Weekly Vulnerabilities Reports > December 12 to 18, 2022

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1.

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

A vulnerability was found in jLEMS.

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639.

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input.

A support user exists on the device and appears to be a backdoor for Technical Support staff.

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0.

In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check.

In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check.

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.

A type confusion issue was addressed with improved state handling.

This issue was addressed with improved checks.

A memory corruption issue was addressed with improved state management.

A use after free issue was addressed with improved memory management.

A memory consumption issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved state management.

A memory corruption issue was addressed with improved input validation.

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0.

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0.

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

A vulnerability was found in X.Org.

A vulnerability was found in X.Org.

A vulnerability was found in X.Org.

A vulnerability was found in X.Org.

A vulnerability was found in X.Org.

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site.

mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.

Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF).

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.

TYPO3 is an open source PHP based web content management system.

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check.

In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check.

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket.

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore.

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker.

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.

An issue was discovered in the Arm Mali GPU Kernel Driver.

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.

Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .

Alist v3.4.0 is vulnerable to File Upload.

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface.

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence.

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages.

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages.

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

A vulnerability was found in RainyGao DocSys.

SENS v1.0 has a file upload vulnerability.

SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.

The issue was addressed with improved memory handling.

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.

PowerShell Remote Code Execution Vulnerability

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system.

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution.

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

MeterSphere is a one-stop open source continuous testing platform.

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP.

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0).

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2).

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

An authenticated path traversal vulnerability exists in the ArubaOS command line interface.

An issue was discovered in the Linux kernel before 6.0.11.

An issue was discovered in the Linux kernel before 6.0.11.

An issue was discovered in the Linux kernel before 6.0.11.

GuardDog is a CLI tool to identify malicious PyPI packages.

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client.

The default console presented to users over telnet (when enabled) is restricted to a subset of commands.

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3.

A vulnerability was found in Freedom of the Press SecureDrop.

In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check.

In onCreate of WifiDialogActivity.java, there is a missing permission check.

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check.

In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass.

In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation.

In onCreate of various files, there is a possible tapjacking/overlay attack.

In getSlice of ProviderModelSlice.java, there is a missing permission check.

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free.

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free.

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check.

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation.

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy.

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free.

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking.

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free.

In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation.

In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation.

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation.

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation.

In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation.

In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow.

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow.

In TBD of TBD, there is a possible out of bounds write due to memory corruption.

In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation.

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation.

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation.

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

Memory corruption in Core due to improper configuration in boot remapper.

An out-of-bounds write was addressed with improved input validation.

The issue was addressed with improved memory handling.

An out-of-bounds read was addressed with improved bounds checking.

An integer overflow was addressed with improved input validation.

The issue was addressed with improved memory handling.

A type confusion issue was addressed with improved checks.

An out-of-bounds write issue was addressed with improved input validation.

A logic issue was addressed with improved checks.

An access issue existed with privileged API calls.

The issue was addressed with improved memory handling.

An out-of-bounds write issue was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved input validation.

An out-of-bounds access issue was addressed with improved bounds checking.

The issue was addressed with improved bounds checks.

A vulnerability was found in X.Org.

Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer.

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files.

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files.

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files.

.NET Framework Remote Code Execution Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

Windows Terminal Remote Code Execution Vulnerability

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability

A vulnerability classified as problematic was found in pacparser up to 1.3.x.

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation.

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy.

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy.

In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code.

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass.

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables

Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables

Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306).

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0).

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.

There exists a path traversal vulnerability in the Android Google Search app.

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege.

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool.

An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2.

A vulnerability was found in xml-conduit.

A vulnerability has been found in OWASP NodeGoat and classified as problematic.

An issue was discovered in drachtio-server before 0.8.20.

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20.

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19.

BigBlueButton is an open source web conferencing system.

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition.

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10.

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server.

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow.

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation.

Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A

In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check.

In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check.

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check.

AeroCMS v0.0.1 is vulnerable to Directory Traversal.

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

A vulnerability has been found in RainyGao DocSys and classified as critical.

Helm is a tool for managing Charts, pre-configured Kubernetes resources.

Helm is a tool for managing Charts, pre-configured Kubernetes resources.

Helm is a tool for managing Charts, pre-configured Kubernetes resources.

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1.

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

The vRealize Log Insight contains a Directory Traversal Vulnerability.

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.

TYPO3 is an open source PHP based web content management system.

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0.

In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows.

Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile

Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile

Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Denial of service in Modem due to reachable assertion in Snapdragon Mobile

Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes.

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames.

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively.

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06).

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

hutool-json v5.8.10 was discovered to contain an out of memory error.

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter.

A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request.

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration.

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport.

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used.

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

Netty project is an event-driven asynchronous network application framework.

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system.

A vulnerability exists in the API of Aruba EdgeConnect Enterprise.

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads.

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator.

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code.

The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/.

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack.

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack.

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check.

vRealize Operations (vROps) contains a privilege escalation vulnerability.

Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

The issue was addressed with improved memory handling.

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges.

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.

The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system.

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.

Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host.

An issue was discovered in the Linux kernel before 6.0.11.

A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0.

A logic issue was addressed with improved state management.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash.

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

A race condition was addressed with improved state handling.

A race condition was addressed with additional validation.

In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition.

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service.

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon.

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354.

In multiple locations of DreamManagerService.java, there is a missing permission check.

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check.

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free.

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check.

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check.

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free.

In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check.

In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption.

In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check.

In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation.

In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free.

In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check.

In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check.

In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check.

In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption.

In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption.

In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check.

In the Pixel camera driver, there is a possible use after free due to a logic error in the code.

In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation.

In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure.

In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check.

In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check.

In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check.

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check.

In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation.

In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption.

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free.

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation.

In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check.

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check.

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

A vulnerability classified as problematic has been found in ppp.

GuardDog is a CLI tool to identify malicious PyPI packages.

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack.

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files.

The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56.

The issue was addressed with improved memory handling.

A spoofing issue existed in the handling of URLs.

A logic issue was addressed with improved checks.

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0.

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0.

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3.

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7.

TYPO3 is an open source PHP based web content management system.

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check.

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data.

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2.

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers.

A buffer overflow vulnerability exists in the ArubaOS command line interface.

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

Starting with Sametime 12, anonymous users are enabled by default.

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface.

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface.

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields.

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition.

A vulnerability classified as problematic was found in as.

A vulnerability, which was classified as problematic, has been found in WP-Ban.

A vulnerability, which was classified as problematic, was found in ctrlo lenio.

A vulnerability has been found in ctrlo lenio and classified as problematic.

A vulnerability was found in ctrlo lenio and classified as problematic.

A vulnerability was found in ctrlo lenio.

A vulnerability was found in ctrlo lenio.

A vulnerability classified as problematic has been found in django-openipam.

A vulnerability was found in retra-system.

A vulnerability was found in mschaef toto up to 1.4.20.

A vulnerability was found in mschaef toto up to 1.4.20.

A vulnerability was found in 1j01 mind-map and classified as problematic.

A vulnerability was found in starter-public-edition-4 up to 4.6.10.

A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3.

A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3.

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x.

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic.

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.

A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic.

A vulnerability was found in Alinto SOGo up to 5.7.1.

A vulnerability was found in INEX IPX-Manager up to 6.2.0.

A vulnerability was found in Joget up to 7.0.31.

A vulnerability classified as problematic has been found in SemanticDrilldown Extension.

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.

A vulnerability was found in WSO2 carbon-registry up to 4.8.11.

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6.

A vulnerability classified as problematic was found in CalendarXP up to 10.0.1.

A vulnerability, which was classified as problematic, has been found in vexim2.

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x.

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic.

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic.

A vulnerability was found in collective.task up to 3.0.8.

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg.

A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3.

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.

Editor.js is a block-style editor with clean JSON output.

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS).

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0.

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server.

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).

A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6.

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component).

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation.

A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.

A vulnerability, which was classified as problematic, was found in sproctor php-calendar.

A vulnerability has been found in falling-fruit and classified as problematic.

A vulnerability has been identified in PLM Help Server V4.2 (All versions).

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS).

AeroCMS v0.0.1 is vulnerable to ClickJacking.

A vulnerability was found in ipti br.tag.

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website.

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack.

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5.

A vulnerability was found in rAthena FluxCP.

Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim.

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields.

SENS v1.0 is vulnerable to Cross Site Scripting (XSS).

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages.

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails.

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053.

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents.

WordPress is affected by an unauthenticated blind SSRF in the pingback feature.

BigBlueButton is an open source web conferencing system.

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy.

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass.

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check.

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check.

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy.

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check.

In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check.

In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free.

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation.

In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check.

In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation.

In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code.

In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation.

In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check.

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check.

In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check.

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

A logic issue was addressed with improved checks.

This issue was addressed with improved data protection.

The issue was addressed with improved memory handling.

The issue was addressed with improved memory handling.

An access issue was addressed with improved access restrictions.

The issue was addressed with improved memory handling.

Multiple issues were addressed by removing the vulnerable code.

This issue was addressed by removing the vulnerable code.

This issue was addressed by enabling hardened runtime.

The issue was addressed with improved handling of caches.

A logic issue was addressed with improved state management.

The issue was addressed with improved memory handling.

Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

An issue was discovered in the Linux kernel through 5.16-rc6.

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion.

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value.

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check.

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion.

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion.

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free.

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception.

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache.

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext.

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from.

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files.

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3.

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS.

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1.

A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1.

A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic.

A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic.

A vulnerability was found in Shoplazza LifeStyle 1.1.

A vulnerability was found in Shoplazza LifeStyle 1.1.

A vulnerability was found in Shoplazza LifeStyle 1.1.

A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3.

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1.

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2.

File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.

Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.

Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0.

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles.

TYPO3 is an open source PHP based web content management system.

Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.

The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html.