 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.5
2022-10-19 CVE-2022-41780 F5 Path Traversal vulnerability in F5 F5Os-A and F5Os-C

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.

5.5
2022-10-19 CVE-2013-4281 Redhat Incorrect Default Permissions vulnerability in Redhat Openshift 1.0

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

5.5
2022-10-19 CVE-2022-3586 Linux
Debian
Use After Free vulnerability in multiple products

A flaw was found in the Linux kernel’s networking code.

5.5
2022-10-19 CVE-2022-40884 Axiosys Memory Leak vulnerability in Axiosys Bento4 1.6.0

Bento4 1.6.0 has memory leaks via the mp4fragment.

5.5
2022-10-19 CVE-2022-40885 Axiosys Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.6.0639

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.

5.5
2022-10-19 CVE-2022-43039 Gpac Unspecified vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.

5.5
2022-10-19 CVE-2022-43043 Gpac Unspecified vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.

5.5
2022-10-19 CVE-2022-43044 Gpac Unspecified vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.

5.5
2022-10-19 CVE-2022-43045 Gpac Unspecified vulnerability in Gpac 2.1Devrev368Gfd054169Bmaster

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.

5.5
2022-10-19 CVE-2022-25663 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

5.5
2022-10-19 CVE-2022-25664 Qualcomm Information Exposure vulnerability in Qualcomm products

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

5.5
2022-10-19 CVE-2022-39253 GIT SCM
Fedoraproject
Apple
Link Following vulnerability in multiple products

Git is an open source, scalable, distributed revision control system.

5.5
2022-10-19 CVE-2022-3606 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.5
2022-10-18 CVE-2022-39401 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

5.5
2022-10-18 CVE-2022-39407 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.58/8.59/8.60

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).

5.5
2022-10-18 CVE-2022-39417 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

5.5
2022-10-18 CVE-2022-3593 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.5
2022-10-18 CVE-2022-3595 Linux Double Free vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel.

5.5
2022-10-18 CVE-2022-22233 Juniper NULL Pointer Dereference vulnerability in Juniper Junos and Junos OS Evolved

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).

5.5
2022-10-18 CVE-2022-22234 Juniper Unspecified vulnerability in Juniper Junos

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).

5.5
2022-10-18 CVE-2022-22240 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS).

5.5
2022-10-17 CVE-2022-3542 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability classified as problematic was found in Linux Kernel.

5.5
2022-10-17 CVE-2022-3543 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability, which was classified as problematic, has been found in Linux Kernel.

5.5
2022-10-17 CVE-2022-3544 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability, which was classified as problematic, was found in Linux Kernel.

5.5
2022-10-21 CVE-2022-27494 Aethon Cross-site Scripting vulnerability in Aethon TUG Home Base Server

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

5.4
2022-10-21 CVE-2022-41638 Chop Chop Cross-site Scripting vulnerability in Chop-Chop Pop-Up Chop

Auth.

5.4
2022-10-21 CVE-2022-42205 Hospital Management System Project Cross-site Scripting vulnerability in Hospital Management System Project Hospital Management System 4.0

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

5.4
2022-10-21 CVE-2022-42206 Hospital Management System Project Cross-site Scripting vulnerability in Hospital Management System Project Hospital Management System 4.0

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

5.4
2022-10-20 CVE-2022-36966 Solarwinds Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

5.4
2022-10-20 CVE-2022-42200 Simple Exam Reviewer Management System Project Cross-site Scripting vulnerability in Simple Exam Reviewer Management System Project Simple Exam Reviewer Management System 1.0

Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.

5.4
2022-10-20 CVE-2021-33231 Easyvista Cross-site Scripting vulnerability in Easyvista Service Manager 2018.1.181.1

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

5.4
2022-10-20 CVE-2022-41358 Garage Management System Project Cross-site Scripting vulnerability in Garage Management System Project Garage Management System 1.0

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

5.4
2022-10-19 CVE-2022-43409 Jenkins Cross-site Scripting vulnerability in Jenkins Supporting Apis

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.

5.4
2022-10-19 CVE-2022-43420 Jenkins Cross-site Scripting vulnerability in Jenkins Contrast Continuous Application Security

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.

5.4
2022-10-19 CVE-2022-43425 Jenkins Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4
2022-10-19 CVE-2022-39301 SRA Admin Project Cross-site Scripting vulnerability in Sra-Admin Project Sra-Admin

sra-admin is a background rights management system that separates the front and back end.

5.4
2022-10-19 CVE-2022-43185 Rukovoditel Cross-site Scripting vulnerability in Rukovoditel 3.2.1

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

5.4
2022-10-19 CVE-2022-39233 Enalean Incorrect Authorization vulnerability in Enalean Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration.

5.4
2022-10-19 CVE-2022-38901 Liferay Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

5.4
2022-10-18 CVE-2022-21591 Oracle Unspecified vulnerability in Oracle Transportation Management 6.4.3/6.5.1

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure).

5.4
2022-10-18 CVE-2022-21629 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).

5.4
2022-10-18 CVE-2022-39420 Oracle Unspecified vulnerability in Oracle Transportation Management 6.4.3/6.5.1

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security).

5.4
2022-10-18 CVE-2022-42112 Liferay Cross-site Scripting vulnerability in Liferay DXP

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload.

5.4
2022-10-18 CVE-2022-42114 Liferay Cross-site Scripting vulnerability in Liferay DXP 7.0/7.4

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4
2022-10-18 CVE-2022-42115 Liferay Cross-site Scripting vulnerability in Liferay Portal

Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.

5.4
2022-10-18 CVE-2022-3587 Simple Cold Storage Management System Project Cross-site Scripting vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0.

5.4
2022-10-18 CVE-2022-31037 Oroinc Cross-site Scripting vulnerability in Oroinc Orocommerce

OroCommerce is an open-source Business to Business Commerce application.

5.4
2022-10-18 CVE-2022-3338 Mcafee XXE vulnerability in Mcafee Epolicy Orchestrator

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.

5.4
2022-10-17 CVE-2022-41431 Mindskip Cross-site Scripting vulnerability in Mindskip XZS 3.8.0

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit.

5.4
2022-10-17 CVE-2022-41139 Mitre Cross-site Scripting vulnerability in Mitre Caldera

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.

5.4
2022-10-17 CVE-2022-3066 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.

5.4
2022-10-17 CVE-2022-41472 74Cms Cross-site Scripting vulnerability in 74Cms 74Cmsse 3.12.0

74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add.

5.4
2022-10-17 CVE-2022-41542 Devhubapp Insufficient Session Expiration vulnerability in Devhubapp Devhub 0.102.0

devhub 0.102.0 was discovered to contain a broken session control.

5.4
2022-10-21 CVE-2022-3646 Linux
Debian
Memory Leak vulnerability in multiple products

A vulnerability, which was classified as problematic, has been found in Linux Kernel.

5.3
2022-10-20 CVE-2022-40084 Opencrx Information Exposure Through Discrepancy vulnerability in Opencrx

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.

5.3
2022-10-19 CVE-2022-38107 Solarwinds Information Exposure Through an Error Message vulnerability in Solarwinds SQL Sentry

Sensitive information could be displayed when a detailed technical error message is posted.

5.3
2022-10-19 CVE-2022-43410 Jenkins Information Exposure vulnerability in Jenkins Mercurial

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

5.3
2022-10-19 CVE-2022-43411 Jenkins Information Exposure Through Discrepancy vulnerability in Jenkins Gitlab

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

5.3
2022-10-19 CVE-2022-43412 Jenkins Information Exposure Through Discrepancy vulnerability in Jenkins Generic Webhook Trigger

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

5.3
2022-10-19 CVE-2022-43414 Jenkins Unspecified vulnerability in Jenkins Nunit

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.

5.3
2022-10-19 CVE-2022-43421 Jenkins Missing Authorization vulnerability in Jenkins Tuleap GIT Branch Source

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.

5.3
2022-10-19 CVE-2022-43422 Jenkins Unspecified vulnerability in Jenkins Compuware Topaz Utilities

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

5.3
2022-10-19 CVE-2022-43423 Jenkins Unspecified vulnerability in Jenkins Compuware Source Code Download for Endevor, Pds, and Ispw 2.0.12

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

5.3
2022-10-19 CVE-2022-43424 Jenkins Protection Mechanism Failure vulnerability in Jenkins Compuware Xpediter Code

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

5.3
2022-10-19 CVE-2022-43426 Jenkins Missing Password Field Masking vulnerability in Jenkins S3 Explorer

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.

5.3
2022-10-19 CVE-2022-43428 Jenkins Protection Mechanism Failure vulnerability in Jenkins Compuware Topax for Total Test

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

5.3
2022-10-19 CVE-2022-43434 Jenkins Protection Mechanism Failure vulnerability in Jenkins Neuvector vulnerability Scanner

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc.

5.3
2022-10-19 CVE-2022-43435 Jenkins Unspecified vulnerability in Jenkins 360 Fireline

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc.

5.3
2022-10-19 CVE-2022-42467 Apache Insecure Default Initialization of Resource vulnerability in Apache Isis

When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database.

5.3
2022-10-18 CVE-2022-21597 Oracle Unspecified vulnerability in Oracle Graalvm 20.3.7/21.3.3/22.2.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript).

5.3
2022-10-18 CVE-2022-21602 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.58/8.59/8.60

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.3
2022-10-18 CVE-2022-21618 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).
5.3
2022-10-18 CVE-2022-21626 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).
5.3
2022-10-18 CVE-2022-21628 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server).
5.3
2022-10-18 CVE-2022-39405 Oracle Unspecified vulnerability in Oracle Access Manager 12.2.1.3.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).

5.3
2022-10-18 CVE-2020-15853 Fedoraproject Unspecified vulnerability in Fedoraproject Supybot-Fedora

supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS.

5.3
2022-10-18 CVE-2022-39055 Changingtec Server-Side Request Forgery (SSRF) vulnerability in Changingtec Rava Certificate Validation System 3

RAVA certificate validation system has inadequate filtering for URL parameter.

5.3
2022-10-18 CVE-2022-22227 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS).

5.3
2022-10-18 CVE-2022-22244 Juniper XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos

An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality.

5.3
2022-10-17 CVE-2022-3286 Gitlab Unspecified vulnerability in Gitlab

Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token

5.3
2022-10-17 CVE-2022-2834 Helpful Project Information Exposure vulnerability in Helpful Project Helpful

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings

5.3
2022-10-18 CVE-2022-21616 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

5.2
2022-10-19 CVE-2022-41694 F5 Improper Input Validation vulnerability in F5 products

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.

4.9
2022-10-18 CVE-2022-21594 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-21599 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.9
2022-10-18 CVE-2022-21604 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2022-10-18 CVE-2022-21605 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary).
4.9
2022-10-18 CVE-2022-21607 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-21608 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-21617 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
4.9
2022-10-18 CVE-2022-21632 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2022-10-18 CVE-2022-21633 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2022-10-18 CVE-2022-21637 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2022-10-18 CVE-2022-21638 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-21640 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-21641 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-39400 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-10-18 CVE-2022-39411 Oracle Unspecified vulnerability in Oracle Transportation Management 6.4.3/6.5.1

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation).

4.9
2022-10-21 CVE-2022-40311 Fatcatapps Cross-site Scripting vulnerability in Fatcatapps Analytics CAT

Auth.

4.8
2022-10-17 CVE-2022-26375 Abpressoptimizer Cross-site Scripting vulnerability in Abpressoptimizer AB Press Optimizer 1.0.0/1.1.0/1.1.1

Auth.

4.8
2022-10-17 CVE-2022-2865 Gitlab Cross-site Scripting vulnerability in Gitlab

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2.

4.8
2022-10-17 CVE-2022-2563 Themeum Cross-site Scripting vulnerability in Themeum Tutor LMS

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-10-17 CVE-2022-2574 Mekshq Cross-site Scripting vulnerability in Mekshq Meks Easy Social Share

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-10-17 CVE-2022-3139 Designextreme Cross-site Scripting vulnerability in Designextreme We'Re Open

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-10-17 CVE-2022-3546 Simple Cold Storage Management System Project Cross-site Scripting vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic.

4.8
2022-10-17 CVE-2022-3547 Simple Cold Storage Management System Project Cross-site Scripting vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0.

4.8
2022-10-17 CVE-2022-3548 Simple Cold Storage Management System Project Cross-site Scripting vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0.

4.8
2022-10-19 CVE-2022-22078 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

4.6
2022-10-21 CVE-2022-31239 Dell Information Exposure Through Log Files vulnerability in Dell EMC Powerscale Onefs 9.1.0.0/9.2.1.0/9.3.0.0

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability.

4.4
2022-10-18 CVE-2022-21595 Oracle
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API).
4.4
2022-10-18 CVE-2022-21625 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.4
2022-10-18 CVE-2022-21627 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2022-10-22 CVE-2022-39272 Fluxcd Improper Input Validation vulnerability in Fluxcd products

Flux is an open and extensible continuous delivery solution for Kubernetes.

4.3
2022-10-21 CVE-2020-5355 Dell Incorrect Default Permissions vulnerability in Dell EMC Isilon Onefs

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding.

4.3
2022-10-20 CVE-2022-3619 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability has been found in Linux Kernel and classified as problematic.

4.3
2022-10-19 CVE-2022-31684 Pivotal Unspecified vulnerability in Pivotal Reactor Netty

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests.

4.3
2022-10-19 CVE-2022-41708 Relatedcode Improper Preservation of Permissions vulnerability in Relatedcode Messenger

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application.

4.3
2022-10-19 CVE-2022-43413 Jenkins Missing Authorization vulnerability in Jenkins JOB Import

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2022-10-19 CVE-2022-43417 Jenkins Missing Authorization vulnerability in Jenkins Katalon

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2022-10-19 CVE-2022-43418 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Katalon

A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2022-10-19 CVE-2022-43427 Jenkins Missing Authorization vulnerability in Jenkins Compuware Topaz for Total Test

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2022-10-19 CVE-2022-43431 Jenkins Missing Authorization vulnerability in Jenkins Compuware Strobe Measurement

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2022-10-19 CVE-2022-43432 Jenkins Unspecified vulnerability in Jenkins Xframium Builder

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc.

4.3
2022-10-19 CVE-2022-43433 Jenkins Protection Mechanism Failure vulnerability in Jenkins Screenrecorder

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc.

4.3
2022-10-18 CVE-2022-21589 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.3
2022-10-18 CVE-2022-21592 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
4.3
2022-10-18 CVE-2022-39402 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client).

4.3
2022-10-18 CVE-2022-39419 Oracle Unspecified vulnerability in Oracle Java Virtual Machine 19C/21C

Vulnerability in the Java VM component of Oracle Database Server.

4.3
2022-10-18 CVE-2022-3585 Simple Cold Storage Management System Project Incorrect Authorization vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0.

4.3
2022-10-18 CVE-2022-22243 Juniper XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality.

4.3
2022-10-18 CVE-2022-22245 Juniper Path Traversal vulnerability in Juniper Junos

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS.

4.3
2022-10-17 CVE-2022-2630 Gitlab Unspecified vulnerability in Gitlab 15.2/15.2.1/15.2.2

An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

4.3
2022-10-17 CVE-2022-2908 Gitlab Resource Exhaustion vulnerability in Gitlab

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.

4.3
2022-10-17 CVE-2022-3030 Gitlab Unspecified vulnerability in Gitlab

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.

4.3
2022-10-17 CVE-2022-3288 Gitlab Unspecified vulnerability in Gitlab

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

4.3
2022-10-17 CVE-2022-3293 Gitlab Information Exposure Through Log Files vulnerability in Gitlab

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

4.3
2022-10-17 CVE-2022-3325 Gitlab Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.

4.3
2022-10-17 CVE-2022-3330 Gitlab Incorrect Authorization vulnerability in Gitlab

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.

4.3
2022-10-17 CVE-2022-3331 Gitlab Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.

4.3
2022-10-17 CVE-2022-3351 Gitlab Information Exposure vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1.

4.3
2022-10-17 CVE-2022-3126 Najeebmedia Cross-Site Request Forgery (CSRF) vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

4.3
2022-10-17 CVE-2022-3151 WP Custom Cursors Project Cross-Site Request Forgery (CSRF) vulnerability in WP Custom Cursors Project WP Custom Cursors

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.

4.3
2022-10-17 CVE-2022-3282 Codedropz Authorization Bypass Through User-Controlled Key vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form.

4.3
2022-10-18 CVE-2022-39404 Oracle Unspecified vulnerability in Oracle Mysql 1.5.1

Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General).

4.2
2022-10-17 CVE-2022-3244 Smackcoders Missing Authorization vulnerability in Smackcoders AN Ultimate Wordpress Importer CUM Migration AS CSV & XML

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

4.2
2022-10-18 CVE-2022-21611 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.1

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-10-18 CVE-2022-39403 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client).

3.9
2022-10-19 CVE-2022-41983 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 products

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

3.7
2022-10-18 CVE-2022-21619 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).
3.7
2022-10-18 CVE-2022-21624 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
3.7
2022-10-18 CVE-2022-39399 Oracle
Fedoraproject
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).
3.7
2022-10-18 CVE-2022-3582 Simple Cold Storage Management System Project Incorrect Authorization vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Management System 1.0

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic.

3.5
2022-10-17 CVE-2017-7517 Redhat Improper Input Validation vulnerability in Redhat Openshift 3.0

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift.

3.5
2022-10-17 CVE-2022-3535 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability classified as problematic was found in Linux Kernel.

3.5
2022-10-21 CVE-2022-3647 Redis Improper Resource Shutdown or Release vulnerability in Redis

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis.

3.3
2022-10-21 CVE-2022-3633 Linux
Debian
Memory Leak vulnerability in multiple products

A vulnerability classified as problematic has been found in Linux Kernel.

3.3
2022-10-21 CVE-2022-3624 Linux Memory Leak vulnerability in Linux Kernel

A vulnerability was found in Linux Kernel and classified as problematic.

3.3
2022-10-21 CVE-2022-3629 Linux
Debian
Memory Leak vulnerability in multiple products

A vulnerability was found in Linux Kernel.

3.3
2022-10-18 CVE-2022-21610 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDoms).

3.3
2022-10-18 CVE-2022-39409 Oracle Unspecified vulnerability in Oracle Transportation Management 6.4.3/6.5.1

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation).

2.7