Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40150 (high), CVE-2022-45685 (High), CVE-2022-45693 (High), CVE-2022-37601 (Critical), CVE-2022-45939 (High), CVE-2022-4515 (Critical), CVE-2022-4337 (Medium), CVE-2022-4338 (Medium), CVE-2020-8813 (High), CVE-2020-23226 (Medium), CVE-2020-25706 (Medium), CVE-2022-0730 (Critical), CVE-2022-46169 (Critical)
Debian has released a security update to resolve vulnerability in the libcommons-net-java package, which may lead to leakage of information about services running on the private network of the client.
CVE ID: CVE-2021-37533 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Fuji Electric has released security updates to address out of bounds read and out of bounds write vulnerabilities in Fuji Electric V-SFT and TELLUS which can cause information disclosure and/or arbitrary code execution. The affected products are V-SFT v6.1.7.0 and earlier, and TELLUS v4.0.12.0 and earlier.
CVE ID: CVE-2022-46360, CVE-2022-43448
Fuji Electric has released security update to address stack-based buffer overflow, out of bounds read and out of bounds write vulnerabilities in Fuji Electric V-Server which can cause information disclosure and/or arbitrary code execution. The affected products are V-Server v4.0.12.0 and earlier.
CVE ID: CVE-2022-47908, CVE-2022-41645, CVE-2022-47317
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-1199 (High), CVE-2022-3202 (High), CVE-2022-3541 (High), CVE-2022-38177 (High), CVE-2022-38178 (High), CVE-2022-0865 (Medium), CVE-2022-0891 (High), CVE-2022-1056 (Medium), CVE-2021-33621 (High), CVE-2021-4028 (High), CVE-2021-4204 (High)
ABB has released security updates to resolve a vulnerability in ABB products that may cause the product to stop, make the product inaccessible, take remote control of the product, or insert and run arbitrary code. The affected products are Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415, and Pulsar Plus System Controller – NE843_S – comcode 150042936.
CVE ID: CVE-2022-1607 (Medium)
Foxit has released an updated Foxit PhantomPDF 10.1.10 to resolve multiple vulnerabilities in Foxit PhantomPDF 10.1.9.37808 and earlier versions.
CVE ID: CVE-2022-43637, CVE-2022-43638, CVE-2022-43639, CVE-2022-43640, CVE-2022-43641, CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129
Debian has released a security update to resolve multiple vulnerabilities in the mbedtls package, which can allow attackers to obtain sensitive information like the RSA private key or may cause Denial of Service (DoS).
CVE ID: CVE-2019-16910 (Medium), CVE-2019-18222 (Medium), CVE-2020-10932 (Medium), CVE-2020-10941 (Medium), CVE-2020-16150 (Medium), CVE-2020-36421 (Medium), CVE-2020-36422 (Medium), CVE-2020-36423 (High), CVE-2020-36424 (Medium), CVE-2020-36425 (Medium), CVE-2020-36426 (High), CVE-2020-36475 (High), CVE-2020-36476 (High), CVE-2020-36478 (High), CVE-2021-24119 (Medium), CVE-2021-43666 (High), CVE-2021-44732 (Critical), CVE-2022-35409 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to resolve an integer overflow vulnerability in libksba package, which can result in Denial of Service (DoS) or the execution of arbitrary code.
CVE ID: CVE-2022-47629
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-31693 (Medium), CVE-2021-46784 (Medium), CVE-2022-2938 (High), CVE-2022-31630 (High), CVE-2022-3165 (Medium), CVE-2022-3545 (High), CVE-2022-3564 (High), CVE-2022-3705 (High), CVE-2022-3920 (High), CVE-2022-42252 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Synology has released security updates to address multiple vulnerabilities in Synology Router Manager (SRM) that allow remote attackers to execute arbitrary commands, conduct Denial of Service (DoS) attacks, or read arbitrary files. The affected versions are SRM 1.3, and SRM 1.2.
A vulnerability due to use of password hash with insufficient computational effort has been discovered in Priva's equipment- TopControl Suite, that can allow to obtain login credentials and access to the product remotely. The affected components are Bacnet prior to 8.7.8.0, Blue ID prior to 8.7.8.0, Compass prior to 8.7.8.0, Connect prior to 8.7.8.0, and TPC prior to 8.7.8.0.
CVE ID: CVE-2022-3010 (High)
An improper access control vulnerability has been discovered in Rockwell Automation's Equipment- Studio 5000 Logix Emulate that can allow a malicious user to perform Remote Code Execution (RCE), potentially impacting the confidentiality, integrity, and availability of the software. The affected versions are Studio 5000 Logix Emulate v20 to v33.
CVE ID: CVE-2022-3156 (High)
Omron has released a security update to address an out of bounds write vulnerability in CX-Programmer which can allow arbitrary code execution or loss of sensitive information if a user opens a specially crafted CX-P file. The affected versions are CX-Programmer 9.78 and prior.
CVE ID: CVE-2022-43509 (High)
Juniper Networks has released security updates to address an improper input validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved, that can cause a Denial of Service (DoS). The affected versions are Junos OS version 22.3R1, and Junos OS Evolved version 22.3R1-EVO.
CVE ID: CVE-2022-22184 (High)
Foxit has released an updated Foxit PDF Editor 11.2.4 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier.
A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's equipment- the MELSEC iQ-R, iQ-L series CPU modules and MELIPC series. The affected models are MELSEC iQ-R Series model R00/01/02CPU firmware versions "32" & prior, model R04/08/16/32/120(EN)CPU firmware versions "65" & prior, model R08/16/32/120SFCPU & model R12CCPU-V, all versions, MELSEC iQ-L Series model L04/08/16/32HCPU, all versions and MELIPC Series MI5122-VW, all versions.
CVE ID: CVE-2022-33324 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Zyxel has released security update to resolve DNS misconfiguration in the NBG7510 home router that allow an unauthenticated attacker to perform DNS-related attacks by using the open DNS resolver when the device is switched to the AP mode.
CVE ID: CVE-2022-38546 (Medium)
It has been discovered that the installers generated by Squirrel.Windows can insecurely load Dynamic Link Libraries (DLLs) that may cause arbitrary code execution. The affected versions are installers generated by Squirrel.Windows 2.0.1 and earlier.
CVE ID: CVE-2022-46330 (High)
+Message App has released security updates to address a vulnerability caused by improper handling of Unicode control characters in its products. The affected versions are +Message App for Android prior to version 12.9.5, prior to version 54.49.0500 & prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4.
CVE ID: CVE-2022-43543 (Medium)
Mozilla has released a security update to address a vulnerability in Thunderbird 102.6.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46874 (Medium)
Fuji Electric has released security updates to resolve out of bounds write and stack-based buffer overflow vulnerabilities in Tellus Lite V-Simulator that can allow to execute arbitrary code. The affected versions are Fuji Electric Tellus Lite V-Simulator 4.0.12.0 and prior.
CVE ID: CVE-2022-3087 (High), CVE-2022-3085 (High)
Rockwell Automation has released security updates to address an improper input validation vulnerability in its equipment- GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers that can allow a malformed CIP request to cause a major nonrecoverable fault and a Denial of Service (DoS) condition.
CVE ID: CVE-2022-3157 (High)
ARC Informatique has released security updates to address vulnerabilities that allow cleartext storage of sensitive information and insertion of sensitive information into Log File in its PcVue equipment. Successful exploitation can allow access to the email account, SIM card, and other data sources associated with the affected device. The affected versions are PcVue 15 through 15.2.2 and PcVue 8.10 through 15.2.3.
CVE ID: CVE-2022-4312 (Medium), CVE-2022-4311 (Medium)
Multiple vulnerabilities such as Cross Site Scripting (XSS) and improper restriction of rendered UI layers or frames have been discovered in Rockwell Automation equipment, MicroLogix 1100 and 1400 that can cause Denial of Service (DoS) condition or allow for Remote Code Execution (RCE). The affected versions are all versions of MicroLogix 1100, MicroLogix 1400 A 7.000 and prior, and MicroLogix 1400 B/C 21.007 and prior.
CVE ID: CVE-2022-46670 (High), CVE-2022-3166 (High)
Delta Industrial Automation has released security updates to address a command injection vulnerability in the 4G Router DX-3021 that allows adding files, deleting files, or changing file permissions. The affected versions are DX-3021L9 versions prior to V1.24.
CVE ID: CVE-2022-4616 (High)
A new exploitation method has been discovered that uses CVE-2022-41080 and CVE-2022-41082 to achieve Remote Code Execution (RCE) through Outlook Web Access.
The method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell.
Citrix has released security updates to address multiple vulnerabilities in Citrix Hypervisor that allows a privileged user in a guest VM to cause the host to become unresponsive or crash. The affected product is Citrix Hypervisor 8.2 LTSR CU1.
CVE ID: CVE-2022-3643 (Critical), CVE-2022-42328 (Medium), CVE-2022-42329 (Medium)
Red Hat has released Red Hat Advanced Cluster Security for Kubernetes (RHACS) 3.73.1 to resolve multiple bugs in RHACS 3.73.0. The affected products are Red Hat Advanced Cluster Security for Kubernetes 3 x86_64.
NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100 to address multiple vulnerabilities that can lead to code execution, Denial of Service (DoS), information disclosure, escalation of privileges, loss of data integrity, or data tampering.
CVE ID: CVE-2022-42271 (High), CVE-2022-42280 (High), CVE-2022-42281 (Medium), CVE-2022-42288 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2017-12240 (Critical), CVE-2017-12235 (High), CVE-2017-12237 (High), CVE-2017-12232 (High), CVE-2017-6627 (Medium)
Hikvision has released security updates to address an access control vulnerability in Hikvision wireless bridge products, which can be used to obtain admin permissions. The affected products are DS-3WF0AC-2NT below V1.1.0, and DS-3WF01C-2N/O below V1.0.4.
CVE ID: CVE-2022-28173 (Critical)
Prosys OPC has released security updates to address insufficiently protected credentials vulnerability in UA Simulation Server, UA Modbus Server. The affected products are Prosys OPC UA Simulation Server 5.3.0 and earlier, and Prosys OPC UA Modbus Server 1.4.18 and earlier.
CVE ID: CVE-2022-2967 (Medium)
Ubuntu has released security updates to address a use-after-free vulnerability in Linux kernel. An attacker can exploit this vulnerability to take control of an affected system. The affected product is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-42896 (Medium)
VMware has released security updates to address privilege escalation and access control vulnerabilities in VMware vRealize Operations (vROps).
CVE ID: CVE-2022-31707 (High), CVE-2022-31708 (Medium)
Samba has released security updates to address multiple vulnerabilities in its products. All versions of Samba prior to 4.15.13, 4.16.8, 4.17.4 are affected.
CVE ID: CVE-2022-38023 (High), CVE-2022-37966 (High), CVE-2022-37967 (High), CVE-2022-45141 (High), CVE-2022-42898
SHARP has released security updates to address a command injection vulnerability in SHARP Multifunctional Products (MFP). Successful exploitation can allow an arbitrary command to be executed on the affected MFP firmware.
CVE ID: CVE-2022-45796 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-42898 (Medium), CVE-2022-40750 (Medium), CVE-2022-39353 (Critical), CVE-2022-3515 (Critical), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626 (Medium), CVE-2022-39399 (Low), CVE-2022-21624 (Low), CVE-2022-40159 (High), CVE-2022-40160 (High), CVE-2022-35255 (High), CVE-2022-34917 (High), CVE-2022-37434 (High), CVE-2022-42004 (Medium), CVE-2022-40154 (Medium)
Debian has released security updates to address multiple vulnerabilities in php7.3, firefox-esr, and libde265. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-21707 (Medium), CVE-2022-31625 (High), CVE-2022-31626 (High), CVE-2022-31628 (Medium), CVE-2022-31629 (Medium), CVE-2022-37454 (Critical), CVE-2022-46872, CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882 (Medium), CVE-2020-21599 (Medium), CVE-2021-35452 (Medium), CVE-2021-36408 (Medium), CVE-2021-36409 (High), CVE-2021-36410 (Medium), CVE-2021-36411 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-3872 (High), CVE-2022-39328 (High), CVE-2022-3970 (Critical), CVE-2022-43945 (High), CVE-2022-2827 (High), CVE-2022-40242 (Critical), CVE-2022-40259 (Critical), CVE-2014-0144 (High), CVE-2021-3671 (Medium), CVE-2022-39306 (High), CVE-2022-39307 (Medium), CVE-2022-31690 (High), CVE-2022-31692 (Critical)
Trend Micro has released security updates to resolve multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service.
CVE ID: CVE-2022-45797 (High), CVE-2022-45798 (High)
Weidmueller Interface has released security update to address a JavaScript injection vulnerability in its XML editing system SCHEMA ST4 online help.
CVE ID: CVE-2022-3073 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in several CODESYS products.
CVE ID: CVE-2022-22508 (Medium), CVE-2022-4048 (High), CVE-2022-31805 (Critical), CVE-2022-31806 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-41880 (Medium), CVE-2022-41900 (High), CVE-2022-39353 (Critical), CVE-2022-21626 (Medium), CVE-2022-42889 (Critical), CVE-2022-37616 (Critical), CVE-2022-42003 (Medium), CVE-2022-36067 (Critical), CVE-2022-42004 (Medium), CVE-2022-41854 (Medium), CVE-2022-25168 (High), CVE-2021-37404 (Critical), CVE-2022-1552 (High), CVE-2022-23806 (High), CVE-2018-8023 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-45939 (High), CVE-2022-3524 (High), CVE-2022-3619 (Medium), CVE-2022-3628 (Medium), CVE-2022-42895 (Medium), CVE-2022-42896, CVE-2022-43945, CVE-2022-42703, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-46341, CVE-2022-46342, CVE-2022-46340, CVE-2022-4283, CVE-2022-46344, CVE-2022-46343
Drupal has released security updates to resolve access bypass and Remote Code Execution (RCE) vulnerabilities in File (Field) Paths and H5P - Create and Share Rich Content & Applications projects respectively, a third-party libraries used in it.
Google has released Beta channel 109.0.5414.41 (Platform version: 15236.35.0) for most ChromeOS devices, Beta channel 109.0.5414.46 for Windows, Mac and Linux, Chrome Beta 109 (109.0.5414.46) for iOS, Chrome Beta 109 (109.0.5414.44) for Android and LTS channel 102.0.5005.193 (Platform Version: 14695.166.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-4178 (High), CVE-2022-4179 (High), CVE-2022-4181 (High), CVE-2022-4135 (High)
NETGEAR has released a security update to address multiple vulnerabilities in RAX30. The affected versions are RAX30 1.0.9.92.
CVE ID: CVE-2021-44141 (Medium), CVE-2022-0778 (High)
Debian has released a security update to resolve multiple vulnerabilities in Git package that can cause execution of arbitrary commands, leak information from the local filesystem and can bypass restricted shell.
CVE ID: CVE-2022-24765 (High), CVE-2022-29187 (High), CVE-2022-39253, CVE-2022-39260 (High)
OpenSSL has released security updates to address policy constraints double locking vulnerability in its products. The affected versions are OpenSSL 3.0.0 to 3.0.7.
CVE ID: CVE-2022-3996 (High)
SonicWall has released security updates to address an arbitrary file deletion vulnerability in Sonicwall Capture Client via SentinelOne Agent that can cause escalate privileges escalation and can delete files. The affected versions are versions before SentinelOne Agent for Windows 22.3.
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Redmine has released a security update to address a cross-site scripting vulnerability in it. All versions of Redmine are affected.
CVE ID: CVE-2022-44637 (Medium)
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2022-46693, CVE-2022-46692, CVE-2022-46698, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-42852, CVE-2022-46696, CVE-2022-46700, CVE-2022-46698, CVE-2022-46699, CVE-2022-42863, CVE-2022-42856
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46880 (High), CVE-2022-46872 (High), CVE-2022-46881 (High), CVE-2022-46874 (Medium), CVE-2022-46875 (Medium), CVE-2022-46882 (Medium), CVE-2022-46878 (High), CVE-2022-46879 (High), CVE-2022-46877 (Low), CVE-2022-46873 (Medium)
Cisco has released a security update to address an Unauthorized File Access vulnerability in Cisco Identity Services Engine (ISE). The affected versions are Cisco ISE 3.1, 3.2, and 3.0 and earlier.
CVE ID: CVE-2022-20822 (High)
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-45100 (High), CVE-2022-45099 (High), CVE-2022-45101 (High), CVE-2022-45095 (Medium), CVE-2022-45097 (Medium), CVE-2022-45098 (Medium), CVE-2022-45096 (Medium)
Google has released Chrome 108 (108.0.5359.128) for Android, Stable channel 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, and Chrome Stable 108 (108.0.5359.112) for iOS.
CVE ID: CVE-2022-4436 (High), CVE-2022-4437 (High), CVE-2022-4438 (High), CVE-2022-4439 (High), CVE-2022-4440 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to address a global buffer overflow vulnerability in pngcheck that can result in the execution of arbitrary code.
CVE ID: CVE-2020-35511 (High)
Mitsubishi Electric's has released security updates to resolve path transversal vulnerability in the project management function of GENESIS64. The affected versions are GENESIS64TM 10.97 to 10.97.2.
CVE ID: CVE-2022-40264 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address a critical remote arbitrary code execution vulnerability in Citrix ADC and Citrix Gateway. The affected products are Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32, Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25, Citrix ADC 12.1-FIPS before 12.1-55.291 and Citrix ADC 12.1-NDcPP before 12.1-55.291.
CVE ID: CVE-2022-27518 (Critical)
VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Access and Identity Manager, VMware vRealize Network Insight (vRNI), and VMware ESXi, Workstation, and Fusion.
CVE ID: CVE-2022-31705 (Critical), CVE-2022-31700 (High), CVE-2022-31701 (Medium), CVE-2022-31702 (Critical), CVE-2022-31703 (High)
Contec has released a security update to address an OS command injection vulnerability it its equipment- CONPROSYS HMI System (CHS). Successful exploitation can allow to send specially crafted requests that can execute commands on the server. The affected versions are CONPROSYS HMI System (CHS) 3.4.4 and prior.
CVE ID: CVE-2022-44456 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in APC Easy UPS Online Monitoring Software. The affected versions are APC Easy UPS Online Monitoring Software V2.5-GA and prior, and V2.5-GA-01-22261 and prior.
CVE ID: CVE-2022-42970 (Critical), CVE-2022-42971 (Critical), CVE-2022-42972 (High), CVE-2022-42973 (High)
Ubuntu has released security updates to address several vulnerabilities in Pillow, Vim and Containerd packages that allows to take control of an affected system.
CVE ID: CVE-2022-24303 (Critical), CVE-2022-45198 (High), CVE-2022-23471 (Medium), CVE-2022-31030 (Medium), CVE-2022-24769 (Medium), CVE-2022-24778 (High)
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-41267 (Critical), CVE-2022-41272 (Critical), CVE-2022-42889 (Critical), CVE-2022-41271 (Critical)
HP has released security updates to resolve escalation of privilege, arbitrary code execution, and information disclosure vulnerabilities in HP Security Manager.
CVE ID: CVE-2022-46358 (High), CVE-2022-46357 (High), CVE-2022-46359 (High), CVE-2022-46356 (High), CVE-2020-15522 (Medium)
A vulnerability has been discovered in IFM Moneo Appliance that allows to reset the administrator password by only supplying the serial number. The affected versions are IFM Moneo Appliance 1.9.3 and below.
CVE ID: CVE-2022-3485 (Critical)
It has been discovered that SQLite, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. The affected versions are SQLite through 3.40.0.
CVE ID: CVE-2022-46908 (Critical)
A vulnerability has been discovered in a GitHub repository that allows for the exposure of sensitive information. The affected versions are GitHub repository eventsource/eventsource prior to v2.0.2
CVE ID: CVE-2022-1650 (Critical)
Fortinet has released security updates to address a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that allow to execute arbitrary code or commands via specifically crafted requests.
CVE ID: CVE-2022-42475 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-39353 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in Squid. An attacker can exploit these vulnerabilities to take control of an affected system. The affected product is Ubuntu 16.04 ESM.
CVE ID: CVE-2016-2569 (High), CVE-2016-2570 (High), CVE-2016-2571 (High), CVE-2016-3948 (High), CVE-2018-1000024 (High), CVE-2018-1000027 (High)
Debian has released security update to address an information leak vulnerability in node-eventsource. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-1650 (Critical)
A stored cross-site scripting vulnerability has been discovered in the Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD). The affected version are Admin Smart Search 8.19.0 and below.
CVE ID: CVE-2022-46332 (Critical)
Intel has released security updates to address multiple OpenSSL related vulnerabilities in its products.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Google has released LTC-108 108.0.5359.75 (Platform Version: 15183.59.0) for most ChromeOS devices, Dev channel OS version: 15269.0.0, Browser version: 110.0.5447.0 for most ChromeOS devices, and Dev channel 110.0.5464.2 for Windows, Mac and Linux.
Buffalo has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2022-43466 (Medium), CVE-2022-43443 (Medium), CVE-2022-43486 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-35515 (Medium), CVE-2021-35516 (High), CVE-2021-35517 (Medium), CVE-2021-36090 (High)
A privilege escalation vulnerability in VMware Tools affects BIG-IP and BIG-IQ of F5. A local, non-administrative attacker can gain elevated privileges on the Guest OS system, which might affect the confidentiality and integrity of the system.
Multiple vulnerabilities such as arbitrary code execution and unauthorized access have been discovered in AMI MegaRAC SP-X Baseboard Management Controller affecting Lenovo products. AMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address these vulnerabilities.
CVE ID: CVE-2022-40259 (High), CVE-2022-40242 (High), CVE-2022-2827 (High)
Advantech has released security update to address a SQL Injection vulnerability in its equipment- iView. Successful exploitation of this vulnerability can allow an attacker to acquire credentials. The affected versions are Advantech iView management software 5.7.04.6469 and prior.
CVE ID: CVE-2022-3323 (High)
AVEVA has released security update to address a Relative Path Traversal vulnerability in its equipment- InTouch Access Anywhere. Successful exploitation of this vulnerability can allow an unauthenticated user to read files on the system. The affected versions are AVEVA InTouch Access Anywhere 2020 R2 and older.
CVE ID: CVE-2022-23854 (High)
Rockwell Automation has released security updates to address an Improper Input Validation vulnerability in its equipment- CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers. Successful exploitation of this vulnerability can allow an unauthorized user to cause denial-of-service condition on a targeted device.
CVE ID: CVE-2022-3752 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2017-11671 (Medium), CVE-2022-1941 (High), CVE-2015-5237 (High), CVE-2022-45061 (High), CVE-2022-45061 (High), CVE-2022-37454 (Critical), CVE-2016-10228 (Medium), CVE-2019-25013 (Medium), CVE-2020-27618 (Medium), CVE-2017-12132 (Medium)
Cisco has released security update to resolve an insufficient input validation vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware. The affected versions are IP Phone 7800 Series, and IP Phone 8800 Series (except Cisco Wireless IP Phone 8821).
CVE ID: CVE-2022-20968 (High)
VMware has released a security updates to address multiple vulnerabilities in VMware ESXi, VMware vCenter Server (vCenter Server), and VMware Cloud Foundation (Cloud Foundation).
CVE ID: CVE-2022-31696 (High), CVE-2022-31697 (Medium), CVE-2022-31698 (Medium), CVE-2022-31699 (Medium)
Google has released Beta channel 109.0.5414.36 for Windows, Mac and Linux, Chrome Dev 110 (110.0.5462.3) for Android, Chrome Beta 109 (109.0.5414.33) for iOS, and Chrome Beta 109 (109.0.5414.34) for Android.
Huawei has released a security update to address a denial of service vulnerability in the Wi-Fi module of the HUAWEI Smart WiFi Router. The affected version is HUAWEI WS7100-20 Smart WiFi Router.
CVE ID: CVE-2022-46740 (Medium)
GitLab has released Community Edition and Enterprise Edition version 15.5.6 to resolve a number of regressions and bugs in 15.5 release and prior versions.
A vulnerability has been discovered in Markdown Preview Enhanced for VSCode and Atom that allows to execute arbitrary commands during the GFM export process. The affected versions are Markdown Preview Enhanced v0.6.5 and v0.19.6.
CVE ID: CVE-2022-45026 (Critical)
A command injection vulnerability via the PDF file import function has been discovered in Markdown Preview Enhanced for VSCode and Atom that allows to execute arbitrary commands during the GFM export process. The affected versions are Markdown Preview Enhanced v0.6.5 and v0.19.6.
CVE ID: CVE-2022-45025 (Critical)
A SQL injection vulnerability has been discovered in Simple Phone Book/Directory Web App. The affected version is Simple Phone Book/Directory Web App v1.0.
CVE ID: CVE-2022-45010 (Critical)
An unsafe evaluation of user controlled input vulnerability has been discovered in pdfmake. The affected versions are pdfmake 0.2.5 and below.
CVE ID: CVE-2022-46161 (Critical)
A vulnerability has been discovered in the Web Client component of TIBCO Software Inc that allows to exploit an open redirect on the affected system. The affected version is TIBCO Software Inc.'s TIBCO Nimbus 10.5.0.
CVE ID: CVE-2022-41559 (Critical)
An authentication-bypass vulnerability has been discovered in Mega System Technologies Inc MSNSwitch. The affected version is Mega System Technologies Inc MSNSwitch MNT.2408.
CVE ID: CVE-2022-32429 (Critical)
A vulnerability has been discovered in Open Web Analytics (OWA) that allows to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. The affected versions are Open Web Analytics before 1.7.4.
CVE ID: CVE-2022-24637 (Critical)
Wireshark has released security updates to address a memory exhaustion vulnerability in Kafka dissector. The affected versions are Wireshark 4.0.0 to 4.0.1, 3.6.0 to 3.6.9.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-12-05 or later, address all of these issues.
Access bypass vulnerability has been discovered in Entity Registration, a third-party library used by Drupal. The affected versions are Entity Registration 7.1.0 and below 7.1.9. The updates are available.
A privilege escalation vulnerability has been discovered in Ivanti EPM that allows to execute commands with elevated privileges.
CVE ID: CVE-2022-27773 (Critical)
A vulnerability has been discovered in firewall rule which allows all incoming TCP connections to all programs from any source and to all ports that are created in Windows Firewall after Zabbix agent installation (MSI).
CVE ID: CVE-2022-43516 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-46682 (High), CVE-2022-46683 (Medium), CVE-2022-46684 (High), CVE-2022-46685 (Medium), CVE-2022-46686 (High), CVE-2022-46687 (High), CVE-2022-46688 (Medium)
Google has released Stable channel 108.0.5359.98 for Mac and Linux and 108.0.5359.98/.99 for Windows, and Extended Stable channel 108.0.5359.99 for Windows and 108.0.5359.98 for Mac.
An arbitrary file upload vulnerability has been discovered in YITH WooCommerce Gift Cards premium plugin for WordPress. The affected versions are YITH WooCommerce Gift Cards premium plugin 3.19.0 and below.
CVE ID: CVE-2022-45359 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in simple-git package. The affected versions are simple-git before 3.15.0.
CVE ID: CVE-2022-25912 (Critical)
A Remote Code Execution (RCE) vulnerability due to improper user input validation has been discovered in gitpython package. All versions of gitpython package are affected.
CVE ID: CVE-2022-24439 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in MobaXterm. The affected versions are MobaXterm before v22.1.
CVE ID: CVE-2022-38337 (Critical)
An improper authentication vulnerability has been discovered in Veeam Backup for Google Cloud v1.0 and v3.0 that allows attackers to bypass authentication mechanisms.
CVE ID: CVE-2022-43549 (Critical)
Debian has released security updates to address multiple vulnerabilities in node-log4js, node-json-schema, and ruby-rails-html-sanitizer. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21704 (Medium), CVE-2021-3918 (Critical), CVE-2022-32209 (Medium)
Ubuntu has released security updates to address multiple vulnerabilities in NumPy package. An attacker can exploit these vulnerabilities to take control of an affected system. The affected products are Ubuntu 22.10 Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
CVE ID: CVE-2021-33430 (Medium), CVE-2021-34141 (Medium), CVE-2021-41495 (Medium), CVE-2021-41496 (Medium)
Cacti has released security update to address a command injection vulnerability that allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source is selected for any monitored device.
CVE ID: CVE-2022-46169 (Critical)
An out-of-bounds read vulnerability has been discovered in the snmp process of Mikrotik RouterOs. The affected versions are Mikrotik RouterOs before stable v7.6.
CVE ID: CVE-2022-45315 (Critical)
An out-of-bounds read vulnerability has been discovered in the hotspot process of Mikrotik RouterOs. The affected versions are Mikrotik RouterOs before stable v7.5.
CVE ID: CVE-2022-45313 (Critical)
An OS command injection vulnerability has been discovered in Nako3edit. The affected versions are Nako3edit (PC Version) v3.3.74 and below.
CVE ID: CVE-2022-42496 (Critical)
An OS command injection vulnerability has been discovered in Nako3edit. The affected versions are Nadesiko3 (PC Version) v3.3.61 and below.
CVE ID: CVE-2022-41642 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in U-Boot package. An attacker can exploit these vulnerabilities to take control of an affected system. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-2347 (High), CVE-2022-30552 (Medium), CVE-2022-30790 (High), CVE-2022-30767 (Critical), CVE-2022-33103 (High), CVE-2022-33967 (High), CVE-2022-34835 (Critical)
Dell has released a security update to resolve a Spring Framework vulnerability in Dell NetWorker. The affected versions are NetWorker prior to 19.7.
CVE ID: CVE-2022-22950 (Medium)
Multiple OpenSSL related vulnerabilities have been discovered in Hitachi Energy's Equipment- Network Manager Process Communication Unit PCU400 product. Security updates/mitigations are available.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Zyxel has released security updates to address a reflected XSS vulnerability in the CGI program of its firewall that allow to trick a user into visiting a crafted URL with the XSS payload.
CVE ID: CVE-2022-40603
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Intel has released security updates to address escalation of privilege, and information disclosure vulnerabilities in Intel Server Boards BMC Firmware. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40242 (High), CVE-2022-2827 (High)
Google has released Dev channel 110.0.5449.3 for Windows, and Dev channel OS version: 15263.0.0, Browser version: 110.0.5447.0 for most ChromeOS devices.
Microsoft has released Microsoft Edge Stable Channel (Version 108.0.1462.42) to resolve multiple vulnerabilities. This update contains a fix for CVE-2022-4262, which has an exploit in the wild.
CVE ID: CVE-2022-4262 (High), CVE-2022-41115 (Medium), CVE-2022-44688 (Medium), CVE-2022-44708 (High)
A heap-based buffer overflow vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository vim/vim prior to 9.0.0742.
CVE ID: CVE-2022-3491 (Critical)
A command injection vulnerability via the System Checks function has been discovered in D-Link. The affected version is D-Link DHP-W310AV 3.10EU.
CVE ID: CVE-2022-44930 (Critical)
An access control vulnerability has been discovered in D-Link that allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. The affected version is D-Link DVG-G5402SP GE_1.03.
CVE ID: CVE-2022-44929 (Critical)
A command injection vulnerability via the Maintenance function has been discovered in D-Link. The affected version is D-Link DVG-G5402SP GE_1.03.
CVE ID: CVE-2022-44928 (Critical)
An unauthenticated command injection vulnerability has been discovered in the product license validation function of Telos Alliance Omnia MPX Node. The affected versions are Telos Alliance Omnia MPX Node 1.3.* - 1.4.*.
CVE ID: CVE-2022-43325 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Telenia Software s.r.l TVox. The affected versions are Telenia Software s.r.l TVox before v22.0.17.
CVE ID: CVE-2022-43333 (Critical)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46391, CVE-2020-8287 (Medium), CVE-2018-11490 (High), CVE-2019-15133 (Medium), CVE-2022-0235 (Medium), CVE-2018-16472 (High), CVE-2021-23518 (Critical)
Contec Co. has released security updates to address a cross-site scripting vulnerability in SolarView Compact. The affected versions are SolarView Compact SV-CPT-MC310 prior to Ver.8.02, and SV-CPT-MC310F prior to Ver.8.02.
CVE ID: CVE-2022-44355 (Medium)
Debian has released security updates to address multiple vulnerabilities in clamav, and jhead. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-34055 (High), CVE-2022-41751 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Chrome 108 (108.0.5359.79) for Android, and Stable channel 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows. This update contains a fix for CVE-2022-4262, which has an exploit in the wild.
CVE ID: CVE-2022-4262 (High)
Remote Code Execution vulnerability has been discovered in Zenario CMS. The affected version is Zenario CMS 9.3.57186.
CVE ID: CVE-2022-44136 (Critical)
It has been discovered that Gitea does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. The affected versions are Gitea before 1.17.3.
CVE ID: CVE-2022-42968 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in several products.
CVE ID: CVE-2022-44620 (High), CVE-2022-44606 (High), CVE-2022-43464 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Stable channel 108.0.5359.75 (Platform version: 15183.59.0) for most ChromeOS, Beta channel 109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS devices, Chrome Dev 110 (110.0.5448.3) for Android, Dev Channel 110.0.5449.0 for Mac and Linux, Windows, Chrome 109.0.5414.25 Beta channel for Windows, Mac and Linux, Dev channel 109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS devices, Chrome Beta 109 (109.0.5414.23) for Android, and Chrome Beta 109 (109.0.5414.25) for iOS.
CVE ID: CVE-2022-4176 (High)
Cuba ransomware actors are targeting critical sectors by exploiting an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver to steal system tokens , and the ZeroLogon vulnerability to gain Domain Administrative privileges.
It has been discovered that BD's equipment- BodyGuard infusion pumps allow for access through the RS-232 (serial) port interface. Successful exploitation can allow change in configuration settings or disable the pump.
CVE ID: CVE-2022-43557 (Medium)
Multiple vulnerabilities have been discovered in Horner Automation's equipment- Remote Compact Controller (RCC) 972. Successful exploitation can allow to obtain credentials of the affected device and obtain complete control. The mitigations are available.
CVE ID: CVE-2022-2640 (High), CVE-2022-2641 (Critical), CVE-2022-2642 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-3859 (High), CVE-2021-3975 (Medium), CVE-2022-41316 (Medium), CVE-2022-42898 (Medium), CVE-2021-25642 (High)
It has been discovered that a vulnerability in the use of functions of an undocumented protocol in multiple products by Festo can lead to a complete loss of confidentiality, integrity and availability.
CVE ID: CVE-2022-3270 (Critical)
A SQL injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository owncast/owncast prior to 0.0.13.
CVE ID: CVE-2022-3751 (Critical)
An unrestricted file upload vulnerability via a crafted php file has been discovered in SolarView Compact. The affected versions are SolarView Compact 4.0 and 5.0.
CVE ID: CVE-2022-44354 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Russound XSourcePlayer. The affected version is Russound XSourcePlayer 777D v06.08.03.
CVE ID: CVE-2022-44038 (Critical)
Grails Spring Security Core has released security updates to address a privilege escalation vulnerability in its plugin.
CVE ID: CVE-2022-41923 (Critical)
UNIMO Technology has released a security update to address multiple vulnerabilities in its several digital video recorders. The affected products are UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier.
CVE ID: CVE-2022-44620 (High), CVE-2022-44606 (High), CVE-2022-43464 (High)
Ubuntu has released security updates to address a race condition vulnerability in the snapd package that can cause privilege escalation and execution of arbitrary code. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
CVE ID: CVE-2022-3328
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20867 (High), CVE-2022-20868 (High), CVE-2022-20922 (Medium), CVE-2022-20943 (Medium)
Mozilla has released a security update to address a vulnerability in Thunderbird 102.5.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-45414 (Medium)
Google Chrome has released LTS channel 102.0.5005.189 (Platform Version: 14695.155.0) for most ChromeOS devices, dev channel 109.0.5414.25 for Windows, Mac and Linux, and Chrome Dev 109 (109.0.5414.23) for Android.
Huawei has released a security update to address an improper authorization vulnerability in Huawei Aslan Children's Watch that allow the attacker to access certain file.
CVE ID: CVE-2022-45874 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
An arbitrary code execution vulnerability has been discovered in Badaso. The affected version is Badaso version 2.6.3.
CVE ID: CVE-2022-41705 (Critical)
An authentication bypass vulnerability has been discovered in the WebConfig functionality of Epson TM-C3500 and TM-C7500 devices. The affected version is for Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500.
CVE ID: CVE-2022-36133 (Critical)
An improper restriction of excessive authentication attempts vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository, wger-project/wger prior to 2.2.
CVE ID: CVE-2022-2650 (Critical)
A path traversal vulnerability has been discovered in Pilz PASvisu Server. The affected versions are Pilz PASvisu Server before 1.12.0.
CVE ID: CVE-2022-40977 (Critical)
A vulnerability has been discovered in iTerm2 that mishandles a DECRQSS response. The affected versions are iTerm2 before 3.4.18.
CVE ID: CVE-2022-45872 (Critical)
CODESYS has released security updates to address an inadequate encryption strength vulnerability in CODESYS Development System V3. All CODESYS Development System V3 versions prior to V3.5.18.40 are affected.
CVE ID: CVE-2022-4048 (High)
Multiple vulnerabilities have been discovered in Omron's Equipment- PLC CJ and CS Series. All versions of Omron PLC CJ series, and Omron PLC CS series are affected. Mitigations are available.
CVE ID: CVE-2019-18259 (Medium), CVE-2019-13533 (High), CVE-2019-18269 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2016-2775 (Medium), CVE-2016-6170 (Medium), CVE-2022-39377 (Critical), CVE-2022-3625 (High), CVE-2022-39188 (Medium), CVE-2022-3028 (High), CVE-2022-20422 (High), CVE-2022-42719 (High), CVE-2022-2978 (High), CVE-2022-2153 (Medium), CVE-2022-40768 (Medium), CVE-2022-29901 (Medium), CVE-2022-3635 (High), CVE-2022-41222 (High), CVE-2022-42703 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A Cross Site Scripting (XSS) vulnerability has been discovered in Orchardproject Orchard CMS. The affected version is Orchardproject Orchard CMS 1.10.3.
CVE ID: CVE-2022-37720 (Critical)
An OS command injection vulnerability has been discovered in Apache Airflow Pig Provider. The affected versions are Apache Airflow Pig Provider prior to 4.0.0. Mitigation is available.
CVE ID: CVE-2022-40189 (Critical)
A double free vulnerability has been discovered in Regexp compiler for Ruby. The affected versions are Regexp compiler for Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
CVE ID: CVE-2022-28738 (Critical)
Mitsubishi Electric's has released security updates to resolve Denial of Service (DoS) vulnerability in Mitsubishi Electric's equipment- MELSEC iQ-R Ethernet Interface Module. The affected products are MELSEC iQ-R Series products, RJ71EN71 Firmware version 65 & prior & R04/08/16/32/120ENCPU Network Part Firmware version 65 & prior.
CVE ID: CVE-2022-40265 (High)
NVIDIA has released security updates for NVIDIA GPU Display Driver to address multiple vulnerabilities that can lead to code execution, Denial of Service (DoS), information disclosure, escalation of privileges, or data tampering.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has released Microsoft Edge Stable Channel (Version 107.0.1418.62) and Microsoft Edge Extended Stable Channel (Version 106.0.1370.86) to resolve multiple vulnerabilities.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
CVE ID: CVE-2022-33187 (Medium), CVE-2022-42898 (Medium), CVE-2022-43933 (Medium), CVE-2022-43934 (Medium), CVE-2022-43935 (Medium), CVE-2022-43936 (Medium)
An arbitrary code execution vulnerability has been discovered in PyTorch. The affected versions are PyTorch before trunk/89695.
CVE ID: CVE-2022-45907 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Fusiondirectory. The affected version is Fusiondirectory 1.3.
CVE ID: CVE-2022-36180 (Critical)
An out-of-bounds read vulnerability has been discovered in the BGP daemon of FRRouting FRR that can lead to a segmentation fault and Denial of Service (DoS). The affected versions are FRRouting FRR before 8.4.
CVE ID: CVE-2022-37032 (Critical)
NTT DATA Corporation has released security updates to address a ClassLoader manipulation vulnerability in TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich). The affected versions are TERASOLUNA Global Framework 1.0.0 (Public review version), and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1.
CVE ID: CVE-2022-43484 (Critical)
Debian has released security updates to address multiple vulnerabilities in twisted, and frr packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-39348 (Medium), CVE-2022-37032 (Critical)
Moxa has released security updates to resolve an improper input validation vulnerability in Moxa EDR and TN Series routers. Successful exploitation can cause a buffer overflow that crashes the web service.
Debian has released security updates to address multiple vulnerabilities in jackson-databind, and varnish. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-11653 (High), CVE-2022-45060 (High), CVE-2020-36518 (High), CVE-2022-42003 (High), CVE-2022-42004 (High)
A pre-authentication buffer overflow vulnerability has been discovered in TOTOLINK LR350. The affected version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
CVE ID: CVE-2022-44255 (Critical)
A SQL Injection vulnerability has been discovered in Apartment Visitor Management System. The affected version is Apartment Visitor Management System v1.0.
CVE ID: CVE-2022-44139 (Critical)
A command injection vulnerability has been discovered in Alarm instance management. The affected versions are Alarm instance management below 2.0.6. Security updates are available.
CVE ID: CVE-2022-45462 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Mitel MiCollab. The affected versions are Mitel MiCollab through 9.6.0.13.
CVE ID: CVE-2022-41326 (Critical)
Juniper Networks has released security updates to address use after free vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that can cause Denial of Service (DoS).
CVE ID: CVE-2022-22208 (Medium)
Omron has released security update to address use after free, out of bounds write, and stack-based buffer overflow vulnerabilities in OMRON CX-Programmer. The affected versions are CX-Programmer v.9.77 and earlier.
CVE ID: CVE-2022-43508 (High), CVE-2022-43509 (High), CVE-2022-43667 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released Chrome 107 (107.0.5304.141) for Android, Extended Stable 106.0.5249.199 for Windows & Mac, and Stable channel 107.0.5304.121 for Mac & Linux and 107.0.5304.121/.122 for Windows to resolve a heap buffer overflow vulnerability.
CVE ID: CVE-2022-4135 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-42003 (High), CVE-2022-41323 (High), CVE-2022-31123 (High), CVE-2021-3770 (High)
TP-Link has released security update to address an improper process of input vulnerability in tdpServer of TP-Link RE300 V1. The affected versions are TP-Link RE300 V1 firmware prior to 221009.
CVE ID: CVE-2022-41783 (Medium)
Improper Authentication and Improper Input Validation vulnerabilities have been discovered in Moxa routers. Moxa has developed appropriate solutions to address these vulnerabilities.
CVE ID: CVE-2022-41758, CVE-2022-41759
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- GOT2000 Series, MELSEC iQ-R/F/L Series, and MELSEC iQ-R Series. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40266 (Medium), CVE-2022-25164 (High), CVE-2022-29825 (Medium), CVE-2022-29826 (Medium), CVE-2022-29827 (Medium), CVE-2022-29828 (Medium), CVE-2022-29829 (Medium), CVE-2022-29830 (Critical), CVE-2022-29831 (High), CVE-2022-29832 (Low), CVE-2022-29833 (Medium)
It has been discovered that Contact Form 7 Database Addon WordPress plugin does not validate data when output it back in a CSV file, which can lead to CSV injection. The affected versions are Contact Form 7 Database Addon WordPress plugin before 1.2.6.5.
CVE ID: CVE-2022-3634 (Critical)
Block BYPASS vulnerability has been discovered in iQ Block Country plugin for WordPress. The affected versions are iQ Block Country plugin 1.2.18 and below.
CVE ID: CVE-2022-41155 (Critical)
Remote code execution vulnerability has been discovered in Linaro Automated Validation Architecture (LAVA). The affected versions are LAVA before 2022.11.1.
CVE ID: CVE-2022-45132 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3550 (High), CVE-2022-3551 (Medium), CVE-2022-43680 (High), CVE-2017-12618 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20961 (High), CVE-2022-3602 (High), CVE-2022-3786 (High), CVE-2022-20963 (Medium), CVE-2022-20962 (Medium)
Dell has released security updates to resolve multiple vulnerabilities in Dell Cloud Tiering Appliance (CTA). All versions of CTA 13.1 and CTA 13.2 are affected.
Huawei has released security updates to address improper input validation, and insufficient authentication vulnerabilities in Huawei Aslan Children's Watch, and Huawei band products respectively.
CVE ID: CVE-2022-39012 (High), CVE-2022-41579 (High)
Foxit has released an updated Foxit PDF Editor for Mac 11.1.4, to resolve multiple vulnerabilities in Foxit PDF Editor for Mac 11.1.3.0920 and earlier for macOS.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to resolve multiple parsing error vulnerability in the mp4 module of Nginx, which can result in denial of service, memory disclosure or execution of arbitrary code when processing a malformed mp4 file.
CVE ID: CVE-2021-3618 (High), CVE-2022-41741 (High), CVE-2022-41742 (High)
It has been discovered that BIG-IP and BIG-IQ of F5 are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
CVE ID: CVE-2022-41622 (High)
Zyxel has released security update to address a pre-configured password vulnerability in its LTE indoor router LTE3301-M209. The affected versions are LTE3301-M209 V1.00(ABLG.4)C0 and earlier.
CVE ID: CVE-2022-40602
A Cross Site Scripting (XSS) vulnerability has been discovered in Beekeeper Studio that allows to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. The affected version is Beekeeper Studio v3.6.6.
CVE ID: CVE-2022-43143 (Critical)
An use-after-free vulnerability has been discovered in drachtio-server. The affected version is drachtio-server 0.8.18.
CVE ID: CVE-2022-45474 (Critical)
A vulnerability has been discovered in DLINK router that can inject a command through an interface that can run with ROOT permissions on the router.
CVE ID: CVE-2022-36786 (Critical)
It has been discovered that a vulnerability in Pillow allows to delete files because spaces in temporary pathnames are mishandled. The affected versions are Pillow before 9.0.1.
CVE ID: CVE-2022-24303 (Critical)
AVEVA has released a security update to address multiple vulnerabilities in its Edge equipment. Successful exploitation of these vulnerabilities can allow an attacker to insert malicious DLL files and trick the application into executing code. The affected versions are AVEVA Edge 2020 R2 SP1, AVEVA Edge 2020 R2 SP1 w/ HF 2020.2.00.40, and AVEVA Edge 2020 R2 and all prior versions.
CVE ID: CVE-2016-2542 (High), CVE-2021-42794 (Medium), CVE-2021-42796 (Critical), CVE-2021-42797 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE ID: CVE-2022-39377 (Critical), CVE-2022-39316 (High), CVE-2022-39283 (High), CVE-2022-39317, CVE-2022-39282 (High), CVE-2022-39347(High), CVE-2022-39318 (High), CVE-2022-39320, CVE-2022-39319 (Critical)
Poenix Contact has releasedh a security update to address improper restriction of operations within the bounds of a memory buffer, and out-of-bounds read vulnerabilities in its Automation Worx Software Suite equipment. The affected components of Automation Worx Software Suit are Config+ versions 1.89 and prior, PC Worx versions 1.89 and prior and PC Worx Express versions 1.89 and prior.
CVE ID: CVE-2022-3461 (High), CVE-2022-3737 (High)
Multiple vulnerabilities have been discovered in GE's equipment- CIMPLICITY that can crash the device being accessed or allow arbitrary code execution. The affected versions are CIMPLICITY versions 2022 and prior.
CVE ID: CVE-2022-3084 (High), CVE-2022-2952 (High), CVE-2022-2948 (High), CVE-2022-2002 (High), CVE-2022-3092 (High)
Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in Digital Alert Systems equipment- DASDEC. Successful exploitation can result in false alerts being issued to broadcast or cable sites that are immediately connected to the compromised system.
CVE ID: CVE-2019-18265 (Medium), CVE-2022-40204 (Medium)
Moxa has released security updates to resolve an improper privilege management vulnerability in its Arm-based Computer- UC and DA Series, and AIG-300 Series.
CVE ID: CVE-2022-3088 (High)
Moodle has released security updates to address multiple vulnerabilities in several products.
CVE ID: CVE-2022-45152, CVE-2022-45151, CVE-2022-45150, CVE-2022-45149, CVE-2021-23414
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-35737 (High), CVE-2022-2929 (Medium), CVE-2022-2928 (High), CVE-2017-6888 (Medium), CVE-2020-0499 (Medium), CVE-2021-0561 (Medium), CVE-2022-39260 (High), CVE-2022-39253 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An insufficient session expiration vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository librenms/librenms prior to 22.10.0.
CVE ID: CVE-2022-4070 (Critical)
An arbitrary system commands execution vulnerability has been discovered in BACKCLICK Professional. The affected version is BACKCLICK Professional 5.9.63.
CVE ID: CVE-2022-44000 (Critical)
A heap based buffer overflow vulnerability has been discovered in the HTTP server functionality of Micrium uC-HTTP that allows Remote Code Execution (RCE) via HTTP request. The affected version is Micrium uC-HTTP 3.01.01.
CVE ID: CVE-2022-24942 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy Fileman. The affected version is Roxy Fileman 1.4.6.
CVE ID: CVE-2022-40797 (Critical)
Cradlepoint has released a security update to address a command injection vulnerability in its IBR600. The affected versions are Cradlepoint IBR600 NetCloud OS (NCOS) 6.5.0.160bc2e and prior.
CVE ID: CVE-2022-3086 (High)
Palo Alto Networks has released security updates to resolve a local privilege escalation vulnerability in Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system.
CVE ID: CVE-2022-0031 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
CVE ID: CVE-2022-21831 (Critical), CVE-2022-22577 (Medium), CVE-2022-40664 (Critical), CVE-2022-42004 (High), CVE-2022-43680 (High)
A vulnerability has been discovered in Atlassian Crowd that allows to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. The affected products are Atlassian Crowd versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3.
CVE ID: CVE-2022-43782 (Critical)
A command injection vulnerability has been discovered in Bitbucket Server and Data Center that allows execution of arbitrary code on the affected system.
CVE ID: CVE-2022-43781 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in BACKCLICK Professional. The affected version is BACKCLICK Professional 5.9.63.
CVE ID: CVE-2022-44006 (Critical)
Hive ransomware functions as a Ransomware-as-a-Service (RaaS) is exploiting Microsoft Exchange Server vulnerabilities to gain initial access to compromise systems of businesses and critical infrastructure sectors, including government facilities, communications sector, critical manufacturing, Information Technology (IT), and especially Healthcare and Public Health (HPH).
CVE ID: CVE-2021-31207(High), CVE-2021-34473 (Critical), CVE-2021-34523(Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Red Lion Controls has released security updates to address a path traversal vulnerability in its Crimson equipment. The affected versions are Crimson 3.0 version 707.000 and prior, Crimson 3.1 version 3126.001 and prior, and Crimson 3.2 version 3.2.0044.0 and prior.
CVE ID: CVE-2022-3090 (High)
Mitsubishi Electric has released security updates to resolve a malicious code execution vulnerability in multiple software products.
CVE ID: CVE-2020-14521
Six Apart has released security updates to resolve multiple vulnerabilities in Movable Type several versions.
CVE ID: CVE-2022-45113, CVE-2022-45122, CVE-2022-43660
It has been discovered that Netatalk version 3.1.12, contains multiple error and memory management vulnerabilities that can cause Remote Code Execution (RCE) as well as out-of-bounds read.
CVE ID: CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125
A SQL injection vulnerability via the password parameter has been discovered in Human Resource Management System v1.0.
CVE ID: CVE-2022-43262 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Cisco Identity Services Engine (ISE) that can allow injection of arbitrary operating system commands, bypass security protections, and conduct Cross Site Scripting (XSS) attacks.
CVE ID: CVE-2022-20964, CVE-2022-20965, CVE-2022-20966, CVE-2022-20967
Sophos has released security updates to resolve an XML External Entity (XEE/XXE) vulnerability in Sophos Mobile managed on-premises that allows Server-Side Request Forgery (SSRF) and potential code execution.
CVE ID: CVE-2022-3980 (Critical)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- MicroSCADA Pro/X SYS600, and IED Connectivity Packages and PCM600 products. Security updates/mitigations are available.
CVE ID: CVE-2022-3388 (High), CVE-2022-2513 (High)
Debian has released a security update to resolve several vulnerabilities in Mozilla Firefox ESR package.
CVE ID: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
Dell has released security updates to resolve multiple vulnerabilities in its products. The affected products are Dell Integrated System for Microsoft Azure Stack Hub versions before 2210 , Dell Command | Update versions before 4.7.0 and Dell Update /Alienware Update versions before 4.7.0.
PHOENIX CONTACT has released a security update to resolve Denial of Service (DoS) vulnerability in PHOENIX CONTACT FL MGUARD and TC MGUARD devices.
CVE ID: CVE-2022-3480
PHOENIX CONTACT has released security update to resolve automationworx BCP File Parsing Vulnerability in Config+, PC Worx & PC Worx Express products that can lead to a heap buffer overflow, release of unallocated memory or a read access violation due to insufficient validation of input data.
CVE ID: CVE-2022-3461(High), CVE-2022-3737(High)
Mozilla has released updated Thunderbird 102.5, Firefox ESR 102.5 and Firefox 107 to resolve multiple vulnerabilities. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45407,CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45413, CVE-2022-45415, CVE-2022-45416, CVE-2022-45417, CVE-2022-45418, CVE-2022-45419, CVE-2022-45420, CVE-2022-45421, CVE-2022-40674
Ubuntu has released security updates to resolve multiple vulnerabilities in several products.
CVE ID: CVE-2022-40023, CVE-2020-16845, CVE-2022-41741, CVE-2022-41742
Debian has released a security update to resolve several vulnerabilities in Wordpress package that allow SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
Debian has released a security update to resolve several vulnerabilities in GRUB2 package which can result in crashes and potentially execution of arbitrary code.
CVE ID: CVE-2022-2601, CVE-2022-3775
Debian has released a security update to resolve parsing errors in the mp4 module of Nginx package which can result in Denial of Service (DoS), memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.
CVE ID: CVE-2022-41741, CVE-2022-41742.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to resolve multiple vulnerabilities in the PowerPath Management Appliance.
CVE ID: CVE-2022-34446, CVE-2022-34447, CVE-2022-34448, CVE-2022-34449, CVE-2022-34450, CVE-2022-34451, CVE-2022-34452
Multiple vulnerabilities have been discovered in several Zoom products. The affected products are Zoom Rooms Installer for Windows before version 5.12.6, Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6, Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6, Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6 and Zoom Rooms for Conference Room for Windows (32-bit) prior to 5.12.6
CVE ID: CVE-2022-28766, CVE-2022-28768, CVE-2022-36924
ABB has released a security update to resolve cleartext credentials vulnerability in ABB protection and control IED manager PCM600. The affected versions are PCM600 2.11 and previous versions, including hotfixes prior to 20220923.
CVE ID: CVE-2022-2513
It has been discovered that Samba's Kerberos libraries and AD DC fail to guard against integer overflows when parsing a PAC on a 32-bit system. Successful exploitations with a forged PAC can corrupt the heap. The affected products are all versions of Samba prior to 4.15.12, 4.16.7, 4.17.3.
CVE ID: CVE-2022-42898
A realtek chip deadlock vulnerability has been discovered in multiple consumer electronics products provided by Mitsubishi Electric Corporation when processing Wi-Fi connection using the access point mode.
CVE ID: CVE-2022-34326 (High)
An arbitrary command execution vulnerability due to OpenSSL vulnerability has been discovered in GT SoftGOT2000. An attacker could execute malicious OS commands by sending a specially crafted certificate.
CVE ID: CVE-2022-2068 (Critical)
The missing authentication for critical function and path traversal vulnerabilities have been discovered in Hitachi Kokusai Network products for monitoring systems (Camera, Encoder, Decoder). The affected products are camera HC, KV, KP series, encoders VG, PT series and decoders PT series. Security updates are available.
CVE ID: CVE-2022-37680(High) , CVE-2022-37681 (High)
A ClassLoader manipulation vulnerability has been discovered in TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) which is contained in Spring Framework. NTT DATA Corporation has released security updates to resolve the vulnerability.
CVE ID: CVE-2022-43484
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An insufficient access control vulnerability has been discovered in the web-based management interface of Cisco Identity Services Engine (ISE).
CVE ID: CVE-2022-20956 (High)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) software. Security updates are available.
CVE ID: CVE-2022-20959
Debian has released a security update to address a buffer overflow vulnerability in the xorg-server package, which can result in Denial of Service (DoS) or potentially the execution of arbitrary code.
CVE ID: CVE-2022-3550 (High) , CVE-2022-3551 (High)
Debian has released security updates to address buffer overflow vulnerability in the php7.4 package, which can result in Denial of Service (DoS) , information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
CVE ID: CVE-2022-31630, CVE-2022-37454 (Critical) , CVE-2022-31629 (Medium), CVE-2022-31628 (Medium)
Pulse Secure has released security updates to resolve multiple vulnerabilities in its products. The affected products are Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Gateway in versions prior to 22.3R1.
CVE ID: CVE-2022-35254,CVE-2022-35258 (High)
Debian has released a security update to address a heap-based buffer overflow vulnerability in the pixman package, which can result in Denial of Service (DoS) or potentially the execution of arbitrary code.
CVE ID: CVE-2022-44638 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
MOXA has released security updates to address multiple vulnerabilities in its equipment- VPort Series. Successful exploitation of the improper input validation control can allow a remote attacker to cause the RTSP service to crash.
CVE ID: CVE-2022-38157, CVE-2022-38158, CVE-2022-38159
Ubuntu has released security updates to address several vulnerabilities in WavPack, and Firefox. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-2476 (Medium), CVE-2022-42927 (High), CVE-2022-42928 (High), CVE-2022-42929 (Medium), CVE-2022-42930 (Medium), CVE-2022-42932 (Medium)
Dell has released security updates for Dell Secure Connect Gateway (SCG) Policy Manager, Dell Secure Connect Gateway, and Dell Client to address multiple vulnerabilities that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-34440 (High), CVE-2022-34441 (High), CVE-2022-34442 (High), CVE-2022-34462 (High), CVE-2022-28667, CVE-2022-26047
Active Debug Code vulnerability has been discovered in Omron's Equipment- NJ/NX-series Machine Automation Controllers. Successful exploitation of this vulnerability can allow an attacker to obtain unauthorized access to the device and cause the device to be in an “out of service” state or execute a malicious program on the device.
CVE ID: CVE-2022-33971 (High)
Multiple vulnerabilities such as Hard-coded Credentials, and Authentication Bypass by Capture-replay have been discovered in Omron's Equipment- NJ/NX-series Controllers and Software. Successful exploitation of these vulnerabilities can allow an attacker to bypass authentication in the communications connection process to login and operate the controller products without authorization.
CVE ID: CVE-2022-34151 (Critical), CVE-2022-33208 (High)
Google has released Dev channel 109.0.5410.0 for Windows, Mac and Linux, Stable channel 107.0.5304.110 (Platform version: 15117.111.0/15117.112.0) for most ChromeOS devices, Chrome Beta 108 (108.0.5359.40) for iOS, and Chrome Dev 109 (109.0.5409.0) for Android.
An information exposure vulnerability has been discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows.
CVE ID: CVE-2022-28764 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that the file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.
CVE ID: CVE-2022-39036 (Critical)
An insufficient authentication vulnerability has been discovered in UPSMON Pro login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.
CVE ID: CVE-2022-38119 (Critical)
Parse Server has released security update to address a Remote Code Execution vulnerability via prototype pollution in its products. The affected versions are Parse Server prior to 4.10.18, and prior to 5.3.1 on the 5.X branch.
CVE ID: CVE-2022-39396 (Critical)
It has been discovered that lack of sand-boxing of OpenAPI documents in GitLab CE/EE allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. The affected versions are all versions of GitLab CE/EE from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.
CVE ID: CVE-2022-3726 (Critical)
Debian has released security updates to address multiple vulnerabilities in exiv2, and xorg-server. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2017-11683 (Medium), CVE-2020-19716 (Medium), CVE-2022-3756 (High), CVE-2022-3550 (Critical), CVE-2022-3551 (High)
An information disclosure vulnerability has been discovered in AIPHONE's Video Multi-Tenant System Entrance Stations. The affected products are GT-DMB-N with firmware versions prior to 3.00, GT-DMB with firmware versions prior to 3.00, GT-DMB-LVN with firmware versions prior to 3.00 and GT-DB-VN with firmware versions prior to 2.00.
CVE ID: CVE-2022-40903 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-11-05 or later, address all of these issues.
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy Fileman. The affected version is Roxy Fileman 1.4.6.
CVE ID: CVE-2022-40797 (Critical)
A privilege escalation vulnerability has been discovered in Symantec Endpoint Detection and Response (SEDR) Appliance. The affected versions are Symantec Endpoint Detection and Response Appliance prior to 4.7.0.
CVE ID: CVE-2022-37015 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
Apple has released security updates to resolve multiple vulnerabilities in macOS Ventura 13.0.1, iOS 16.1.1, and iPadOS 16.1.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40303, CVE-2022-40304
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released Chrome Beta 108 (108.0.5359.38) for Android, Beta channel 108.0.5359.40 for Windows, Mac and Linux, and Extended Stable 106.0.5249.181 for Windows and Mac.
An uncontrolled search path element vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34825 (Critical)
A weak file and folder permissions vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34824 (Critical)
A buffer overflow vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34823 (Critical)
A path traversal vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34822 (Critical)
A CSV injection vulnerability has been discovered in Activity Log Team Activity Log for WordPress. The affected versions are Activity Log Team Activity Log 2.8.3 and below for WordPress.
CVE ID: CVE-2022-27858 (Critical)
A vulnerability has been discovered in QMS Automotive that allows attackers to gain access to credentials and impersonate other users. The affected products are all versions of QMS Automotive.
CVE ID: CVE-2022-43958 (Critical)
An authorization bypass vulnerability has been discovered in OpenFGA. The affected versions are OpenFGA prior to 0.2.5.
CVE ID: CVE-2022-39352 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Netwrix Auditor User Activity Video Recording component that affects both the Netwrix Auditor server and agents installed on monitored systems.
CVE ID: CVE-2022-31199 (Critical)
A SQL injection vulnerability has been discovered in WooCommerce Dropshipping WordPress plugin. The affected versions are WooCommerce Dropshipping WordPress plugin prior to 4.4.
CVE ID: CVE-2022-3481 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security update to address multiple vulnerabilities in Citrix Gateway and Citrix ADC.
CVE ID: CVE-2022-27510, CVE-2022-27513, CVE-2022-27516
Dell has released security updates for Dell EMC VxRail Appliance, and Dell PowerEdge Server to address multiple vulnerabilities that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-23816 (Medium), CVE-2022-23825 (Medium), CVE-2022-26373 (Medium), CVE-2022-28693 (Medium), CVE-2022-29901 (Medium), CVE-2022-29466, CVE-2022-29515 (Medium), CVE-2022-21198 (High)
Intel has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Dev channel 109.0.5399.0 (Platform version: 15231.0.0) for most ChromeOS devices, Chrome 107 (107.0.5304.105) for Android, Chrome Stable 107 (107.0.5304.101) for iOS, and Stable channel 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2022-3885 (High), CVE-2022-3886 (High), CVE-2022-3887 (High), CVE-2022-3888 (High), CVE-2022-3889 (High), CVE-2022-3890 (High)
GitLab has released Community Edition and Enterprise Edition version 15.5.3 to resolve a number of regressions and bugs in 15.5 release and prior versions.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Joomla has released security update to resolve a Reflected XSS vulnerability in Joomla CMS com_media. The affected versions are Joomla CMS versions 4.0.0 to 4.2.4.
CVE ID: CVE-2022-27914 (Low)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
CVE ID: CVE-2022-1552 (High), CVE-2022-36033 (Medium), CVE-2022-38533 (Medium), CVE-2022-38791 (Medium), CVE-2022-39046 (Medium)
VMware has released a security updates to address multiple vulnerabilities in VMware Workspace ONE Assist.
CVE ID: CVE-2022-31685 (Critical), CVE-2022-31686 (Critical), CVE-2022-31687 (Critical), CVE-2022-31688 (Medium), CVE-2022-31689 (Medium)
It has been discovered that d8s-xml for python included a potential code-execution backdoor inserted by a third party. The affected version is d8s-htm 0.1.0.
CVE ID: CVE-2022-44054 (Critical)
It has been discovered that d8s-xml for python included a potential code-execution backdoor inserted by a third party. The affected version is d8s-htm 0.1.0.
CVE ID: CVE-2022-44053 (Critical)
Apache has released a security update to address a vulnerability in Apache Ivy that doesn't verify the target path when extracting the archive. The affected versions are Ivy 2.4.0 to 2.5.0.
CVE ID: CVE-2022-37865 (Critical)
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-41203 (Critical), CVE-2021-20223 (Critical), CVE-2022-35737 (Critical), CVE-2022-41204 (Critical)
A buffer overflow vulnerability has been discovered in Azure RTOS USBX. The affected versions are Azure RTOS USBX prior to 6.1.12.
CVE ID: CVE-2022-39344 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Use of externally-controlled format string vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
CVE ID: CVE-2022-3023 (Critical)
A SQL injection vulnerability has been discovered in CandidATS that allows to perform CRUD operations on application databases. The affected version is CandidATS version 3.0.0.
CVE ID: CVE-2022-42744 (Critical)
It has been discovered that IBM InfoSphere Information server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data that causes exposure of sensitive information or can consume memory resources.
CVE ID: CVE-2022-40747 (Critical)
It has been discovered that IBM InfoSphere Information Server 11.7 is vulnerable to CSV injection vulnerability that can cause execution of arbitrary commands on the system.
CVE ID: CVE-2022-22425 (Critical)
A command injection vulnerability has been discovered in D-Link DIR-823G that allows to execute arbitrary commands via a crafted packet. The affected version is D-Link DIR-823G v1.0.2.
CVE ID: CVE-2022-43109 (Critical)
A Remote Command Execution (RCE) vulnerability via path traversal has been discovered in iSpy. The affected version is iSpy v7.2.2.0.
CVE ID: CVE-2022-29774 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-42919, CVE-2022-35737 (High), CVE-2022-40284
Google has released Dev Channel 109.0.5396.2 for Windows, Linux and Mac, Chrome Beta 108 (108.0.5359.30) for iOS, and Chrome Dev 109 (109.0.5394.4) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Trellix has released security updates to address an XXE Injection vulnerability in Trellix IPS Manager. The affected versions are Trellix IPS Manager prior to 10.1 Minor release M10.
CVE ID: CVE-2022-3340 (Medium)
Multiple vulnerabilities have been discovered in Nokia's Equipment- ASIK AirScale 5G Common System Module. Successful exploitation of these vulnerabilities can result in the execution of a malicious kernel, the running of arbitrary malicious programs, or the running of modified Nokia programs. The affected versions are Nokia ASIK AirScale: ASIK 474021A.101, and ASIK 474021A.102 (not affected by CVE-2022-2484).
CVE ID: CVE-2022-2482 (High), CVE-2022-2484 (High), CVE-2022-2483 (High)
Delta Industrial Automation has released a security update to address a path traversal vulnerability in its equipment- DIALink which can allow an attacker to place malicious code on the target device. The affected products are DIALink versions prior to v1.5.0.0 Beta 4.
CVE ID: CVE-2022-2969 (High)
Gestionnaire Libre de Parc Informatique (GLPI) has released a security update to address a SQL injection vulnerability that leads to a time-based attack in api REST user_token in GLPI.
CVE ID: CVE-2022-39323 (Critical)
An out of bounds vulnerability has been discovered in GBL parser of Silicon Labs Gecko Bootloader that allows to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. The affected versions are GBL parser in Silicon Labs Gecko Bootloader 4.0.1 and earlier.
CVE ID: CVE-2022-24936 (Critical)
Centreon has released a security update to address a SQL injection vulnerability that affects component Contact Groups Form.
CVE ID: CVE-2022-3827 (Critical)
ETIC Telecom has released a security update to resolve multiple vulnerabilities in its equipment Remote Access Server (RAS). Successful exploitation of these vulnerabilities can allow to obtain sensitive information and compromise the vulnerable device and other connected machines. The affected versions are all versions of ETIC Telecom RAS 4.5.0 and prior.
CVE ID: CVE-2022-3703 (Critical), CVE-2022-41607 (High), CVE-2022-40981 (High)
Huawei has released security updates to address a path traversal vulnerability in Huawei Aslan Children's Watch that can result in accessing or modifying protected system resources.
CVE ID: CVE-2022-44564 (High)
Ubuntu has released security updates to address an incorrect validation vulnerability in NTFS metadata. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-40284
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High), CVE-2022-20961 (High), CVE-2022-20956 (High), CVE-2022-20867 (High), CVE-2022-20868 (High), CVE-2022-20951 (High), CVE-2022-20958 (High), CVE-2022-20969 (Medium), CVE-2022-20963 (Medium), CVE-2022-20937 (Medium), CVE-2022-20962 (Medium), CVE-2022-20960 (Medium), CVE-2022-20942 (Medium), CVE-2022-20772 (Medium)
Google has released Beta channel 108.0.5359.24 (Platform version: 15183.28.0) for most ChromeOS devices, Chrome Beta 108 (108.0.5359.28) for Android, and Beta channel 108.0.5359.30 for Mac and Linux and 108.0.5359.29 for Windows.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 are vulnerable to malicious code upload without authentication by using the configuration upload function. This can lead to a complete compromise of the FDS102 device. The affected versions are Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1.
CVE ID: CVE-2022-3575 (Critical)
It has been discovered that a remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.
CVE ID: CVE-2022-27583 (Critical)
Improper Neutralization vulnerability has been discovered in OpenNebula core on Linux that allows Remote Code Inclusion.
CVE ID: CVE-2022-37425 (Critical)
Improper type validation vulnerability has been discovered in Socket.io js library. It is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
CVE ID: CVE-2022-2421 (Critical)
Apple has released security updates to resolve multiple vulnerabilities in Xcode 14.1 available for macOS Monterey 12.5 and later. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-42797
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security update to address multiple vulnerability in Citrix Hypervisor 8.2 LTSR CU1.
CVE ID: CVE-2022-42316, CVE-2022-42317, CVE-2022-42318, CVE-2022-42323
It has been discovered on Octopus server that Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider. The updates are available.
CVE ID: CVE-2022-2572 (High)
OpenSSL released security updates to address multiple buffer overflow vulnerabilities in OpenSSL that can result in a crash (causing a Denial of Service (DoS). The affected versions are OpenSSL 3.0.0 through 3.0.6.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
It has been discovered that multiple buffer overrun vulnerabilities in OpenSSL affect Juniper Networks Junos OS Evolved. The affected versions are Juniper Networks Junos OS Evolved versions later than 22.1R1-EVO.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Google has released LTS channel 102.0.5005.184 (Platform Version: 14695.142.0) for most ChromeOS devices to resolve multiple vulnerabilities..
CVE ID: CVE-2022-3044(High), CVE-2022-3306 (High), CVE-2022-3305 (High), CVE-2022-3446 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to address a buffer overflow vulnerability in Python. The affected version is Python 3.7.
CVE ID: CVE-2022-37454 (Critical)
Hitachi has released security updates to address multiple vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Viewpoint.
CVE ID: CVE-2022-41552 (Critical), CVE-2020-36605 (Medium), CVE-2022-41553 (Medium), CVE-2022-3191 (Medium)
A vulnerability has been discovered in lesspipe that allows attackers to execute code via Perl Storable (pst) files. The affected versions are lesspipe prior to 2.06.
CVE ID: CVE-2022-44542 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Clinic's Patient Management System. The affected version is Clinic's Patient Management System v1.0.
CVE ID: CVE-2022-40471 (Critical)
An authorization rules bypass vulnerability has been discovered in VMware Spring Security. The affected products are Spring Security 5.7.0 to 5.7.4, and Spring Security 5.6.0 to 5.6.8. The mitigations are available.
CVE ID: CVE-2022-31692 (High)
CISA has released guidelines to implement phishing-resistant Multi Factor Authentication (MFA) to protect against phishing and other known cyber threats.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Microsoft has released Microsoft Edge Stable Channel (Version 107.0.1418.26). This update contains a fix for CVE-2022-3723, which has an exploit in the wild.
CVE ID: CVE-2022-3723
It has been discovered that Mail SQR Expert specific function has insufficient filtering for special characters which can cause arbitrary system command execution and can disrupt service.
CVE ID: CVE-2022-40741 (Critical)
A weak password requirements vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE ID: CVE-2022-3754 (Critical)
A SQL injection vulnerability has been discovered in School Activity Updates with SMS Notification. The affected version is School Activity Updates with SMS Notification v1.0.
CVE ID: CVE-2022-39976 (Critical)
An improper access control vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Alarm and Events Server that can result in a Denial of Service (DoS) condition. All versions of FactoryTalk Alarm and Events Server are affected by this vulnerability.
CVE ID: CVE-2022-38744 (High)
SAUTER Controls has released security updates to address a Cross Site Scripting (XSS) vulnerability in its equipment- moduWeb. Successful exploitation can trick users into clicking on malicious links and steal sensitive information. The affected version is SAUTER moduWeb firmware Version 2.7.1.
CVE ID: CVE-2022-40190 (High)
Rockwell Automation has released security updates to address multiple vulnerabilities in its equipment- Stratix Devices. Successful exploitation of these vulnerabilities can lead to a Denial of Service (DoS) condition and allow Remote Code Execution (RCE). The affected versions are all versions of Stratix 5800 switches prior to v16.12.01, and all versions of Stratix 5400/5410 switches prior to v15.2(7)E2.
CVE ID: CVE-2020-3229 (High), CVE-2020-3219 (High), CVE-2021-1446 (High), CVE-2020-3200 (High), CVE-2020-3211 (High), CVE-2020-3218 (High), CVE-2020-3209 (Medium), CVE-2021-1385 (Medium), CVE-2020-3516 (Medium)
An improper input validation vulnerability has been discovered in Trihedral's Equipment- VTScada. Successful exploitation of this vulnerability can cause a Denial of Service (DoS) condition in the affected product.
CVE ID: CVE-2022-3181 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released security update to address multiple vulnerabilities affecting Dell Client BIOS that could be exploited by malicious users to compromise the affected system(s).
CVE ID: CVE-2022-34460, CVE-2022-34393
Multiple vulnerabilities have been discovered in AliveCor's Equipment- KardiaMobile. Successful exploitation can allow stealing or faking personal cardiograms or enabling a Denial of Service (DoS) attack.
CVE ID: CVE-2022-40703 (Medium), CVE-2022-41627 (Medium)
Debian has released a security update to address multiple vulnerabilities in thunderbird package, which can result in denial of service or the execution of arbitrary code.
CVE ID: CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932
Debian has released a security update to address multiple vulnerabilities in Chromium package, which can result in the execution of arbitrary code, denial of service or information disclosure.
CVE ID: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3658, CVE-2022-3659, CVE-2022-3660, CVE-2022-3661
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cross-Site Scripting (XSS) and SQL injection vulnerabilities have been discovered in Delta Electronics' equipment - DIAEnergie, that can cause injection of arbitrary code to retrieve and modify database contents and execute system commands. The affected versions are prior to v1.9.01.002.
CVE ID: CVE-2022-41701, CVE-2022-40965, CVE-2022-41555, CVE-2022-41702, CVE-2022-41651, CVE-2022-40967, CVE-2022-41133, CVE-2022-41773
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-3433(High), CVE-2020-3153 (Medium)
It has been discovered that OpenFGA versions prior to 0.2.4 are vulnerable to the authorization bypass vulnerability. Security update is available.
CVE ID: CVE-2022-39342 (Critical)
A directory traversal vulnerability has been discovered in the web_server /ajax/remove/ functionality of Robustel R1510 version 3.1.16. A specially-crafted network request can lead to arbitrary file deletion.
CVE ID: CVE-2022-33897 (Critical)
An OS command injection vulnerability has been discovered in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution.
CVE ID: CVE-2022-29520 (Critical)
Multiple vulnerabilities have been discovered in Delta Electronics' equipment - InfraSuite Device Master that can cause Remote Code Execution (RCE) & Denial of Service (DoS) condition. The affected versions are 00.00.01a and prior.
CVE ID: CVE-2022-41778, CVE-2022-38142, CVE-2022-41779, CVE-2022-41657, CVE-2022-41772, CVE-2022-40202, CVE-2022-41688, CVE-2022-41644, CVE-2022-41776, CVE-2022-41629
A Cross-Site Scripting (XSS) vulnerability has been discovered in CKS' equipment- CEVAS versions prior to 1.01.46 that allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
CVE ID: CVE-2021-36206
Multiple vulnerabilities have been discovered in Haas Automation' equipment - Haas Controller version 100.20.000.1110 that can cause Denial-of-Service (DoS) and Remote Code Execution (RCE).
CVE ID: CVE-2022-2474, CVE-2022-2475, CVE-2022-41636
VMware has released a security update for Cloud Foundation to address a Remote Code Execution (RCE) vulnerability and an XML External Entity (XXE) vulnerability. The updates are available.
CVE ID: CVE-2021-39144, CVE-2022-31678
Dell has released security update for PowerStore Family to address multiple vulnerabilities that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-24903, CVE-2022-1586, CVE-2021-3580
A URL parsing vulnerability has been discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows.
CVE ID: CVE-2022-28763 (High)
An arbitrary file upload vulnerability has been discovered on github.com/flipped-aurora/gin-vue-admin versions prior to 2.5.4 caused by path traversal. This issue is patched in 2.5.4b. There are no known workarounds.
CVE ID: CVE-2022-39305 (Critical)
Session fixation and insufficient session expiration vulnerabilities have been discovered in Lanner Inc IAC-AST2500A standard firmware version 1.10.0. This vulnerabilities allow an attacker to perform session hijacking attacks against users.
CVE ID: CVE-2021-46279 (Critical)
Command injection and multiple stack-based buffer overflows vulnerabilities have been discovered in Lanner Inc IAC-AST2500A standard firmware version 1.10.0. This vulnerabilities allow an attacker to execute arbitrary code with the same privileges as the server user (root).
CVE ID: CVE-2021-26731(Critical)
A stack-based buffer overflow vulnerability has been discovered in Lanner Inc IAC-AST2500A standard firmware version 1.10.0. This vulnerability allows an attacker to execute arbitrary code with the same privileges as the server user (root).
CVE ID: CVE-2021-26730(Critical)
An Authentication bypass vulnerability has been discovered in Dell PowerStore versions 2.1.0.x. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration.
CVE ID: CVE-2022-26870 (Critical)
A vulnerability has been discovered in Exim. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. A patch has been issued to fix this vulnerability.
CVE ID: CVE-2022-3620
Missing Authentication for Critical Function vulnerability has been discovered in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.
CVE ID: CVE-2022-3327(Critical)
A sandbox bypass vulnerability has been discovered in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier. This vulnerability allows attackers to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE ID: CVE-2022-43406 (Critical)
An authentication bypass vulnerability has been discovered in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to Remote Code Execution (RCE). An attacker can send a sequence of requests to trigger this vulnerability.
CVE ID: CVE-2021-40422 (Critical)
Apache has released a security update to resolve CRLF log injection vulnerability in its Heron version <= 0.20.4-incubating.
CVE ID: CVE-2021-42010 (Low)
The cybercrime group "Daixin Team" is predominantly targeting the Healthcare and Public Health (HPH) Sector with ransomware and data extortion operations.
An authentication bypass vulnerability has been discovered in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). This vulnerability can allow an unauthenticated remote attacker to access the application without a valid account.
CVE ID: CVE-2022-43400 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in OpenCATS via the getDataGridPager's ajax functionality. The affected version is OpenCATS v0.9.6.
CVE ID: CVE-2022-43019 (Critical)
Bentley Systems has released a security update to address stack-based buffer overflow, and out-of-bounds read vulnerabilities in Bentley Systems' Equipment- MicroStation Connect which can crash the device being accessed or allow remote arbitrary code execution. The affected products are Bentley Systems MicroStation Connect v10.17.0.209 and prior.
CVE ID: CVE-2022-40201 (High), CVE-2022-41613 (High)
B. Braun Melsungen AG has released security updates to address multiple vulnerabilities in B. Braun Melsungen AG's Equipment- SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus. The affected products are SpaceCom, software versions U61 and earlier & L81 and earlier , Battery pack with Wi-Fi, software versions U61 and earlier & L81 and earlier and Data module compactplus, software versions A10 and A11.
CVE ID: CVE-2020-25158 (High), CVE-2020-25154 (Medium), CVE-2020-25162 (High), CVE-2020-25152 (Medium), CVE-2020-25164 (Medium), CVE-2020-25150 (High), CVE-2020-25166 (Medium), CVE-2020-16238 (Medium), CVE-2020-25168 (Low), CVE-2020-25156 (High), CVE-2020-25160 (Medium)
Google has released Beta channel 107.0.5304.51 (Platform version: 15117.66.0 / 15117.67.0) for most ChromeOS devices, Chrome Beta 107 (107.0.5304.54) for Android, and Beta channel has been updated to 107.0.5304.62 for Windows, Mac & Linux.
HP has released to security updates to resolve a vulnerability in the system BIOS for HP PC products, which can allow loss of integrity.
CVE ID: CVE-2022-31643 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A command injection vulnerability has been discovered in D-Link DIR878 via the component /bin/proc.cgi.The affected version is D-Link DIR878 1.30B08 Hotfix_04.
CVE ID: CVE-2022-43184 (Critical)
A stack overflow vulnerability has been discovered in Acer Altos that allows to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. The affected version is Acer Altos W2000h-W570h F4 R01.03.0018.
CVE ID: CVE-2022-41415 (Critical)
A deserialization vulnerability has been discovered in dubbo hessian-lite which can lead to malicious code execution. The affected versions are dubbo hessian-lite 3.2.12 and below.
CVE ID: CVE-2022-39198 (Critical)
An improper input validation vulnerability has been discovered in the J-Web component of Juniper Networks Junos OS that allows to access data without proper authorisation. The affected versions are Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.
CVE ID: CVE-2022-22241 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in kkFileView via controller\OnlinePreviewController.java. The affected version is kkFileView 4.0.
CVE ID: CVE-2022-42149 (Critical)
A vulnerability has been discovered in GPON ONT Titanium that allows to escalate privileges via a brute force attack at the login page. The affected version is GPON ONT Titanium 2122A T2122-V1.26EXL.
CVE ID: CVE-2022-40055 (Critical)
B. Braun Melsungen AG has released security updates to address multiple vulnerabilities in B. Braun Melsungen AG's Equipment- Infusomat Space Large Volume Pump.
CVE ID: CVE-2021-33886 (Medium), CVE-2021-33885 (Critical), CVE-2021-33882 (Medium), CVE-2021-33883 (Medium), CVE-2021-33884 (Medium)
Remote code execution vulnerability due to insufficient user privilege verification has been discovered in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.
CVE ID: CVE-2022-23769 (Critical)
Path traversal vulnerability has been discovered in Tableau Server Administration Agent’s internal file transfer service that allow remote code execution.
CVE ID: CVE-2022-22128 (Critical)
A double-free vulnerability has been discovered in contrib/shpsort.c of shapelib that allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. The affected versions are shapelib 1.5.0 and older releases.
CVE ID: CVE-2022-0699 (Critical)
A SQL Injection vulnerability has been discovered in Merchandise Online Store that allows an attacker to log in to the admin account. The affected version is Merchandise Online Store v.1.0.
CVE ID: CVE-2022-42237 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20933 (High), CVE-2022-20822 (High), CVE-2022-20917 (Medium), CVE-2022-20959 (Medium), CVE-2022-20776 (Medium), CVE-2022-20811 (Medium), CVE-2022-20953 (Medium), CVE-2022-20954 (Medium), CVE-2022-20955 (Medium)
Google has released Chrome Dev 108 (108.0.5359.10) for Android, Dev channel 108.0.5359.10 for Windows, Mac and Linux, and Stable channel 106.0.5249.134 (Platform version: 15054.114.0/15054.115.0) for most ChromeOS devices.
VMware has released a security update to address a vulnerability in Reactor Netty HTTP Server. The affected versions are Reactor Netty 1.0.11 to 1.0.23.
CVE ID: CVE-2022-31684 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Oracle has released its critical patch updates for October 2022 to address 370 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-23305 (Critical), CVE-2022-21587 (Critical), CVE-2022-39428 (Critical), CVE-2022-25315 (Critical), CVE-2022-32532 (Critical), CVE-2022-23457 (Critical), CVE-2022-23943 (Critical), CVE-2022-33980 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in GetSimple CMS. The affected version is GetSimple CMS v3.3.16.
CVE ID: CVE-2022-41544 (Critical)
An insufficient validation vulnerability has been discovered in RAVA certificate validation system. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.
CVE ID: CVE-2022-39056 (Critical)
An out-of-bounds write vulnerability has been discovered in the MPTCP module. Successful exploitation of this vulnerability can cause root privilege escalation attacks implemented by modifying program information.
CVE ID: CVE-2022-41578 (Critical)
It has been discovered that the HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space. Successful exploitation of this vulnerability can cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.
CVE ID: CVE-2022-38986 (Critical)
An Use-After-Free (UAF) vulnerability has been discovered in BT Hfp Client module. Successful exploitation of this vulnerability can result in arbitrary code execution.
CVE ID: CVE-2022-38983 (Critical)
A prototype pollution vulnerability has been discovered in the function copy in dom.js in the xmldom package for Node.js. The affected versions are dom.js in xmldom package before 0.8.3.
CVE ID: CVE-2022-37616 (Critical)
Advantech has released security updates to address path traversal, and stack-based buffer overflow vulnerabilities in Advantech's equipment- R-SeeNet. Successful exploitation of these vulnerabilities can result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution.i8
CVE ID: CVE-2022-3387 (Medium), CVE-2022-3386 (Critical), CVE-2022-3385 (Critical)
Debian has released security updates to resolve several vulnerabilities in node-xmldom, and bcel. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-37616 (Critical), CVE-2022-34169 (High)
Yokogawa has released security updates to address a stack-based buffer overflow vulnerability in Yokogawa application software WTViewerE. The affected products are WTViewerE 761941 versions 1.31 to 1.61, and WTViewerEfree versions 1.01 to 1.52.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.4 and Firefox 106. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-42927 (High), CVE-2022-42928 (High), CVE-2022-42929 (Medium), CVE-2022-42930 (Medium), CVE-2022-42931 (Low), CVE-2022-42932 (Medium)
Adobe has released security updates to address improper input validation, and out-of-bounds read vulnerabilities in Adobe Illustrator. The affected products are Illustrator 2022 26.4?and?earlier, and Illustrator 2021 25.4.7?and?earlier.
CVE ID: CVE-2022-38435 (High), CVE-2022-38436 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Juniper Networks has released security updates to address an improper handling of an unexpected data type vulnerability in Junos OS and Junos OS Evolved. The affected products are Junos OS 21.3, 21.4, 22.1, 22.2, and Junos OS Evolved 21.3-EVO, 21.4-EVO, 22.1-EVO, 22.2-EVO.
CVE ID: CVE-2022-22219 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
An unrestricted file upload vulnerability has been discovered in Gin-Vue-Admin. The affected versions are Gin-Vue-Admin v2.5.1 through v2.5.3b.
CVE ID: CVE-2022-32176 (Critical)
Debian has released a security update to address an integer overflow vulnerability in libksba package, which can result in Denial of Service (DoS) or the execution of arbitrary code.
CVE ID: CVE-2022-3515
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that multiple Trumpf products use default privileged Windows users and passwords. An adversary could use these accounts to remotely gain full access to the system.
CVE ID: CVE-2022-2052 (Critical)
Ree6 has released a security update to address a sql injection vulnerability in Ree6. The affected versions are Ree6 prior to 1.7.0.
CVE ID: CVE-2022-39303 (Critical)
Apache has released a security update to address a vulnerability in Apache Commons Text when it performs variable interpolation. The affected versions are Apache Commons Text 1.5 through 1.9.
CVE ID: CVE-2022-42889 (Critical)
A code injection vulnerability has been discovered in Spring Cloud Gateway. The affected versions are Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+.
CVE ID: CVE-2022-22947 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel (Azure), and zlib. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-37434, CVE-2022-33741 (High), CVE-2022-32296 (Low), CVE-2022-1012 (Critical), CVE-2022-33740 (High), CVE-2022-33744 (Medium), CVE-2022-33742 (High), CVE-2022-0812 (Medium), CVE-2022-2318 (Medium), CVE-2022-26365 (High)
A SQL injection vulnerability has been discovered in Django. The affected versions are Django 3.2 before 3.2.14, and Django 4.0 before 4.0.6.
CVE ID: CVE-2022-34265 (Critical)
An improper limitation of a pathname to a Restricted Directory ('Path Traversal') vulnerability has been discovered in Adobe ColdFusion. The affected versions are Adobe ColdFusion Update 14 and earlier, and Adobe ColdFusion Update 4 and earlier.
CVE ID: CVE-2022-38418 (Critical)
A SQL injection vulnerability has been discovered in Online Diagnostic Lab Management system. The affected version is Online Diagnostic Lab Management System version 1.0.
CVE ID: CVE-2022-42064 (Critical)
A double free vulnerability has been discovered in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.
CVE ID: CVE-2022-39002 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that an unauthenticated attacker can cause a Denial of Service (DoS) vulnerabilities in Ivanti products. The affected products are Ivanti Connect Secure (ICS) versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Gateway versions prior to 22.3R1.
CVE ID: CVE-2022-35254 (High), CVE-2022-35258 (High)
Dell has released security updates to address OS command injection, privilege context switching error, and allocation of resources without limits or throttling vulnerabilities in Dell EMC PowerScale OneFS. The affected versions are Dell PowerScale OneFS 8.2.2 to 9.3.0, 8.2.x to 9.4.0.x, and 8.2.0.x to 9.4.0.x.
CVE ID: CVE-2022-34437 (Medium), CVE-2022-34438 (Medium), CVE-2022-34439 (Medium)
Sonic Wall has released security updates to address a file path manipulation vulnerability in SonicWall GMS. The affected versions are SonicWall GMS prior to 9.3.2.
CVE ID: CVE-2021-20030 (Medium)
An unauthenticated command injection vulnerability has been discovered in ArrayOS AG of Array Networks AG/vxAG. The affected versions are ArrayOS AG prior to 9.4.0.469.
CVE ID: CVE-2022-42897 (Critical)
MelisFront has released security update to address a deserialization of arbitrary data vulnerability in melisplatform/melis-front. The affected versions are melisplatform/melis-front prior to 5.0.1.
CVE ID: CVE-2022-39298 (Critical)
MelisCms has released security update to address a deserialization of arbitrary data vulnerability in melisplatform/melis-cms. The affected versions are melisplatform/melis-cms prior to 5.0.1.
CVE ID: CVE-2022-39297 (Critical)
A prototype pollution vulnerability has been discovered in parseQuery function of parseQuery.js for webpack loader-utils. The affected version is webpack loader-utils 2.0.0.
CVE ID: CVE-2022-37601 (Critical)
An authentication bypass vulnerability has been discovered in Apache Shiro when forwarding or including via RequestDispatcher. The affected versions are Apache Shiro before 1.10.0.
CVE ID: CVE-2022-40664 (Critical)
A command injection vulnerability has been discovered in git package. The affected versions are git package before 1.11.0.
CVE ID: CVE-2022-25648 (Critical)
Mitsubishi Electric has released security updates to address multiple vulnerabilities in its Equipment- MELSEC iQ-R Series.
CVE ID: CVE-2021-20599 (Critical), CVE-2021-20597 (High), CVE-2021-20594 (Medium)
Palo Alto Networks has released security update to address an authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface.
CVE ID: CVE-2022-0030
Drupal has released security update to resolve an access bypass vulnerability in Twig Field Value, a third-party libraries used by Drupal that doesn't sufficiently apply access restrictions when using the filters field_label, field_value, field_raw and field_target_entity. The affected versions are Twig Field Value module 8.x-1.x and 2.0.x.
Juniper Networks has released security updates to address multiple vulnerabilities affecting its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A memory corruption vulnerability has been discovered in SAP SQL Anywhere, and SAP IQ. The affected versions are SAP SQL Anywhere 17.0, and SAP IQ 16.1.
CVE ID: CVE-2022-35299 (Critical)
vm2 has released a security update to address a vulnerability that allows a threat actor to bypass sandbox protections to gain Remote Code Execution (RCE) rights on the host running the sandbox. The affected versions are vm2 prior to 3.9.11.
CVE ID: CVE-2022-36067 (Critical)
A weak key protection vulnerability has been discovered in Siemens SIMATIC S7-1200, S7-1500 CPU Families. Successful exploitation can allow native code execution to extract heavily guarded, hardcoded, global private cryptographic keys embedded within the Siemens SIMATIC S7-1200/1500 PLC and TIA Portal product lines.
CVE ID: CVE-2022-38465 (Critical)
Multiple vulnerabilities have been discovered in Zoom Client for Meetings for macOS, and Zoom On-Prem Deployments. The affected versions are Zoom Client for Meetings for macOS (Standard and for IT Admin) 5.10.6 and prior to 5.12.0, and Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131.
CVE ID: CVE-2022-28762 (High), CVE-2022-28761 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Lenovo released security updates to address IPV6 VLAN stacking vulnerabilities in its Network security controls that can be exploited by sending crafted network packets to bypass their inspection and filtering capabilities. The affected product is Broadcom - BES 53248 Networking Switch.
CVE ID: CVE-2021-27853 (Medium), CVE-2021-27854 (Medium), CVE-2021-27861 (Medium), CVE-2021-27862 (Medium)
LibreOffice has released security updates to address a macro URL arbitrary script execution vulnerability in its products. The affected versions are LibreOffice 7.3.6 to 7.4.1.
CVE ID: CVE-2022-3140
Trellix has released security update to address multiple vulnerabilities in ePolicy Orchestrator. The affected versions are ePolicy Orchestrator (ePO) 5.10 prior to update 14.
CVE ID: CVE-2022-3338 (Medium), CVE-2022-3339 (Medium)
Sensormatic Electronics has released security updates to address a vulnerability in its C-CURE 9000 equipment. The affected versions are C-CURE 9000 2.90 and earlier.
CVE ID: CVE-2021-36201 (Medium)
Multiple vulnerabilities have been discovered in Altair's Equipment- HyperView Player. Successful exploitation of these vulnerabilities can crash the device accessed. The affected products are HyperView Player versions 2021.1.0.27 and prior.
CVE ID: CVE-2022-2947 (High), CVE-2022-2949 (High), CVE-2022-2950 (High), CVE-2022-2951 (High)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address a vulnerability in .NET 6 that can cause execution of arbitrary code. The affected product is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-41032 (High)
Citrix has released security updates to address multiple vulnerabilities in Citrix Hypervisor 8.2 LTSR CU1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-33748, CVE-2022-33749
VMware has released a security update to address an arbitrary file read vulnerability in Aria Operations. A malicious actor with administrative privileges can read arbitrary files containing sensitive data.
CVE ID: CVE-2022-31682 (Medium)
Debian has released security updates to resolve several vulnerabilities in Twig, and isc-dhcp. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-39261 (High), CVE-2022-2928 (Medium), CVE-2022-2929 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Phoenix Contact has released security updates to address multiple vulnerabilities in PLCnext Firmware. Availability, integrity, or confidentiality of the PLCnext Control can be compromised by attacks using these vulnerabilities.
CVE ID: CVE-2022-32207 (Critical), CVE-2022-2207 (Critical), CVE-2022-1927 (Critical), CVE-2022-0547 (Critical), CVE-2022-25235 (Critical), CVE-2022-25236 (Critical), CVE-2022-2210 (Critical)
Microsoft has released security updates to address an elevation of privilege vulnerability in several versions of Azure Arc-enabled Kubernetes cluster that can allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster.
CVE ID: CVE-2022-37968 (Critical)
A stored Cross-Site Scripting (XSS) has been discovered in Gogs that could lead to an account takeover. The affected versions are Gogs v0.6.5 through v0.12.10.
CVE ID: CVE-2022-32174 (Critical)
It has been discovered that an integer conversion error vulnerability in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, can be used to perform out of bounds operations and subsequently execute arbitrary code.
CVE ID: CVE-2022-40138 (Critical)
An integer overflow vulnerability has been discovered in Hermes, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 that allows execute arbitrary code via crafted JavaScript.
CVE ID: CVE-2022-35289 (Critical)
A forced browsing vulnerability has been discovered in Trend Micro Apex One that allow an access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings.
CVE ID: CVE-2022-41746 (Critical)
Aruba has released security updates to address an unauthenticated buffer overflow vulnerability in Aruba InstantOS and ArubaOS 10 web management interface. The affected versions are Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below.
CVE ID: CVE-2022-37891 (Critical)
Aruba has released security updates to address an unauthenticated buffer overflow vulnerability in Aruba InstantOS and ArubaOS 10 web management interface. The affected versions are Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below.
CVE ID: CVE-2022-37890 (Critical)
Aruba has released security updates to address buffer overflow vulnerability in Aruba PAPI protocol (Aruba Networks AP management protocol). The affected versions are Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below.
CVE ID: CVE-2022-37889 (Critical)
A command injection vulnerability has been discovered in TOTOLINK NR1800X. The affected version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41525 (Critical)
An unauthenticated stack overflow vulnerability via the "main" function has been discovered in TOTOLINK NR1800X. The affected version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41522 (Critical)
A command injection vulnerability via the UploadFirmwareFile function has been discovered in TOTOLINK NR1800X. The affected version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41518 (Critical)
Daikin Holdings Singapore Pte Ltd. has released security updates to address use of hard-coded password, and improper access control vulnerabilities in its equipment- SVMPC1, SVMPC2. Successful exploitation of these vulnerabilities can disclose sensitive information to the affected devices and can give an attacker full control of the system. The affected products are SVMPC1: Version 2.1.22 and prior, and SVMPC2: Version 1.2.3 and prior.
CVE ID: CVE-2022-41653 (Critical), CVE-2022-38355 (High)
Adobe has released security updates to address multiple critical vulnerabilities in Adobe ColdFusion, Adobe Acrobat Reader, Adobe Commerce, and Adobe Dimension. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-35710 (Critical), CVE-2022-35711 (Critical), CVE-2022-35690 (Critical), CVE-2022-35712 (Critical), CVE-2022-35698 (Critical)
Fortinet has released security updates to address an authentication bypass vulnerability in administrative interface for FortiOS, FortiProxy and FortiSwitchManager which can allow to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE ID: CVE-2022-40684 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to address a bruteforce vulnerability in Dell EMC XtremIO which can be exploited to gain access to an admin account . The affected versions are Dell EMC XtremIO versions prior to X2 6.4.0-22.
CVE ID: CVE-2022-31228 (High)
Apple has released security updates to resolve multiple vulnerabilities in iOS 16.0.3, and watchOS 9.0.2. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22658
A SQL injection vulnerability has been discovered in Sourcecodester Simple E-Learning System. The affected version is Sourcecodester Simple E-Learning System 1.0.
CVE ID: CVE-2022-40872 (Critical)
A SQL injection vulnerability has been discovered in B.C. Institute of Technology CodeIgniter. The affected versions are B.C. Institute of Technology CodeIgniter 3.1.13 and below.
CVE ID: CVE-2022-40835 (Critical)
Trend Micro has released a security update to address Information disclosure, and privilege escalation vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. The affected products are Deep Security Agent Version 20, and Cloud One - Workload Security Agent Version 20.
GROWI has released a security update to address an improper access control vulnerability in its products. The affected products are GROWI versions prior to v5.1.4 (v5 series), and GROWI versions prior to v4.5.25 (v4 series).
CVE ID: CVE-2022-41799 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
VMware has released security updates to address unsafe deserialisation, and null-pointer dereference vulnerabilities in VMware vCenter Server and VMware ESXi respectively.
CVE ID: CVE-2022-31680 (High), CVE-2022-31681 (Low)
It has been discovered that cyber actors continue to target government and critical infrastructure networks with an increasing array of new and adaptive techniques—some of which pose a significant risk to Information Technology (IT) Sector organizations (including telecommunications providers), Defense Industrial Base (DIB) Sector organizations, and other critical infrastructure organizations.
Rockwell Automation has released security updates to address improper access control, and SQL injection vulnerabilities in FactoryTalk VantagePoint software, which can allow Remote Code Execution (RCE). The affected versions are FactoryTalk VantagePoint Firmware 8.0 to 8.31.
CVE ID: CVE-2022-38743 (Critical), CVE-2022-3158 (Critical)
An improper access control vulnerability has been discovered in HIWIN's Equipment- HIWIN Robot System Software (HRSS) that can cause a Denial of Service (DoS) condition.
CVE ID: CVE-2022-3382 (High)
Ubuntu has released security updates to address several vulnerabilities in LibreOffice and Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-26307 (High), CVE-2022-26306 (High), CVE-2022-26305 (High), CVE-2022-36946 (High), CVE-2022-2503 (Medium), CVE-2022-32296 (Low), CVE-2021-33655 (Medium), CVE-2022-1012 (High), CVE-2022-1729 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An authentication bypass vulnerability has been discovered in WNAP210v2 wireless access point. NETGEAR will not release a fix for this vulnerability on the affected product as it is outside of the security support period.
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-2928 (Medium), CVE-2022-2929 (Medium), CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-40617 (Medium)
An out-of-bounds read vulnerability has been discovered in the PCRE2 library that affects the recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVE ID: CVE-2022-1587 (Critical)
NVIDIA has released a security update for NVIDIA CUDA Toolkit software to address a stack-based buffer overflow vulnerability that can lead to code execution, denial of service, or information disclosure. The affected versions are NVIDIA CUDA Toolkit all versions prior to 11.8 for Linux and Windows.
CVE ID: CVE-2022-34667 (Medium)
Omron has released security updates to address multiple out-of-bounds write vulnerabilities in its equipment- CX-Programmer that can crash the device or allow arbitrary code execution.
CVE ID: CVE-2022-3398 (High), CVE-2022-3396 (High), CVE-2022-3397 (High)
Horner Automation has released security updates to address out-of-bounds write, and access of uninitialized pointer vulnerabilities in its equipment- Cscape which can cause arbitrary code execution.
CVE ID: CVE-2022-3379 (High), CVE-2022-3378 (High), CVE-2022-3377 (High)
Multiple vulnerabilities such as Cross-Site Request Forgery (CSRF), and HTTP response splitting have been discovered in Hitachi Energy's Equipment- Modular Switchgear Monitoring (MSM). Successful exploitation of these vulnerabilities can allow to perform malicious command injection, trick a valid user into downloading malicious software onto their computer.
CVE ID: CVE-2021-40335 (Medium), CVE-2021-40336 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20929 (High), CVE-2022-20814 (High), CVE-2022-20853 (High), CVE-2021-27853 (Medium), CVE-2021-27854 (Medium), CVE-2021-27861 (Medium), CVE-2021-27862 (Medium)
A vulnerability has been discovered in Autodesk Desktop App (ADA) that can cause escalate privileges and execute arbitrary code.
CVE ID: CVE-2022-33882 (Critical)
A SQL Injection vulnerability has been discovered in Veritas NetBackup and related Veritas products. The affected versions are Veritas NetBackup through 10.0.
CVE ID: CVE-2022-42302 (Critical)
Johnson Controls has released a security update to address a vulnerability in Metasys ADX when using the MVE SMP UI, which allows an Active Directory user to execute validated actions without providing a valid password. The affected version is Metasys ADX Server version 12.0 running MVE.
CVE ID: CVE-2022-21936 (High)
An use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and Company's equipment- Totalys MultiProcessor that can allow access, modify, or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI), and personally identifiable information (PII). The affected versions are BD Totalys MultiProcessor 1.70 and earlier.
CVE ID: CVE-2022-40263 (Medium)
Data Exchange Layer (DXL) Broker has released security updates to address multiple vulnerabilities in Java, OpenSSL, Log4J, and RSA BSAFE Crypto. The affected versions are DXL Broker 6.0.0, and 5.x.
CVE ID: CVE-2019-3738 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2019-13351(High), CVE-2022-33741(High), CVE-2022-33744 (Medium), CVE-2021-33655(Medium), CVE-2022-33740(High), CVE-2022-34495(Medium), CVE-2022-26365(High), CVE-2022-36946(High), CVE-2022-33743(High), CVE-2022-33742(High), CVE-2022-34494(Medium), CVE-2022-2318(Medium), CVE-2022-1012(High), CVE-2022-32296(Low), CVE-2022-1729(High), CVE-2022-2503(Medium),CVE-2022-41323, CVE-2022-40617, CVE-2021-3782 (Critical)
Dell has released security updates to address multiple vulnerabilities in Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE) and Dell EMC PowerProtect DP Series Appliance / Dell EMC Integrated Data Protection Appliance (IDPA).
SUSE has released a security update to resolve multiple vulnerabilities in the slurm package.
CVE ID: CVE-2022-29500 (High), CVE-2022-29501 (High), CVE-2022-31251 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Microsoft has released Microsoft Edge Stable Channel (Version 106.0.1370.34) to resolve a Spoofing vulnerability in Microsoft Edge (Chromium-based).
CVE ID: CVE-2022-41035 (High)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-10-05 or later, address all of these issues.
It has been discovered that in Amazon AWS Redshift JDBC Driver the Object Factory does not check the class type when instantiating an object from a class name. The affected versions are Amazon AWS Redshift JDBC Driver before 2.1.0.8.
CVE ID: CVE-2022-41828 (Critical)
A SQL Injection vulnerability has been discovered in BigProf Online Invoicing System. The affected versions are BigProf Online Invoicing System before 2.9.
CVE ID: CVE-2020-35674 (Critical)
Microsoft has discovered Server-Side Request Forgery (SSRF), and Remote Code Execution (RCE) zero-day vulnerabilities in Microsoft Exchange Server. The mitigations are available.
CVE ID: CVE-2022-41040, CVE-2022-41082
Debian has released a security update to address multiple vulnerabilities in Chromium package, which can result in the execution of arbitrary code, Denial of Service (DoS) or information disclosure.
CVE ID: CVE-2022-3370, CVE-2022-3373 (Medium)
An improper input validation vulnerability has been discovered in Dell iDRAC8 & Dell iDRAC9's Racadm when the firmware lock-down configuration is set. Security updates are available. The affected products are Dell iDRAC9 version 6.00.02.00 and prior and Dell iDRAC8 version 2.83.83.83 and prior.
CVE ID: CVE-2022-34435, CVE-2022-34436
An authorization bypass vulnerability has been discovered in b2evolution. The affected versions are b2evolution 7.2.3 and below.
CVE ID: CVE-2022-30935 (Critical)
It has been discovered that WAPPLES has a hardcoded system account that can be exploited to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. The affected versions are WAPPLES through 6.0.
CVE ID: CVE-2022-35413 (Critical)
An arbitrary code execution vulnerability has been discovered in Coreboot. The affected versions are Coreboot 4.13 through 4.16.
CVE ID: CVE-2022-29264 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to address multiple vulnerabilities in Dell Client Platform BIOS that affect Alienware Area-51 R4 and Alienware Area-51 R5.
BookStack has released a security update to address a Cross-Site Scripting (XSS) vulnerability in its product. The affected versions are BookStack prior to v22.09.
CVE ID: CVE-2022-40690 (Medium)
A command execution vulnerability has been discovered in the background tasks of XXL-JOB. The affected version is XXL-JOB 2.2.0.
CVE ID: CVE-2022-40929 (Critical)
A vulnerability has been discovered in Zimbra Collaboration (ZCS) that allows to upload arbitrary files through amavisd via a cpio loophole, and can lead to incorrect access to any other user accounts. The affected versions are Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
CVE ID: CVE-2022-41352 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Labstack Echo via the Static Handler component. The affected version is Labstack Echo v4.8.0.
CVE ID: CVE-2022-40083 (Critical)
GitLab has released updated versions 15.4.1, 15.3.4, and 15.2.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
Cisco has released security updates to resolve privilege escalation, and authentication bypass vulnerabilities in Cisco SD-WAN, and Cisco Duo for macOS, respectively. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20662 (Medium), CVE-2022-20775 (High), CVE-2022-20818 (High)
Multiple vulnerabilities such as denial of service, client-side script injection, and information disclosure have been discovered in several Mitsubishi Electric products. The mitigations are available.
CVE ID: CVE-2022-29859 (Low), CVE-2022-33322 (Medium), CVE-2022-33321 (Medium)
Drupal has released security update to resolve a vulnerability in Twig, a third-party libraries used by Drupal that can allows to write Twig code, including potential unauthorized read access to private files and the contents of other files on the server, or database credentials.
CVE ID: CVE-2022-39261 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.3.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-39249 (High), CVE-2022-39250 (High), CVE-2022-39251 (High), CVE-2022-39236 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-32886, CVE-2022-37797, CVE-2022-41556, CVE-2022-29599
Local file inclusion vulnerability has been discovered in EyesOfNetwork (EON). The affected versions are EyesOfNetwork through 5.3.11.
CVE ID: CVE-2022-41571 (Critical)
A SQL injection vulnerability has been discovered in SEyesOfNetwork (EON). The affected versions are EyesOfNetwork through 5.3.11.
CVE ID: CVE-2022-41570 (Critical)
A SQL injection vulnerability has been discovered in Exam Reviewer Management System. The affected version is Exam Reviewer Management System 1.0.
CVE ID: CVE-2022-40877 (Critical)
An unauthenticated blind SQL Injection vulnerability has been discovered in Sourcecodester Online Market Place Site. The affected version is Sourcecodester Online Market Place Site v1.0.
CVE ID: CVE-2022-30004 (Critical)
Google has released Chrome 109.0.5412.2 (Platform version: 15236.2.0) and LTS channel 102.0.5005.185 (Platform Version: 14695.148.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-3450 (High), CVE-2022-3449 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20696 (High), CVE-2022-20728 (Medium), CVE-2021-27853 (Medium), CVE-2021-27854 (Medium), CVE-2021-27861 (Medium), CVE-2021-27862 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to address a heap-based buffer overflow vulnerability in the gdal package, which can result in Denial of Service (DoS) or potentially the execution of arbitrary code, if a specially crafted file is processed with the PCIDSK driver.
CVE ID: CVE-2021-45943 (Medium)
A SQL injection vulnerability has been discovered in Wedding Planner via the id parameter at /package_detail.php. The affected version is Wedding Planner v1.0.
CVE ID: CVE-2022-40485 (Critical)
An arbitrary code execution vulnerability has been discovered in joblib package. The affected versions are joblib from 0 and before 1.2.0.
CVE ID: CVE-2022-21797 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Pulse Secure has released security updates to resolve client side desync attacks between the client machine and VPN server. The affected versions are VPN server prior to 9.1R15.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A SQL injection vulnerability has been discovered in Online Banking System via the cust_id parameter at /net-banking/edit_customer_action.php. The affected version is Online Banking System v1.0.
CVE ID: CVE-2022-40122 (Critical)
It has been discovered that Scala has a Java deserialization chain in its JAR file that can be exploited to erase the contents of arbitrary files, make network connections, or possibly run arbitrary code via a gadget chain. The affected versions are Scala 2.13.x before 2.13.9.
CVE ID: CVE-2022-36944 (Critical)
A vulnerability has been discovered in Tacitine Firewall due to improper control of code generation in the Tacitine Firewall web-based management interface. Successful exploitation by sending a specially crafted http request can allow to execute arbitrary commands on the targeted device. The affected versions are Tacitine Firewall all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive).
CVE ID: CVE-2022-40628 (Critical)
A heap-based buffer overflow vulnerability has been discovered in Rockwell Automation ThinManager ThinServer, which can expose the server to arbitrary Remote Code Execution (RCE). The affected versions are Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0.
CVE ID: CVE-2022-38742 (Critical)
A stack overflow vulnerability has been discovered in Grandstream GSD3710. The affected version is Grandstream GSD3710 1.0.11.13.
CVE ID: CVE-2022-2070 (Critical)
A stack overflow vulnerability has been discovered in Grandstream GSD3710. The affected version is Grandstream GSD3710 1.0.11.13.
CVE ID: CVE-2022-2025 (Critical)
A broken access control vulnerability has been discovered in ZTE ZXvSTB product. Due to improper permission control, attackers can use this vulnerability to delete the default application type, which affects normal use of the system.
CVE ID: CVE-2022-23144 (Critical)
It has been discovered that Apache Pinot, Pinot query endpoint and realtime ingestion layer have a vulnerability in unprotected environments due to groovy function support. The affected versions are Apache Pinot 0.10.0 or below.
CVE ID: CVE-2022-26112 (Critical)
An integer overflow vulnerability has been discovered in Redis. The affected versions are Redis 7.0.0 & above and prior to 7.0.5.
CVE ID: CVE-2022-35951 (Critical)
Carlo Gavazzi Controls SpA has released security updates to address multiple vulnerabilities in UWP 3.0 family of Monitoring Gateways and Controllers, and CPY Car Park Server in their set-up software, runtime firmware, and embedded Web interface. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22522 (Critical), CVE-2022-22524 (Critical), CVE-2022-22526 (Critical), CVE-2022-28811 (Critical), CVE-2022-28812 (Critical), CVE-2022-28814 (Critical), CVE-2022-28816 (High), CVE-2022-22523 (High), CVE-2022-28813 (High), CVE-2022-22525 (High), CVE-2022-28815 (Medium)
Sophos has released security updates to address a code injection vulnerability that allows Remote Code Execution (RCE) in the User Portal and Webadmin of Sophos Firewall. The affected versions are Sophos Firewall v19.0 MR1 (19.0.1) and below.
CVE ID: CVE-2022-3236 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple Remote Code Execution (RCE) vulnerabilities have been discovered in WhatsApp. The affected versions are WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12, Android prior to v2.22.16.2, and WhatsApp for iOS v2.22.15.9.
CVE ID: CVE-2022-36934, CVE-2022-27492
Ubuntu has released security updates to address several vulnerabilities in Linux kernel for Google Container Engine (GKE). An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-33655, CVE-2022-2318, CVE-2022-36946, CVE-2022-26365, CVE-2022-34495, CVE-2022-33744, CVE-2022-33742, CVE-2022-34494, CVE-2022-33741, CVE-2022-33743, CVE-2022-33740
Debian has released a security update to address multiple vulnerabilities in Mozilla Firefox Extended Support Releases (ESR) web browser, which can result in the execution of arbitrary code, CSP bypass or session fixation.
CVE ID: CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40958 (Medium), CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40962 (High)
A stack overflow vulnerability has been discovered in Tenda AC15 via the function fromAddressNat. The affected version is Tenda AC15 V15.03.05.19.
CVE ID: CVE-2022-40851 (Critical)
A stack overflow vulnerability has been discovered in Tenda AC15 and AC18 routers. The affected version is Tenda AC15 and AC18 routers V15.03.05.19.
CVE ID: CVE-2022-40869 (Critical)
A heap overflow vulnerability has been discovered in Tenda AC15 and AC18 routers. The affected version is Tenda AC15 and AC18 routers V15.03.05.19.
CVE ID: CVE-2022-40865 (Critical)
A buffer overflow vulnerability has been discovered in Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router via the wl binary in firmware. The affected version is Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119.
CVE ID: CVE-2022-37235 (Critical)
A buffer overflow vulnerability via uhttpd has been discovered in Netgear N300 wireless router. The affected version is Netgear N300 wireless router wnr2000v4-V1.0.0.70.
CVE ID: CVE-2022-37232 (Critical)
A stack overflow vulnerability has been discovered in Netgear N300 wireless router via strcpy in uhttpd. The affected version is Netgear N300 wireless router wnr2000v4-V1.0.0.70.
CVE ID: CVE-2022-31937 (Critical)
A buffer overflow vulnerability has been discovered in 10-Strike Network Inventory Explorer via the Add Computers function. The affected version is 10-Strike Network Inventory Explorer v9.3.
CVE ID: CVE-2022-38573 (Critical)
An OS command injection vulnerability has been discovered in NOKIA 1350 OMS. The affected version is NOKIA 1350 OMS R14.2.
CVE ID: CVE-2022-39815 (Critical)
A client authentication bypass vulnerability has been discovered in Erlang/OTP in certain client-certification situations for SSL, TLS, and DTLS. The affected versions are Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2.
CVE ID: CVE-2022-37026 (Critical)
COVESA has released a security update to address multiple vulnerabilities in the COVESA DLT daemon. The affected versions are COVESA DLT daemon 2.18.8 and below.
CVE ID: CVE-2022-39836, CVE-2022-39837
Multiple memory corruption vulnerabilities have been discovered in uClibC and uClibc-ng libraries that can affect any Unix-based devices that use this library. The affected versions are uClibC 0.9.33.2 and uClibC-ng 1.0.40.
CVE ID: CVE-2022-29503, CVE-2022-29504
An improper access control vulnerability has been discovered in Measuresoft's Equipment- ScadaPro Server that can allow a local user with limited privileges to modify the service binary path and start malicious commands with system privileges. The affected version is ScadaPro Server 6.7.
CVE ID: CVE-2022-3263 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to resolve Denial of Service (DoS), and privilege escalation vulnerabilities in Cisco NX-OS Software Border Gateway Protocol, and Cisco Secure Web Appliance respectively.
CVE ID: CVE-2022-20871 (High), CVE-2018-0295 (High)
Google has released Beta channel 106.0.5249.49 (Platform version: 15054.62.0/15054.63.0) for most ChromeOS devices, Dev channel 107.0.5304.10 for Windows, Mac and Linux, and Chrome Dev 107 (107.0.5304.8) for Android.
Foxit has released an updated Foxit PDF Editor for Mac 11.1.3, to resolve multiple vulnerabilities in Foxit PDF Editor for Mac 11.1.2.0420 and earlier for macOS.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A weak password vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository ikus060/minarca prior to 4.2.2.
CVE ID: CVE-2022-3268 (Critical)
A SQL injection vulnerability has been discovered in SourceCodester Simple Task Managing System via the bookId parameter at changeStatus.php. The affected version is SourceCodester Simple Task Managing System v1.0.
CVE ID: CVE-2022-40030 (Critical)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in a web server component of TIBCO Software Inc's TIBCO EBX Add-ons. The affected versions are TIBCO EBX Add-ons 5.4.1 and below.
CVE ID: CVE-2022-30578 (Critical)
A stored Cross Site Scripting (XSS) vulnerability has been discovered in web server component TIBCO Software Inc's TIBCO EBX. The affected versions are TIBCO EBX 6.0.0 through 6.0.8.
CVE ID: CVE-2022-30577 (Critical)
It has been discovered that Jenkins RQM Plugin is vulnerable to XML External Entity (XXE) attacks. The affected versions are Jenkins RQM Plugin 2.8 and earlier.
CVE ID: CVE-2022-41241 (Critical)
It has been discovered that Jenkins DotCi Plugin is vulnerable to XML External Entity (XXE) attacks. The affected versions are Jenkins DotCi Plugin 2.40.00 and earlier.
CVE ID: CVE-2022-41238 (Critical)
It has been discovered that Jenkins Compuware Common Configuration Plugin is vulnerable to XML External Entity (XXE) attacks. The affected versions are Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier.
CVE ID: CVE-2022-41226 (Critical)
A SQL injection vulnerability has been discovered in SmartVista SVFE2. The affected version is SmartVista SVFE2 v2.2.22.
CVE ID: CVE-2022-38619 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability in Z-BlogPHP that allows to make arbitrary requests via injection of arbitrary URLs into the source parameter. The affected versions are Z-BlogPHP 1.7.2 and earlier.
CVE ID: CVE-2022-40357 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Valine that allows to execute arbitrary code via a crafted POST request. The affected version is Valine v1.4.18.
CVE ID: CVE-2022-38545 (Critical)
An authentication bypass vulnerability has been discovered in Linux-PAM package for openSUSE Tumbleweed. The affected versions are Linux-PAM packages before 1.5.2-6.1.
CVE ID: CVE-2022-28321 (Critical)
Debian has released security updates to address multiple vulnerabilities in BIND9, and Expat.
CVE ID: CVE-2022-2795 (Medium), CVE-2022-3080 (High), CVE-2022-38177 (High), CVE-2022-38178 (High), CVE-2022-40674 (Critical)
ISC has released security updates to address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker can exploit these vulnerabilities to take control of an affected system.
HP has released security updates to resolve buffer overflow, and Remote Code Execution (RCE) vulnerabilities in HP Print products.
CVE ID: CVE-2022-28721 (Critical), CVE-2022-28722 (High)
WordPress has released a security update to address a Cross-Site Request Forgery (CSRF) vulnerability in the demon image annotation plugin for WordPress. The affected versions are demon image annotation versions up to, and including 4.7.
CVE ID: CVE-2022-2864 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve multiple vulnerabilities in skelcd-control-suse-manager-proxy, and skelcd-control-suse-manager-server. The affected products are SUSE Manager Proxy 4.3, SUSE Manager Retail Branch Server 4.3, and SUSE Manager Server 4.3.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to address a command execution vulnerability while processing untrusted files in wordexp() function of tinygltf package.
CVE ID: CVE-2022-3008 (High)
A heap-use-after-free vulnerability has been discovered in SWFTools commit 772e55a via the function grow_unicode at /lib/ttf.c.
CVE ID: CVE-2022-40009 (Critical)
A heap-buffer overflow vulnerability has been discovered in SWFTools commit 772e55a via the function readU8 at /lib/ttf.c.
CVE ID: CVE-2022-40008 (Critical)
A file upload vulnerability has been discovered in the storage feature of pagekit, that can allow to upload malicious files. The affected version is pagekit 1.0.18.
CVE ID: CVE-2022-38916 (Critical)
Kayrasoft has released a security update to address SQL injection vulnerability in its products. The affected versions are Kayrasoft products before version 2.
CVE ID: CVE-2022-2177 (Critical)
It has been discovered that an exposed external port for the telnet service can cause a vulnerability in NIS-HAP11AC which can allow source code hijacking, remote control of the device.
CVE ID: CVE-2022-23768 (Critical)
Trend Micro has released a security update to address an unauthenticated file deletion vulnerability in Trend Micro Mobile Security, which can allow access to the Management Server to delete files. The affected version is Trend Micro Mobile Security for Enterprise 9.8 SP5.
CVE ID: CVE-2022-40980 (Critical)
A vulnerability has been discovered in Trend Micro Apex One and Trend Micro Apex One as a Service that allow to bypass the product’s login authentication by falsifying request parameters on affected installations.
CVE ID: CVE-2022-40144 (Critical)
It has been discovered that due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in Remote Code Execution (RCE).
CVE ID: CVE-2022-3218 (Critical)
It has been discovered that the d8s-ip-addresses for python include a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.
CVE ID: CVE-2022-40810 (Critical)
A SQL injection vulnerability has been discovered in Zephyr Project Manager WordPress plugin. The affected versions are Zephyr Project Manager WordPress plugin before 3.2.5.
CVE ID: CVE-2022-2840 (Critical)
A SQL injection vulnerability has been discovered in Ketchup Restaurant Reservations WordPress plugin. The affected versions are Ketchup Restaurant Reservations WordPress plugin through 1.0.0.
CVE ID: CVE-2022-2754 (Critical)
A SQL injection vulnerability has been discovered in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. The affected versions are Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305.
CVE ID: CVE-2022-40300 (Critical)
Microsoft has released a security update to address a spoofing vulnerability in Microsoft Endpoint Configuration Manager. The affected versions are Microsoft Endpoint Configuration Manager versions 2103 – 2207.
CVE ID: CVE-2022-37972 (High)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.3. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40958 (Medium), CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40962 (High), CVE-2022-3155 (Low)
A protection mechanism failure vulnerability has been discovered in Medtronic's Equipment- MiniMed 600 Series Insulin Pumps, Guardian Link 3 Transmitter, Guardian 2 Link Transmitter, Carelink USB, Contour Next Link 2.4. Successful exploitation of this vulnerability can impact delivery of insulin.
CVE ID: CVE-2022-32537 (Medium)
Host Engineering has released a security update to address a stack-based buffer overflow vulnerability in its equipment- H0-ECOM100 Communications Module, which can crash the device being accessed and lead to a Denial-of-Service (DoS) condition.
CVE ID: CVE-2022-3228 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.3, and Firefox 105. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40958 (Medium), CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40962 (High), CVE-2022-40961 (Medium)
Dell has released a security update to address multiple vulnerabilities in third-part components that affects Dell NetWorker vProxy. The affected versions are Dell NetWorker vProxy 4.3.0-31 and earlier.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Festo control block CPX-CEC-C1 and CPX-CMXX allow unauthenticated, remote access to critical webpage functions which can cause a Denial of Service (DoS). The affected versions are Control block CPX-CEC-C1 2.0.12 and below, and Control block CPX-CMXX 1.2.34 rev.404 and below.
CVE ID: CVE ID: CVE-2022-3079
TensorFlow has released security update to address a vulnerability that either write content at the wrong index or trigger a crash. The affected versions are TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
CVE ID: CVE-2022-35939 (Critical)
TensorFlow has released security update to address a vulnerability that leads to an out-of-bounds memory read or a crash. The affected versions are TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
CVE ID: CVE-2022-35938 (Critical)
TensorFlow has released security update to address a vulnerability that leads to an out-of-bounds memory read. The affected versions are TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
CVE ID: CVE-2022-35937 (Critical)
A vulnerability has been discovered in iAware module while managing malicious apps. Successful exploitation of this vulnerability can cause malicious apps to automatically start upon system startup.
CVE ID: CVE-2022-39000 (Critical)
An improper update of reference count vulnerability has been discovered in AOD module. Successful exploitation of this vulnerability can affect data integrity, confidentiality, and availability.
CVE ID: CVE-2022-38999 (Critical)
Remote Code Execution vulnerability has been discovered in Tenhot router. The affected version is Tenhot TWS-100 V4.0-201809201424.
CVE ID: CVE-2022-37861 (Critical)
A vulnerability has been discovered in Airties Smart Wi-Fi that allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference. The affected versions are Airties Smart Wi-Fi before 2020-08-04.
CVE ID: CVE-2022-38789 (Critical)
Authentication Bypass vulnerability by Primary Weakness has been discovered in GitHub repository. The affected versions are GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
CVE ID: CVE-2022-2651 (Critical)
Dataprobe has released security update to address multiple vulnerabilities in its equipment- iBoot-PDU FW. Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device.
CVE ID: CVE-2022-3183 (Critical), CVE-2022-3184 (Critical), CVE-2022-3185 (Medium), CVE-2022-3186 (High), CVE-2022-3187 (Medium), CVE-2022-3188 (Medium), CVE-2022-3189 (Medium)
MiCODUS has released security update to address multiple vulnerabilities in its equipment- MV720 GPS tracker. Successful exploitation of these vulnerabilities can allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features (e.g., alarms).
CVE ID: CVE-2022-2107 (Critical), CVE-2022-2141 (Critical), CVE-2022-2199 (High), CVE-2022-34150 (High), CVE-2022-33944 (Medium)
OWASP ModSecurity Core Rule Set (CRS) has released security updates to address multiple vulnerabilities in CRS. The affected versions are legacy CRS versions 3.0.x, 3.1.x, 3.2.1 and 3.3.2.
CVE ID: CVE-2022-39955 (Critical), CVE-2022-39956 (Critical), CVE-2022-39957 (High), CVE-2022-39958 (High)
Delta Electronics has released a security update to address a use of hard-coded credentials vulnerability in its equipment- DIAEnergie that can lead to Remote Code Execution (RCE). The affected products are DIAEnergie version 1.8.0 and prior.
CVE ID: CVE-2022-3214 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 91.13.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3033 (High), CVE-2022-3032 (Medium), CVE-2022-3034 (Medium)
Moodle has released security updates to address multiple vulnerabilities in several products.
CVE ID: CVE-2022-40316, CVE-2022-40315, CVE-2022-40314, CVE-2022-40313
Spring has released security updates to address a vulnerability in Spring Data REST. The affected products are Spring Data REST 3.6.0 to 3.6.6, 3.7.0 to 3.7.2 and older, unsupported versions.
CVE ID: CVE-2022-31679 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A SQL injection vulnerability have been discovered in the Northstar Club Management application. The affected version is Northstar Club Management version 6.3.
CVE ID: CVE-2022-26959 (Critical)
A buffer overflow vulnerability has been discovered in Tenda WiFi Routers. The affected versions are Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi.
CVE ID: CVE-2022-38326 (Critical)
A buffer overflow vulnerability has been discovered in Tenda WiFi Routers. The affected versions are Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi.
CVE ID: CVE-2022-38325 (Critical)
An out-of-bounds read vulnerability has been discovered in the DNS proxy of Connman. The affected versions are Connman through 1.40.
CVE ID: CVE-2022-23097 (Critical)
An out-of-bounds read vulnerability has been discovered in the DNS proxy of Connman through 1.40. The affected versions are Connman through 1.40.
CVE ID: CVE-2022-23096 (Critical)
A SQL injection vulnerability has been discovered in Gestionnaire Libre de Parc Informatique (GLPI). The updates are available.
CVE ID: CVE-2022-35947 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38828 (Critical)
Buffer Overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38827 (Critical)
An arbitrary command execution vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38826 (Critical)
Hard coded password vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38823 (Critical)
A vulnerability has been discovered in the component post_applogin.php of Super Flexible Software for Syncovery. The affected versions are Syncovery 9 for Linux v9.47x and below.
CVE ID: CVE-2022-36536 (Critical)
A command injection vulnerability has been discovered in TOTOLink. The affected version is TOTOLink A700RU V7.4cu.2313_B20191024. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
CVE ID: CVE-2022-38308 (Critical)
Remote Code Execution vulnerability via the ping host feature has been discovered in SmartRG routers. The affected versions are SmartRG SR506n 2.5.15 and SR510n 2.6.13.
CVE ID: CVE-2022-37661 (Critical)
It has been discovered that the mobile application in Transtek Mojodat FAM (Fixed Asset Management) allows remote attackers to bypass authorization. The affected version is Transtek Mojodat FAM 2.4.6.
CVE ID: CVE-2022-38768 (Critical)
Dell has released a security update to address a vulnerability in Advanced Message Queuing Protocol (AMQP), a third-party component, that affects Dell NetWorker.
CVE ID: CVE-2018-11050 (High)
ASUS has released security updates to address multiple vulnerabilities in ASUS personal computers, including desktops, laptops and All-in-One PCs.
CVE ID: CVE-2022-36438, CVE-2022-36439
Improper Access Control vulnerability has been discovered in Siemens Mobility's Equipment- CoreShield One-Way Gateway (OWG) Software. Successful exploitation of this vulnerability can allow an attacker to leverage the default installation for Windows versions of the CoreShield (OWG) software, which sets insecure file permissions that can result in local escalation of privileges to local administrator. The mitigations are available.
CVE ID: CVE-2022-38466 (High)
CISA and the National Security Agency (NSA) have published Open Radio Access Network Security Considerations. This product assesse the benefits and security considerations associated with implementing an Open Radio Access Network (Open RAN) architecture.
WordPress has released security update to address a Directory Traversal vulnerability in SearchWP Live Ajax Search plugin for WordPress. The affected versions are SearchWP Live Ajax Search versions up to, and including 1.6.2.
CVE ID: CVE-2022-3227 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released Chrome Beta 106 (106.0.5249.41) for iOS, Stable channel 105.0.5195.134 (Platform version: 14989.107.0) for most ChromeOS devices, Dev Channel 107.0.5300.0 for Windows, Mac and Linux, Chrome 105 (105.0.5195.136) for Android, and Chrome Dev 107 (107.0.5299.0) for Android.
Debian has released a security update to address multiple vulnerabilities in Chromium, which can result in the execution of arbitrary code, denial of service or information disclosure.
CVE ID: CVE-2022-3195 (High), CVE-2022-3196 (High), CVE-2022-3197 (High), CVE-2022-3198 (High), CVE-2022-3199 (High), CVE-2022-3200 (High), CVE-2022-3201 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An use-after-free vulnerability has been discovered in the doContent function of libexpat. The affected versions are libexpat before 2.4.9.
CVE ID: CVE-2022-40674 (Critical)
A SQL Injection vulnerability has been discovered in Loan Management System, which allows unauthorized users to login as Administrator after injecting username form. The affected version is Loan Management System 1.0.
CVE ID: CVE-2022-37138 (Critical)
A SQL Injection vulnerability has been discovered in Hospital Information System that allows for authentication bypass. The affected version is Hospital Information System 1.0.
CVE ID: CVE-2022-36669 (Critical)
An authentication bypass vulnerability has been discovered in OSU Open Source Lab VNCAuthProxy. The affected versions are OSU Open Source Lab VNCAuthProxy through 1.1.1.
CVE ID: CVE-2022-36436 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository prior to 8.1.0.
CVE ID: CVE-2022-2900 (Critical)
A SQL injection vulnerability has been discovered in Hospital Management System via the Username and Password parameters on the Login page. The affected version is Hospital Management System v1.0.
CVE ID: CVE-2022-38637 (Critical)
An authentication bypass vulnerability has been discovered in UCMS, which is exploited via cookie poisoning. The affected version is UCMS v1.6.0.
CVE ID: CVE-2022-38297 (Critical)
An arbitrary file upload vulnerability via the File Manager has been discovered in Cuppa CMS. The affected version is Cuppa CMS v1.0.
CVE ID: CVE-2022-38296 (Critical)
A pre-authentication command injection vulnerability has been discovered in the web configuration interface of the TP-Link M7350 V3 with firmware version 190531.
CVE ID: CVE-2022-37860 (Critical)
A Server-Side Request Forgeries (SSRF) vulnerability has been discovered in SLiMS Senayan Library Management System. The affected version is SLiMS Senayan Library Management System v9.4.2.
CVE ID: CVE-2022-38292 (Critical)
An improper restriction of XML External Entity Reference (XXE) vulnerability has been discovered in the Policy Engine of Forcepoint Data Loss Prevention (DLP). The affected products are Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2, Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2, Forcepoint Web Security Content Gateway versions prior to 8.5.5, Forcepoint Email Security with DLP enabled versions prior to 8.5.5, and Forcepoint Cloud Security Gateway prior to June 20, 2022.
CVE ID: CVE-2022-1700 (Critical)
A bypass a protection mechanism vulnerability has been discovered in Pebble Templates that allows arbitrary code execution with springbok. The affected version is Pebble Templates 3.1.5.
CVE ID: CVE-2022-37767 (Critical)
An arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource has been discovered in Casdoor. The affected version is Casdoor v1.97.3.
CVE ID: CVE-2022-38638 (Critical)
OpenAM Consortium has released a security update to address an open redirect vulnerability in OpenAM (OpenAM Consortium Edition). The affected version is OpenAM (OpenAM Consortium Edition) 14.0.0.
CVE ID: CVE-2022-31735 (Medium)
EC-CUBE has released security updates to resolve multiple vulnerabilities in EC-CUBE products. The affected versions are EC-CUBE 3.0.0 to 3.0.18-p4 (EC-CUBE 3 series), and EC-CUBE 4.0.0 to 4.1.2 (EC-CUBE 4 series).
CVE ID: CVE-2022-40199 (Low), CVE-2022-38975 (Medium)
EC-CUBE has released security updates to resolve an insufficient verification vulnerability when uploading files in EC-CUBE Product Image Bulk Upload Plugin. The affected versions are Product Image Bulk Upload Plugin 1.0.0, and Product Image Bulk Upload Plugin 4.1.0.
CVE ID: CVE-2022-37346 (Medium)
Ubuntu has released security updates to address a vulnerability in Intel Microcode that can allow to compromise SGX enclaves. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS & Ubuntu 18.04 LTS.
CVE ID: CVE-2022-21233 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20846 (Medium), CVE-2022-20845 (Medium), CVE-2022-20849 (Medium)
Palo Alto Networks has released security updates to resolve multiple vulnerabilities in Cortex XDR Agent . For information PAN-OS software is unaffected by the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) and does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.
CVE ID: CVE-2022-0029 (Medium)
Dell has released a security update to address a regular expression Denial of Service (DoS) vulnerability in Dell Wyse ThinOS. The affected versions are Dell Wyse ThinOS 9.3.1129 and earlier versions.
CVE ID: CVE-2022-34402 (Medium)
Google has released Chrome Beta 106 (106.0.5249.38) for Android, Beta channel 106.0.5249.36 (Platform version: 15054.50.0/15054.51.0) for most ChromeOS devices, Beta channel 106.0.5249.40 for Windows, Mac & Linux, and Stable channel 105.0.5195.125 for Mac & Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2022-3196 (High), CVE-2022-3197 (High), CVE-2022-3198 (High), CVE-2022-3199 (High), CVE-2022-3200 (High), CVE-2022-3201 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been observed that threat actors are exploiting multiple vulnerabilities in Fortinet FortiOS and Microsoft Exchange servers for data extortion and disk encryption for ransom operations.
CVE ID: CVE-2018-13379, CVE-2020-12812, CVE-2019-5591, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple SQL injection
vulnerabilities have been discovered in Archery. The affected
versions are Archery v1.8.3 to v1.8.5. CVE ID: CVE-2022-38541
(Critical)
A SQL injection
vulnerability has been discovered in Library Management System.
The affected version is Library Management System 1.0. CVE
ID: CVE-2022-37794 (Critical)
A XML External Entity
vulnerability has been discovered in Apache Calcite. The affected
versions are Apache Calcite version prior to 1.32.0. CVE
ID: CVE-2022-39135 (Critical)
A Server-Side Request
Forgery (SSRF) vulnerability has been discovered in Rank Math SEO
plugin for WordPress. The affected versions are Rank Math SEO
plugin 1.0.95 and below. CVE ID: CVE-2022-36376
(Critical)
XWiki has released
security updates to address a vulnerability in XWiki Platform Web
Parent POM. The affected versions are XWiki 1.0 and prior to
versions 13.10.6 and 14.30-rc-1. CVE ID: CVE-2022-36094
(Critical)
It has been discovered
that Inoda OnTrack employs a weak password policy which allows
attackers to potentially gain unauthorized access to the
application via brute-force attacks. The affected version is
Inoda OnTrack v3.4. CVE ID: CVE-2022-37164
(Critical)
Multiple improper access control vulnerabilities have been discovered in Zoom On-Premise Meeting Connector MMR. The affected versions are Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130.
CVE ID: CVE-2022-28760 (Medium), CVE-2022-28758 (High), CVE-2022-28759 (High)
Debian has released a security update to address multiple vulnerabilities in FreeCAD package, which can result in the execution of arbitrary shell commands when opening a malformed file.
CVE ID: CVE-2021-45844 (High), CVE-2021-45845 (High)
Honeywell has released security updates to address multiple vulnerabilities in its equipment- SoftMaster. Successful exploitation of these vulnerabilities can allow to execute code in the context of the application permissions or escalate privileges.
CVE ID: CVE-2022-2333 (High), CVE-2022-2332 (Medium)
Adobe has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Citrix has released security update to address a vulnerability in Citrix Hypervisor 8.2 LTSR CU1 Hotfix XS82ECU1008 (only) that can allow malicious network traffic to cause subsequent packets to be dropped.
CVE ID: CVE-2020-35498 (High)
Dell has released security updates to resolve multiple vulnerabilities in third party components used in Dell NetWorker vProxy. The affected versions are NetWorker vProxy 4.3.0-22 and earlier.
Google has released Chrome Stable 105 (105.0.5195.129) for iOS, Extended Stable channel 104.0.5112.124 for Windows & 104.0.5112.123 for Mac, and Chrome 105 (105.0.5195.124) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-2191 (High), CVE-2022-31160 (Medium), CVE-2022-2047 (Low), CVE-2022-2048 (High)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions affecting multiple Windows products.
CVE ID: CVE-2022-34722 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions affecting multiple Windows products.
CVE ID: CVE-2022-34721 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows TCP/IP affecting multiple Windows products.
CVE ID: CVE-2022-34718 (Critical)
XWiki has released security updates to address a vulnerability in XWiki Platform Mentions UI. The affected versions are XWiki 12.5-rc-1 and prior to versions 13.10.6 and 14.4.
CVE ID: CVE-2022-36098 (Critical)
XWiki has released security updates to address a vulnerability in XWiki Platform Mentions UI. The affected versions are XWiki prior to versions 13.10.6 and 14.3.
CVE ID: CVE-2022-36096 (Critical)
It has been discovered that Bminusl IHateToBudget employs a weak password policy, which allows to gain unauthorized access to the application via brute-force attacks. The affected version is Bminusl IHateToBudget v1.5.7.
CVE ID: CVE-2022-37163 (Critical)
QNAP NAS has released security updates to address an externally controlled reference to a resource vulnerability that affects QNAP NAS running Photo Station. The affected products are QTS 5.0.1: Photo Station 6.1.2 and later, QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later, QTS 4.3.6: Photo Station 5.7.18 and later, QTS 4.3.3: Photo Station 5.4.15 and later, and QTS 4.2.6: Photo Station 5.2.14 and later.
CVE ID: CVE-2022-27593 (Critical)
Delta Industrial Automation has released a security update to address a use of hard-coded credentials vulnerability in its equipment- DIAEnergie that can lead to Remote Code Execution (RCE). The affected products are DIAEnergie version 1.8.0 and prior.
An improper authentication vulnerability has been discovered in Kingspan's Equipment- TMS300 CS, which does not properly restrict access to endpoints. Successful exploitation of this vulnerability can allow to view and modify application settings without authenticating.
CVE ID: CVE-2022-2757 (Critical)
Trend Micro has released security updates to address a vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service that allow to log in to the product's administration console & can execute an arbitrary code.
CVE ID: CVE-2022-40139 (High)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released security updates to address multiple vulnerabilities in Dell BSAFE SSL-J, Dell BSAFE Crypto-J, and Dell AppSync.
CVE ID: CVE-2021-46827 (Medium)
Apple has released latest version of Safari 16 for macOS Big Sur & macOS Monterey, tvOS 16 for Apple TV 4K, Apple TV 4K (2nd generation), & Apple TV HD, watchOS 9 for Apple Watch Series 4 & later, iOS 16 for iPhone 8 & later, macOS Monterey 12.6 for macOS Monterey, macOS Big Sur 11.7 for macOS Big Sur and iOS 15.7 and iPadOS 15.7 for iPhone 6s & later, iPad Pro (all models), iPad Air 2 & later, iPad 5th generation & later, iPad mini 4 & later, and iPod touch (7th generation) to resolve multiple vulnerabilities.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A stack buffer overflow vulnerability has been discovered in xhyve commit dfbe09b via the component pci_vtrnd_notify().
CVE ID: CVE-2022-36660 (Critical)
A heap-based buffer over-read or buffer overflow vulnerability has been discovered in zlib. The affected version is zlib through 1.2.12.
CVE ID: CVE-2022-37434 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in LibTIFF that can cause Denial of Service (DoS) or expose sensitive information. The affected products are Ubuntu 18.04 LTS & Ubuntu 20.04 LTS.
CVE ID: CVE-2022-0907 (Medium), CVE-2022-0908 (Medium), CVE-2022-0909 (Medium), CVE-2022-0924 (Medium), CVE-2022-22844 (Medium)
Debian has released a security update to address multiple heap-based buffer overflow vulnerabilities in gdk-pixbuf package, which can result in the execution of arbitrary code or Denial of Service (DoS) if a malformed GIF image is processed.
CVE ID: CVE-2021-44648 (High), CVE-2021-46829 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2018-1285 (Critical), CVE-2019-17498 (High), CVE-2022-2191 (High), CVE-2022-31144 (High), CVE-2022-31151 (Medium), CVE-2022-31160 (Medium), CVE-2022-36313 (Medium), CVE-2022-2047 (Low), CVE-2022-2048 (High), CVE-2022-1651 (High), CVE-2022-25647 (High), CVE-2022-37434 (Critical), CVE-2022-31097 (Medium), CVE-2022-31107 (High), CVE-2022-36879 (Medium), CVE-2022-36946 (High)
ARK-Web has released security updates to address a cross-site scripting vulnerability in Movable Type plugin A-Form. The affected versions are A-Form versions prior to 4.1.1 (for Movable Type 7 Series), and A-Form versions prior to 3.9.1 (for Movable Type 6 Series).
CVE ID: CVE-2022-38972 (Medium)
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel for Microsoft Azure CVM cloud systems that can cause a Denial of Service (DoS) or possibly execute arbitrary code. The affected product is Ubuntu 20.04 LTS.
CVE ID: CVE-2021-33061 (Medium), CVE-2021-33656 (High)
A Denial of Service (DoS) vulnerability has been discovered in bundled Jetty that affects Jenkins. The affected products are Jenkins LTS 2.346.3 & earlier and Jenkins weekly up to and including 2.362 bundle versions of Jetty The updates are available.
CVE ID: CVE-2022-2048 (High)
Dell has released security updates to address a vulnerability in Oxygen XML WebHelp, a third-party component, that affects Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, Dell eVASA Provider Virtual Appliance, Dell VASA Provider Standalone, and Dell PowerMaxOS.
CVE ID: CVE-2021-46827 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An unauthenticated plugin settings change & data deletion vulnerabilities have been discovered in WP Shop plugin for WordPress. The affected versions are WP Shop plugin 3.9.6 and below.
CVE ID: CVE-2022-36793 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Canto Cumulus that allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact. The affected versions are Canto Cumulus through 11.1.3.
CVE ID: CVE-2022-40305 (Critical)
A buffer overflow vulnerability has been discovered in D-Link. The affected version is D-Link DAP1650 v1.04 firmware.
CVE ID: CVE-2022-36588 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36586 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36585 (Critical)
A SQL injection vulnerability has been discovered in Nagios XI via the mib_name parameter at the Manage MIBs page. The affected version is Nagios XI v5.8.6.
CVE ID: CVE-2022-38250 (Critical)
It has been discovered that Gluu Oxauth allows to execute blind Server-Side Request Forgery (SSRF) attacks via a crafted request_uri parameter. The affected versions are Gluu Oxauth before v4.4.1.
CVE ID: CVE-2022-36663 (Critical)
A deserialization of an untrusted data vulnerability has been discovered in the message processing component of Bitdefender GravityZone Console, which allows to pass unsafe commands to the environment. The affected versions are Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1, and Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.
CVE ID: CVE-2022-2830 (Critical)
A session fixation vulnerability has been discovered in Apache Airflow. The affected versions are Apache Airflow 2.2.4 through 2.3.3.
CVE ID: CVE-2022-38054 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Baxter has released security updates and mitigations to resolve multiple vulnerabilities in its equipment- Sigma and Baxter Spectrum Infusion Pumps. Successful exploitation of these vulnerabilities can result in access to sensitive data and alteration of system configuration.
CVE ID: CVE-2022-26390 (Medium), CVE-2022-26392 (Medium), CVE-2022-26393 (Medium), CVE-2022-26394 (Medium)
Hillrom has released security updates to address Out-of-Bounds Write, and Out-of-Bounds Read vulnerabilities in its Equipment- Welch Allyn medical device management tools. Successful exploitation of these vulnerabilities can allow an attacker to cause memory corruption and remotely execute arbitrary code.
CVE ID: CVE-2021-27408 (Medium), CVE-2021-27410 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
NETGEAR has released security update to address multiple vulnerabilities in FunJSQ, a third-party module integrated on some routers and Orbi WiFi Systems.
Missing Access Control vulnerability has been discovered in PHP Crafts Accommodation System plugin. The affected versions are PHP Crafts Accommodation System plugin 1.0.1 and below.
CVE ID: CVE-2022-37344 (Critical)
Missing Access Control vulnerability has been discovered in About Rentals plugin for WordPress. The affected versions are About Rentals plugin 1.5 and below.
CVE ID: CVE-2022-36427 (Critical)
Broken Access Control vulnerability has been discovered in Alessio Caiazza's About Me plugin for WordPress. The affected versions are Alessio Caiazza's About Me plugin 1.0.12 and below.
CVE ID: CVE-2022-36387 (Critical)
Broken Access Control vulnerability has been discovered in Beaver Builder plugin for WordPress. The affected versions are Beaver Builder plugin 2.5.4.3 and below.
CVE ID: CVE-2022-36425 (Critical)
A vulnerability has been discovered in OpenRemote that allows attackers to execute arbitrary code via a crafted Groovy rule. The affected versions are OpenRemote through 1.0.4.
CVE ID: CVE-2022-31860 (Critical)
It has been discovered that Eclipse TCF debug interface in JasMiner-X4-Server is open on port 1534. This vulnerability allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. The affected versions are Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below.
CVE ID: CVE-2022-36601 (Critical)
A format string vulnerability has been discovered in Zyxel NAS326 firmware that allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. The affected versions are Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0.
CVE ID: CVE-2022-34747 (Critical)
Apache OFBiz has released security update for Solr plugin to address a vulnerability. An attacker can exploit this vulnerability at server start-up or on a server restart, in order to run arbitrary code. The affected versions are OFBiz prior to 18.12.06.
CVE ID: CVE-2022-29063 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36584 (Critical)
MZ Automation GmbH has released security updates to resolve multiple vulnerabilities in its equipment- libIEC61850. Successful exploitation of these vulnerabilities can crash the device being accessed, and buffer overflow conditions can allow remote code execution.
CVE ID: CVE-2022-2970 (Critical), CVE-2022-2972 (Critical), CVE-2022-2971 (High), CVE-2022-2973 (High)
Apache has released security updates to address a Denial of Service (DoS) vulnerability in Apache Struts 2. The affected versions are Struts 2.0.0 to 2.5.20.
CVE ID: CVE-2019-0233 (Medium)
An access bypass vulnerability has been discovered in Permissions by Term, and Next.js, third-party libraries used by Drupal. The updates are available.
Ubuntu has released security updates to address a vulnerability in Dnsmasq package that can cause DNS cache poisoning attacks. The affected products are Ubuntu 16.04 ESM.
CVE ID: CVE-2021-3448 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20696 (High), CVE-2022-28199 (High), CVE-2022-20863 (Medium), CVE-2022-20923 (Medium)
Google has released Chrome Beta 106 (106.0.5249.30) for iOS, Chrome Beta 106 (106.0.5249.31) for Android, Beta channel 106.0.5249.30 for Windows, Mac and Linux, and Stable channel 105.0.5195.112 (Platform version: 14989.85.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-3071 (High), CVE-2022-3052 (Medium), CVE-2022-2859 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to address a deserialization vulnerability in libgoogle-gson-java package that can lead to a Denial of Service (DoS) or even the execution of arbitrary code.
CVE ID: CVE-2022-25647 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-1651 (High), CVE-2021-33149 (Low), CVE-2022-24436 (Medium), CVE-2021-0060 (High), CVE-2021-0127 (Medium), CVE-2020-12357 (High), CVE-2020-12358 (Medium), CVE-2020-12359 (High), CVE-2020-12360 (Medium), CVE-2020-24486 (Medium), CVE-2020-8670 (High), CVE-2020-8700 (High), CVE-2020-24511 (Medium), CVE-2020-24512 (Low)
A local file disclosure vulnerability has been discovered in Telos Alliance Omnia MPX Node, which allows attackers to escalate privileges to root and execute arbitrary commands. The affected versions are Telos Alliance Omnia MPX Node through 1.5.0+r1.
CVE ID: CVE-2022-36642 (Critical)
A SQL injection vulnerability has been discovered in Online Food Ordering System. The affected version is Online Food Ordering System v1.0.
CVE ID: CVE-2022-36759 (Critical)
Remote Code Execution (RCE) vulnerability has been discovered in Apache OFBiz. The affected versions are Apache OFBiz release 18.12.05 and earlier.
CVE ID: CVE-2022-25371 (Critical)
It has been discovered that in D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVE ID: CVE-2022-37128 (Critical)
A command injection vulnerability has been discovered in Rpi-Jukebox-RFID. The affected version is RPi-Jukebox-RFID v2.3.0.
CVE ID: CVE-2022-36749 (Critical)
Qualcomm has released security bulletin to address multiple vulnerabilities affecting its devices.
CVE ID: CVE-2022-25708 (Critical), CVE-2022-25652 (Critical), CVE-2022-22105 (Critical)
It has been discovered that Vice Society ransomware is obtaining initial network access through compromised credentials by exploiting internet-facing applications and exploiting the PrintNightmare vulnerability (CVE-2021-1675 and CVE-2021-34527 ) to escalate privileges. Mitigations are available.
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- DOPSoft 2 that can allow arbitrary code execution. The affected products are DOPSoft 2 version 2.00.07 and prior. DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it is an End-of-Life (EoL) product.
CVE ID: CVE-2021-38402 (High), CVE-2021-38406 (High), CVE-2021-38404 (High)
An access of uninitialized pointer vulnerability has been discovered in Triangle Microworks' Equipment- TMW IEC 61850 Software Library and TMW IEC 60870-6 (ICCP/TASE.2) Software Library. Successful exploitation can lead to a Denial of Service (DoS) condition to any server or client using the affected libraries.
CVE ID: CVE-2022-38138 (High)
AVEVA has released security updates to address multiple vulnerabilities in its equipment- AVEVA Edge 2020 R2 SP1 and all prior versions. Successful exploitation can result in arbitrary code execution, information disclosure, or Denial of Service (DoS).
CVE ID: CVE-2022-36970 (High), CVE-2022-28686 (High), CVE-2022-28687 (High), CVE-2022-28688 (High), CVE-2022-28685 (High), CVE-2022-36969 (Medium)
WordPress has released security updates to address a stored Cross-Site Scripting (XSS) vulnerability in Wordfence Security Firewall & Malware Scan plugin for WordPress. The affected versions are Wordfence Security Firewall & Malware Scan versions up to, and including 7.6.0.
CVE ID: CVE-2022-3144 (Medium)
Dell has released security updates to address multiple vulnerabilities in Bash, a third-party component, that affects Dell PowerScale OneFS.
CVE ID: CVE-2019-9924 (High), CVE-2019-18276 (High), CVE-2016-7543 (High), CVE-2016-9401 (Medium)
HP has released security updates to address a privilege escalation vulnerability in HP Support Assistant. The affected products are HP Support Assistant versions earlier than 9.11, and Fusion versions earlier than 1.38.2601.0.
CVE ID: CVE-2022-38395 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-1049 (High), CVE-2022-2735, CVE-2022-3075, CVE-2022-27337 (Medium), CVE-2022-38784 (High)
Android has released security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-09-05 or later, address all of these issues.
An incorrect access control vulnerability has been discovered in Doctor's Appointment System via edoc/patient/settings.php. The affected version is Doctor's Appointment System 1.0.
CVE ID: CVE-2022-36202 (Critical)
A SQL Injection vulnerability has been discovered in Doctor's Appointment System. The affected version is Doctor's Appointment System 1.0.
CVE ID: CVE-2022-36201 (Critical)
A command injection vulnerability has been discovered in Rengine via the scan engine function. The affected version is Rengine v1.3.0.
CVE ID: CVE-2022-36566 (Critical)
It has been discovered that Quarkus does not terminate HTTP requests header context, which can lead to unpredictable behavior. The affected version is Quarkus 2.10.x.
CVE ID: CVE-2022-2466 (Critical)
It has been discovered that Tenda AC6(AC1200) contains a vulnerability that allows to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. The affected versions are Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below.
CVE ID: CVE-2022-37176 (Critical)
A command injection vulnerability has been discovered WAVLINK that allows to execute arbitrary commands via the username parameter. The affected version is WAVLINK WL-WN575A3 RPT75A3.V4300.201217.
CVE ID: CVE-2022-37149 (Critical)
Cognex has released security updates to address multiple vulnerabilities in its equipment- 3D-A1000 Dimensioning System. Successful exploitation can result in unauthorised password changes, escalation of privileges, falsifying of password logs, and bypassing of web access controls.
CVE ID: CVE-2022-1368 (Critical), CVE-2022-1522 (Medium), CVE-2022-1525 (Critical)
Hitachi Energy has released security updates & mitigations to address multiple vulnerabilities in Hitachi Energy's Equipment- AFS660/AFS665 series, and MicroSCADA Pro/X SYS600 products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-6994 (Critical), CVE-2022-0778 (High), CVE-2020-25692 (High), CVE-2022-1778 (High), CVE-2022-2277 (High), CVE-2022-29922 (High), CVE-2022-29490 (High), CVE-2022-29492 (Medium)
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the Desktop Laptop Option (DLO) application login page. Successful exploitation allows to inject arbitrary web script into the HTTP parameter which reflects the user input without sanitization due to improper neutralization of input during Web Page Generation. The affected versions are Veritas Desktop Laptop Option (DLO) versions 9.7, 9.6, 9.5, 9.4, 9.3.3, 9.3.2, 9.3.1, 9.3, 9.2, 9.1 and earlier unsupported versions.
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
GitLab has released Community Edition and Enterprise Edition version 15.3.3 to resolve a number of regressions and bugs in 15.3 release and prior versions.
SYNCK GRAPHICA has a released security update to address an information disclosure vulnerability in Mailform Pro CGI. The affected version is Mailform Pro CGI 4.3.1 and earlier.
CVE ID: CVE-2022-38400 (Low)
HarmonyOS has released a security bulletin to address multiple vulnerabilities affecting several Huawei phones and tablets that run HarmonyOS. Security patch levels of 2022-09-01 or later address all of these issues.
CVE ID: CVE-2022-38990 (Critical), CVE-2022-38993 (Critical), CVE-2022-39006 (Critical), CVE-2022-38987 (Critical)
QNAP has released security updates to fix vulnerability related to Deadbolt ransomware attack on QNAP NAS devices running Photo Station with internet exposure. The affected products are QTS 5.0.1: Photo Station 6.1.2 and later, QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later, QTS 4.3.6: Photo Station 5.7.18 and later, QTS 4.3.3: Photo Station 5.4.15 and later and QTS 4.2.6: Photo Station 5.2.14 and later.
Google has released Extended Stable channel 104.0.5112.114 for Windows and Mac, Chrome 105 (105.0.5195.77) for Android, Chrome Beta 106 (106.0.5249.23) for Android, and Stable channel 105.0.5195.102 for Windows, Mac and Linux to resolve the vulnerability. An exploit for an insufficient data validation vulnerability (CVE-2022-3075) exists in the wild.
CVE ID: CVE-2022-3075 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco released a security update to resolve a vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software that can cause a Denial of Service (DoS) condition on an affected device.
CVE ID: CVE-2021-1588 (High)
WordPress has released security updates to address a security protection bypass vulnerability in WP Cerber Security, Anti-spam & Malware Scan plugin for WordPress. The affected versions are WP Cerber Security, Anti-spam & Malware Scan versions up to, and including 9.1.
CVE ID: CVE-2022-2939 (Medium)
Microsoft has released an updated Microsoft Edge Stable Channel (Version 105.0.1343.27). This update contains a fix for CVE-2022-3075, which has an exploit in the wild.
A SQL injection vulnerability has been discovered in Clinic's Patient Management System via the id parameter at /pms/update_patient.php. The affected version is Clinic's Patient Management System v1.0.
CVE ID: CVE-2022-36609 (Critical)
A SQL injection vulnerability has been discovered in Mapper via the ids parameter in the selectByIds function. The affected versions are Mapper v4.0.0 to v4.2.0.
CVE ID: CVE-2022-36594 (Critical)
It has been discovered that Seiko SkyBridge MB-A200 v01.00.04 and below contains multiple hard-coded passcodes for root. Adversaries are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.
CVE ID: CVE-2022-36560 (Critical)
A command injection vulnerability has been discovered in Seiko SkyBridge MB-A200 via the Ping parameter at ping_exec.cgi. The affected versions are Seiko SkyBridge MB-A200 v01.00.04 and below.
CVE ID: CVE-2022-36559 (Critical)
A command injection vulnerability has been discovered in Seiko SkyBridge MB-A100/A110 via the ipAddress parameter at 07system08execute_ping_01. The affected versions are Seiko SkyBridge MB-A100/A110 v4.2.0 and below.
CVE ID: CVE-2022-36556 (Critical)
A command injection vulnerability has been discovered in Hytec Inter HWL-2511-SS via the component /www/cgi-bin/popen.cgi. The affected versions are Hytec Inter HWL-2511-SS v1.05 and below.
CVE ID: CVE-2022-36553 (Critical)
Alfasad has released security updates to address a command injection vulnerability in the PowerCMS XMLRPC API. The affected versions are PowerCMS 6.021 and earlier, PowerCMS 5.21 and earlier, PowerCMS 4.51 and earlier and PowerCMS 3 Series and earlier ( which are unsupported (End-of-Life (EOL)) versions).
CVE ID: CVE-2022-33941 (Critical)
An OS command injection vulnerability via ReaderNo has been discovered in Nortek Linear eMerge E3-Series devices before 0.32-08f.
CVE ID: CVE-2022-31499 (Critical)
It has been discovered that Printix Secure Cloud Print Management incorrectly used privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. The affected versions are Printix Secure Cloud Print Management through 1.3.1106.0.
CVE ID: CVE-2022-25089 (Critical)
Multiple vulnerabilities have been discovered in UNISOC's BootROM. An attacker can exploit these vulnerabilities to take control of an affected system. The mitigations are available.
CVE ID: CVE-2022-38691 (Critical), CVE-2022-38692 (Critical),CVE-2022-38693 (High), CVE-2022-38694 (High), CVE-2022-38695 (Medium), CVE-2022-38696 (Medium)
Debian has released a security update to address multiple vulnerabilities in Chromium, which can result in the execution of arbitrary code, Denial of Service (DoS) or information disclosure.
CVE ID: CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071
It has been discovered that Hytec Inter HWL-2511-SS implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. The affected versions are Hytec Inter HWL-2511-SS v1.05 and below.
CVE ID: CVE-2022-36555 (Critical)
A command injection vulnerability has been discovered in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS that allows attackers to execute arbitrary commands with root privileges. The affected versions are Hytec Inter HWL-2511-SS v1.05 and below.
CVE ID: CVE-2022-36554 (Critical)
A SQL injection vulnerability has been discovered in ApolloTheme AP PageBuilder component for PrestaShop, that allows unauthenticated attackers to exfiltrate database data. The affected versions are ApolloTheme AP PageBuilder component through 2.4.4.
CVE ID: CVE-2022-22897 (Critical)
It has been discovered that morgan-json package is vulnerable to arbitrary code execution due to missing sanitization of input passed to the Function constructor. All versions of morgan-json package are vulnerable.
CVE ID: CVE-2022-25921 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Sinsiu Enterprise Website System. The affected version is Sinsiu Enterprise Website System v1.1.1.0.
CVE ID: CVE-2022-36572 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System. The affected version is Ingredients Stock Management System V1.0.
CVE ID: CVE-2022-36706 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System. The affected version is Ingredients Stock Management System V1.0.
CVE ID: CVE-2022-36705 (Critical)
A command injection vulnerability has been discovered in D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 via /cgibin, hnap_main.
CVE ID: CVE-2022-37056 (Critical)
A buffer overflow vulnerability has been discovered in D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 via cgibin, hnap_main.
CVE ID: CVE-2022-37055 (Critical)
Contec has released security updates to address multiple vulnerabilities in FLEXLAN FX3000 and FX2000 series. The affected versions are FLEXLAN FX3000 series prior to ver.1.16.00, and FLEXLAN FX2000 series prior to ver.1.39.00.
CVE ID: CVE-2022-36158 (High), CVE-2022-36159 (High)
Multiple vulnerabilities have been discovered in Contec Health's Equipment- CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor that can allow a threat actor to cause a Denial of Service (DoS) condition, modify firmware with physical access to the device, access a root shell, or employ hard-coded credentials to make configuration changes.
CVE ID: CVE-2022-36385 (Medium), CVE-2022-38100 (High), CVE-2022-38069 (Medium), CVE-2022-38453 (Low), CVE-2022-3027 (Medium)
An out-of-bounds read vulnerability has been discovered in Delta Electronics' Equipment- DOPSoft that can allow an attacker to gain sensitive information.
CVE ID: CVE-2022-2966 (Low)
Dell has released security updates to address an improper certificate validation vulnerability in Dell OS10 SupportAssist. A remote unauthenticated user can exploit this vulnerability, leading to unauthorized access to limited switch configuration data that can be leveraged to conduct Man-in-The-Middle (MiTM) attacks. The affected version is Dell OS10 version 10.5.3.4.
CVE ID: CVE-2022-34394 (Low)
Google has released Chrome Beta 106 (106.0.5249.10) for iOS, Dev channel 107.0.5263.0 (Platform version: 15081.0.0) for a limited set of ChromeOS devices, Beta channel 106.0.5249.14 (Platform version: 15054.18.0/15054.19.0) for most ChromeOS devices, Chrome 106 (106.0.5249.21) Beta channel for Windows, Linux and Mac, Chrome Stable 105 (105.0.5195.98) for iOS, Chrome Dev 107 (107.0.5271.2) for Android, and Dev channel 106.0.5249.21 for Windows, Mac & Linux.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Huawei has released security update to address an out-of-bounds read and write vulnerability in Huawei Headset products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-36602 (High)
Ubuntu has released security updates to address an out-of-bounds write vulnerability in Linux kernel that can cause a Denial of Service (DoS) or possibly execute arbitrary code. The affected products are Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2021-33656 (High)
WordPress has released security updates to address multiple Cross-Site Scripting (XSS) vulnerabilities in Image Hover Effects Ultimate plugins for WordPress. The affected versions are Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) versions up to, and including 9.7.3.
CVE ID: CVE-2022-2935 (Medium), CVE-2022-2936 (Medium), CVE-2022-2937 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.2.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3033 (High), CVE-2022-3032 (Medium), CVE-2022-3034 (Medium), CVE-2022-36059 (Medium)
Apple has released security updates to address an out-of-bounds write vulnerability in iOS 12.5.6 for iPhone and iPod touch. Processing maliciously crafted web content can lead to arbitrary code execution. The affected products are iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
CVE ID: CVE-2022-32893
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Edoc-doctor-appointment-system contains a SQL injection vulnerability via the id parameter at /patient/settings.php. The affected version is Edoc-doctor-appointment-system v1.0.1.
CVE ID: CVE-2022-36545 (Critical)
A SQL injection vulnerability has been discovered in Edoc-doctor-appointment-system via the id parameter at /patient/booking.php. The affected version is Edoc-doctor-appointment-system v1.0.1.
CVE ID: CVE-2022-36544 (Critical)
It has been discovered that Edoc-doctor-appointment-system contains a SQL injection vulnerability via the id parameter at /patient/doctors.php. The affected version is Edoc-doctor-appointment-system v1.0.1.
CVE ID: CVE-2022-36543 (Critical)
A weak password vulnerability has been discovered in the management system of RuoYi. The affected version is RuoYi v3.8.3.
CVE ID: CVE-2022-37158 (Critical)
An arbitrary file execution vulnerability has been discovered in the container package in MikroTik RouterOS. The affected version is MikroTik RouterOS 7.4beta4.
CVE ID: CVE-2022-34960 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-40663 (Critical), CVE-2022-29078 (Critical), CVE-2022-29968 (High), CVE-2022-1116 (High)
Multiple vulnerabilities have been discovered in PLANEX Network camera products SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 that can cause execution of arbitrary OS command on the affected products.
CVE ID: CVE-2022-38399 (Medium), CVE-2017-12576 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Fuji Electric has released security updates to address out-of-bounds read, and write-what-where condition vulnerabilities in its equipment- D300win. Successful exploitation can result in loss of sensitive data and manipulation of information.
CVE ID: CVE-2022-1738 (High), CVE-2022-1523 (Medium)
A cleartext transmission of sensitive information OT:ICEFALL vulnerability has been discovered in Honeywell's Equipment- Trend Controls IQ Series that utilize Inter-Controller (IC) protocol: all versions. Successful exploitation can cause the loss of authentication information in cleartext by sniffing network traffic. The mitigations are available.
CVE ID: CVE-2022-30312 (High)
An use after free vulnerability has been discovered in Omron's Equipment- CX-Programmer. Successful exploitation can allow an attacker to execute arbitrary code. The affected products are Omron CX-Programmer, all versions prior to v9.78. The mitigations are available.
CVE ID: CVE-2022-2979 (High)
Johnson Controls has released a security update to resolve a vulnerability in its product iSTAR Ultra. An unauthenticated user can craft an HTTP post request to run arbitrary commands as root user. The affected products are all iSTAR Ultra firmware versions prior to 6.8.9.CU01. The mitigations are available.
CVE ID: CVE-2022-21941
WordPress has released security updates to address multiple stored Cross-Site Scripting (XSS) vulnerabilities in Beaver Builder WordPress Page Builder plugin for WordPress. The affected versions are Beaver Builder WordPress Page Builder versions up to, and including 2.5.5.2.
CVE ID: CVE-2022-2517 (Medium), CVE-2022-2695 (Medium)
Dell has released security updates to address multiple vulnerabilities in third-party Component PostgreSQL that affects several Dell NetWorker products.
HP has released security updates to address Denial of Service (DOS) vulnerability in HP Print and Digital Send products.
CVE ID: CVE-2022-0778 (Medium)
Debian has released a security update to address a buffer overflow vulnerability in the vhost code of DPDK, which can result in Denial of Service (DoS) or the execution of arbitrary code by malicious guests/containers.
CVE ID: CVE-2022-2132, CVE-2022-28199
It has been discovered that Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.
CVE ID: CVE-2022-38116 (Critical)
An use after free vulnerability has been discovered in storage of Google Chrome prior to 100.0.4896.88 that allow a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE ID: CVE-2022-1312 (Critical)
Multiple vulnerabilities in open-source software components (JQuery, GoAhead Embedded Webserver, and Curl) have been discovered in Hitachi Energy's Equipment- MSM products, that can disrupt the functionality of the MSM web interface, steal sensitive user credentials, or cause a Denial of Service (DoS) condition. The affected products are MSM version 2.2 and earlier.
CVE ID: CVE-2015-6584 (Medium), CVE-2016-7103 (Medium), CVE-2011-4273 (Medium), CVE-2018-16842 (Critical), CVE-2016-9586 (High), CVE-2016-8617 (High), CVE-2016-8618 (Critical), CVE-2016-8619 (Critical), CVE-2016-8621 (High), CVE-2016-7167 (Critical), CVE-2014-3707 (Medium), CVE-2013-2174 (Medium), CVE-2014-0138 (Medium)
Honeywell has released security updates to address a missing authentication for critical function OT:ICEFALL vulnerability in Honeywell's Equipment- ControlEdge. Successful exploitation can allow full control of the device, which can include Remote Code Execution (RCE), Denial of Service (DoS), or configuration manipulation.
CVE ID: CVE-2022-30318 (Critical)
A missing authentication for critical function OT:ICEFALL vulnerability has been discovered in Honeywell's Equipment- Experion LX, that can allow configuration manipulation and a Denial of Service (DoS) condition. The mitigations are available.
CVE ID: CVE-2022-30317 (Critical)
Multiple vulnerabilities such as heap-based buffer overflow, and stack-based buffer overflow have been discovered in PTC's Equipment- Kepware KEPServerEX, that can allow an adversary to crash the device or remotely execute arbitrary code. The affected products are Kepware KEPServerEX v6.11 or lower, ThingWorx Kepware Server: v6.11 or lower, ThingWorx Industrial Connectivity all versions, OPC-Aggregator: v6.11 or lower, ThingWorx Kepware Edge v1.4 or lower, Rockwell Automation KEPServer Enterprise: v6.11 or lower, GE Digital Industrial Gateway Server: v7.611 or lower and Software Toolbox TOP Server: v6.11 or lower. The mitigations are available.
CVE ID: CVE-2022-2848 (Critical), CVE-2022-2825 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-34568 (High), CVE-2022-2787, CVE-2022-2526
NVIDIA has released security update for Data Plane Development Kit (MLNX_DPDK) to address a vulnerability that can cause denial of service, and some impact to data integrity and confidentiality.
CVE ID: CVE-2022-28199 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that the package com.google.code.gson:gson is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which can lead to DoS attacks. This vulnerability allows a remote, authenticated attacker to cause a denial-of-service (DoS) on the F5 BIG-IP system specific to the iAppsLX service, and the BIG-IQ system specific to the iControl REST framework.
CVE ID: CVE-2022-25647 (Medium)
Debian has released security updates to address multiple vulnerabilities in Thunderbird, which can result in denial of service or the execution of arbitrary code.
CVE ID: CVE-2022-38472 (High), CVE-2022-38473 (High), CVE-2022-38478 (High)
NetApp has released security updates to address multiple vulnerabilities in Java Platform Standard Edition that affects several NetApp products.
CVE ID: CVE-2022-21540 (Medium), CVE-2022-21541 (Medium), CVE-2022-21549 (Medium), CVE-2022-34169 (High)
It has been discovered that MDaemon Technologies' SecurityGateway for Email Server is vulnerable to HTTP Response splitting vulnerability via the data parameter. The affected version is SecurityGateway for Email Servers 8.5.2.
CVE ID: CVE-2022-37242 (Critical)
It has been discovered that H3C H200 H200V100R004 contain a stack overflow vulnerability via the function UpdateMacClone.
CVE ID: CVE-2022-37100 (Critical)
It has been discovered that in Apache Maven maven-shared-utils the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. The affected versions are Apache Maven maven-shared-utils prior to version 3.3.3.
CVE ID: CVE-2022-29599 (Critical)
Aruba has released security updates to address an authenticated remote command injection vulnerability in Aruba ClearPass Policy Manager. The affected versions are Aruba ClearPass Policy Manager versions 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below.
CVE ID: CVE-2022-23663 (Critical)
It has been discovered that Ricoh Device Software Manager installer contains a vulnerability in the DLL search path, which can lead to insecure loading of Dynamic Link Libraries. Arbitrary code can be executed with the privilege of the user invoking the installer. The affected versions are Installer of Device Software Manager prior to Ver.2.20.3.0.
CVE ID: CVE-2022-36403 (High)
Multiple vulnerabilities have been discovered in CentreCOM AR260S V2. A remote attacker can execute an arbitrary OS command. The affected versions are CentreCOM AR260S V2 firmware prior to Ver.3.3.7.
CVE ID: CVE-2022-35273 (High), CVE-2022-38394 (High), CVE-2022-34869 (High), CVE-2022-38094 (High)
It has been discovered that NVFLARE contains a deserialization of Untrusted Data vulnerability due to Pickle usage that allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. The affected versions are NVFLARE prior to 2.1.4.
CVE ID: CVE-2022-34668 (Critical)
A memory corruption vulnerability has been discovered in kernel of PowerVR GPU driver that allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls.
CVE ID: CVE-2022-20122 (Critical)
Google has released Dev channel 106.0.5249.12 (Platform version: 15054.14.0) for most ChromeOS devices, and Chrome Beta 105 (105.0.5195.68) for Android.
Foxit has released an updated Foxit PDF Editor 11.2.3 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier.
A SQL injection vulnerability has been discovered in Online Diagnostic Lab Management System. The affected version is Online Diagnostic Lab Management System 1.0.
CVE ID: CVE-2022-37152 (Critical)
A SQL injection vulnerability has been discovered in Simple Task Scheduling System. The affected version is Simple Task Scheduling System 1.0.
CVE ID: CVE-2022-36683 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System. The affected version is Ingredients Stock Management System 1.0.
CVE ID: CVE-2022-36697 (Critical)
It has been discovered that Claroline is vulnerable to remote code execution vulnerability via arbitrary file upload. The affected versions are Claroline 13.5.7 and prior.
CVE ID: CVE-2022-37159 (Critical)
A stack overflow vulnerability has been discovered in Tenda AC1206. The affected version is Tenda AC1206 V15.03.06.23.
CVE ID: CVE-2022-37815 (Critical)
Broken Authentication vulnerability has been discovered in yotuwp Video Gallery plugin of WordPress. The affected versions are yotuwp Video Gallery plugin 1.3.4.5 and prior.
CVE ID: CVE-2022-35726 (Critical)
Missing authentication for critical function vulnerability has been discovered in UNIMO Technology digital video recorders that allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.
CVE ID: CVE-2022-35733 (Critical)
A directory traversal vulnerability has been discovered in the unzipDirectory functionality of WWBN AVideo and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution.
CVE ID: CVE-2022-30547 (Critical)
Server-side request forgery (SSRF) vulnerability has been discovered in wkhtmlTOpdf that allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. The affected version is wkhtmlTOpdf 0.12.6.
CVE ID: CVE-2022-35583 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-40663 (Critical), CVE-2022-21151 (Medium), CVE-2022-31627 (Critical), CVE-2022-32083 (High), CVE-2022-32086 (High), CVE-2022-34903 (Medium), CVE-2022-34918 (High), CVE-2022-2056 (Medium), CVE-2022-2057 (Medium), CVE-2022-2058 (Medium)
An out-of-bounds write vulnerability has been discovered in FATEK Automation's Equipment- FvDesigner that can cause Remote Code Execution (RCE).
CVE ID: CVE-2022-2866 (High)
Google has released Chrome Dev 106 (106.0.5249.9) for Android, Dev channel 106.0.5249.12 for Windows, Mac and Linux, and Chrome Beta 105 (105.0.5195.58) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Tenda AC1206 contains a stack overflow vulnerability via the function fromSetIpMacBind. The affected version is Tenda AC1206 V15.03.06.23.
CVE ID: CVE-2022-37816 (Critical)
An arbitrary code execution vulnerability has been discovered in the file upload wizard of Zengenti Contensis Classic. The affected versions are Zengenti Contensis Classic before 15.2.1.79.
CVE ID: CVE-2022-34919 (Critical)
Debian has released a security update to address a heap-based buffer overflow vulnerability in the zlib package, which can result in Denial of Service (DoS) or potentially the execution of arbitrary code if specially crafted input is processed.
CVE ID: CVE-2022-37434 (Critical)
Ubuntu has released security updates to address several vulnerabilities in the linux-azure-fde package - Linux kernel (Azure CVM). An attacker can exploit these vulnerabilities to take control of an affected system. the affected product is Ubuntu 20.04 LTS.
CVE ID: CVE-2022-1974, CVE-2022-0494, CVE-2022-34918, CVE-2022-1734, CVE-2022-1975, CVE-2022-1652, CVE-2022-28893, CVE-2022-1048, CVE-2022-2588, CVE-2022-1679, CVE-2022-2586
F5 has released security updates to address an improper resource shutdown or release vulnerability in BIG-IP systems that can cause a degradation of service & can lead to a Denial of Service (DoS) on the BIG-IP system.
CVE ID: CVE-2022-35240 (High)
Atlassian has released security update to address a command injection vulnerability Bitbucket Server and Data Center. All versions of Bitbucket Server and Datacenter after 6.10.17 including 7.0.0 and newer are affected by this vulnerability.
CVE ID: CVE-2022-36804 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20823 (High), CVE-2022-20824 (High), CVE-2022-20921 (High), CVE-2022-20865 (Medium)
SonicWall has released security updates to address Heap-based Buffer Overflow, and Exposure of Sensitive Information vulnerabilities in the SonicWall SMA100 appliance.
CVE ID: CVE-2022-2915 (High)
An access bypass vulnerability has been discovered in Commerce Elavon, a third-party library used by Drupal. Commerce Elavon has released security update to address this vulnerability.
Google has released Dev channel 106.0.5249.7 (Platform version: 15054.10.0) for most ChromeOS devices, Beta channel 105.0.5195.52 for Windows, Mac and Linux, and Chrome Beta 105 (105.0.5195.47) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-1552 (High), CVE-2020-35513 (Medium)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-30560 (High), CVE-2022-38472 (Medium), CVE-2022-38473, CVE-2022-38478, CVE-2022-31676
A SMM memory corruption vulnerability has been discovered in InsydeH20 that affects NetApp products that can lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
CVE ID: CVE-2021-33625 (High)
A SQL injection vulnerability has been discovered in line 132 of admin/area.php of Bluecms. The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37113 (Critical)
A SQL injection vulnerability has been discovered in in line 55 of admin/model.php of Bluecms. The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37112 (Critical)
A SQL injection vulnerability has been discovered in line 132 of admin/article.php of Bluecms. The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37111 (Critical)
A SQL injection vulnerability has been discovered in JFinal CMS via /jfinal_cms/system/role/list. The affected version is JFinal CMS 5.1.0.
CVE ID: CVE-2022-37223 (Critical)
A SQL injection vulnerability has been discovered in JFinal CMS via /jfinal_cms/system/user/list. The affected version is JFinal CMS 5.1.0.
CVE ID: CVE-2022-37199 (Critical)
An arbitrary file deletion vulnerability has been discovered in taocms that allows to delete file in server. The affected version is taocms 3.0.2.
CVE ID: CVE-2022-36261 (Critical)
It has been discovered that HTTP applications (servers) based on Crow can allow a Use-After-Free and code execution when HTTP pipelining is used. The affected versions are Crow through 1.0+4.
CVE ID: CVE-2022-38667 (Critical)
A buffer overflow vulnerability has been discovered in D-link DIR-816. The affected version is D-link DIR-816 A2_v1.10CNB04.img.
CVE ID: CVE-2022-37134 (Critical)
A Java deserialization vulnerability has been discovered in the Fishbowl Server of Fishbowl Inventory that allows remote attackers to execute arbitrary code via a crafted XML payload. The affected versions are Fishbowl Inventory versions prior to 2022.4.1.
CVE ID: CVE-2022-29805 (Critical)
A read-beyond-bounds vulnerability has been discovered in Apache HTTP Server that can lead to a crash or disclosure of information. The affected versions are Apache HTTP Server 2.4.53 and earlier.
CVE ID: CVE-2022-28615 (Critical)
It has been discovered that a missing segregation of duty for the SAP Solution Manager administrator can impact unauthorized execution of commands that lead to sensitive information disclosure, loss of system integrity and Denial of Service.
CVE ID: CVE-2022-22544 (Critical)
A request smuggling and request concatenation vulnerability has been discovered in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher.
CVE ID: CVE-2022-22536 (Critical)
A vulnerability has been discovered in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 & 7.53, that can trigger improper shared memory buffer handling when a crafted HTTP server request is submitted.
CVE ID: CVE ID: CVE-2022-22532 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel and Twisted. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-33655 (High), CVE-2021-33061 (Medium), CVE-2022-24801
Multiple vulnerabilities such as reflected Cross Site Scripting (XSS), and HTTP response splitting vulnerabilities have been discovered in WorkstationST. The affected versions are WorkstationST prior to v07.09.15.
CVE ID: CVE2022-37952 (Low), CVE-2022-37953 (Low)
VMware has released security updates to address a Local privilege escalation vulnerability in VMware Tools. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVE ID: CVE-2022-31676 (High)
ARC Informatique has released security updates to address a cleartext storage of sensitive information vulnerability in its equipment- PcVue. Successful exploitation vulnerability can allow to access the OAuth web service database.
CVE ID: CVE-2022-2569 (Medium)
Measuresoft has released a security update to address an out-of-bounds write vulnerability in its equipment- ScadaPro Server, that can allow arbitrary code execution.
CVE ID: CVE-2022-2892 (High)
Multiple vulnerabilities have been discovered in Measuresoft's Equipment- ScadaPro Server and Client that can cause arbitrary code execution, privilege escalation, or a Denial of Service condition.
CVE ID: CVE-2022-2894 (High), CVE-2022-2895 (High), CVE-2022-2896 (High), CVE-2022-2897 (High), CVE-2022-2898 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-38663 (Medium), CVE-2022-38664 (High), CVE-2022-38665 (Low), CVE-2021-25738 (High)
Dell has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-26691, CVE-2022-1271, CVE-2022-1586, CVE-2022-31741, CVE-2015-20107, CVE-2022-2068, CVE-2022-1292, CVE-2022-1664, CVE-2020-17530, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068
A reflected Cross Site Scripting (XSS) vulnerability has been discovered in the charts tab selection functionality of WWBN AVideo and dev master commit 3f7c0364 that can lead to arbitrary Javascript execution.
CVE ID: CVE-2022-26842 (Critical)
An authentication bypass vulnerability has been discovered in miniOrange OAuth plugin for WordPress.
CVE ID: CVE-2022-34858 (Critical), CVE-2022-34149 (Critical)
Multiple SQL injection vulnerabilities have been discovered in Bus Pass Management System. The affected versions are Bus Pass Management System 1.0.
CVE ID: CVE-2022-36198 (Critical)
A stack buffer overflow vulnerability has been discovered in Tenda ac15 firmware. The affected version is Tenda ac15 firmware V15.03.05.18 httpd server.
CVE ID: CVE-2022-37175 (Critical)
A memory corruption vulnerability has been discovered in jsonxx or Json++ . The updates are not expected, users are advised to find a replacement.
CVE ID: CVE-2022-23459 (Critical)
A SQL injection vulnerability has been discovered in Yimioa via the orderbyGET parameter. The affected version is Yimioa v6.1.
CVE ID: CVE-2022-36605 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in Tenda-AC18. The affected version is Tenda-AC18 V15.03.05.05.
CVE ID: CVE-2022-35201 (Critical)
It has been discovered that Mealie employs weak password requirements which allows an adversary to potentially gain unauthorized access to the application via brute-force attacks. The affected version is Mealie 1.0.0beta3.
CVE ID: CVE-2022-34615 (Critical)
A use of hard-coded cryptographic key vulnerability has been discovered in Delta Electronics' Equipment- Delta Industrial Automation DIALink that can result in the exposure of sensitive data.
CVE ID: CVE-2022-2660 (Critical)
A command injection vulnerability has been discovered in mySCADA Technologies' Equipment- mySCADA myPRO. Successful exploitation can allow to run commands directly in the operating system.
CVE ID: CVE-2022-2234 (Critical)
PukiWiki has released a security update to address path traversal, and reflected Cross-site Scripting (XSS) vulnerabilities in PukiWiki.
CVE ID: CVE-2022-34486 (High), CVE-2022-27637 (Medium)
WordPress has released security updates to address multiple vulnerabilities in the WordPress Infinite Scroll Ajax Load More plugin for WordPress, and WP-UserOnline plugin for WordPress.
CVE ID: CVE-2022-2943 (Medium), CVE-2022-2945 (Medium), CVE-2022-2433 (High), CVE-2022-2941 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
F5 has released security updates to address a vulnerability in 'node' iRules command which allows an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Successful exploitation can connect to internal IP addresses/services through an iRule that allows unconstrained manipulation of the target of the node command.
CVE ID: CVE-2022-33962 (Medium)
Trellix has released security updates to address an improper restriction of XML external entity reference vulnerability in Data Loss Prevention (DLP) Endpoint for Windows. The affected versions are Data Loss Prevention Endpoint for Windows prior to 11.6.600 and 11.9.100.
CVE ID: CVE-2022-2330 (Medium)
An XML External Entity Injection (XXE) vulnerability has been discovered in IBM MQ while processing XML data. A remote attacker can exploit this vulnerability to expose sensitive information or consume memory resources. The affected versions are IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD.
CVE ID: CVE-2022-22489 (Critical)
It has been discovered that Kiosk breakout (without quit password) in Safe Exam Browser (Windows) allows an attacker to achieve code execution via the browsers' print dialog. The affected versions are Safe Exam Browser (Windows) prior to 3.4.0.
CVE ID: CVE-2022-36220 (Critical)
A SQL injection vulnerability has been discovered in Library Management System. The affected version is Library Management System v1.0.
CVE ID: CVE-2022-36729 (Critical), CVE-2022-36728 (Critical), CVE-2022-36727 (Critical)
Authentication bypass vulnerability has been discovered in Open AMT Cloud Toolkit software for Intel(R). The affected versions are Open AMT Cloud Toolkit software for Intel(R) before versions 2.0.2 and 2.2.2.
CVE ID: CVE-2022-25899 (Critical)
It has been discovered that Apache Xalan Java XSLT library is vulnerable to an integer truncation vulnerability when processing malicious XSLT stylesheets. This vulnerabilitiy can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. No security update will be released by Apache Xalan Java to address this vulnerability.
CVE ID: CVE-2022-34169 (Critical)
GitLab has released updated versions 15.3.1, 15.2.3, and 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2884 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Libxslt and Exim. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2019-5815 (High), CVE-2021-30560 (High), CVE-2022-37452 (Critical)
Debian has released security updates to address multiple buffer overflow vulnerabilities in Kicad package, which can result in the execution of arbitrary code.
CVE ID: CVE-2022-23803 (High), CVE-2022-23804 (High), CVE-2022-23946 (High), CVE-2022-23947 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability can allow information disclosure and escalation of privilege via network access.
CVE ID: CVE-2022-30601 (Critical)
A remote command injection vulnerability has been discovered in FLIR AX8 thermal sensor cameras that can allow to execute arbitrary commands on the underlying operating system with the root privileges. The affected versions are all FLIR AX8 thermal sensor cameras version up to and including 1.46.16.
CVE ID: CVE-2022-37061 (Critical)
Huawei has released a security update to address a permission bypass vulnerability in Huawei cross device task management. Successful exploitation can allow an attacker to access certain resources on the attacked devices.
CVE ID: CVE-2021-46834 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in the BMENUA0100 - OPC UA module and the BMENOR2200H X80 Advanced RTU communication module for M580.
CVE ID: CVE-2022-34759 (High), CVE-2022-34760 (High), CVE-2022-34761 (High), CVE-2022-34762 (Medium), CVE-2022-34763 (Medium), CVE-2022-34764 (Medium), CVE-2022-34765 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-23055 (Medium), CVE-2022-29582 (High), CVE-2022-32981 (High), CVE-2022-2274 (High), CVE-2022-22576 (Medium), CVE-2022-27774 (High), CVE-2022-27775 (High), CVE-2022-27776 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 104.0.1293.63). This update contains a fix for CVE-2022-2856, which has an exploit in the wild.
A stack buffer overflow vulnerability has been discovered due to unsafe parsing of a PNG tRNS chunk in FastStone Image Viewer. The affected versions are FastStone Image Viewer through 7.5.
CVE ID: CVE-2022-36947 (Critical)
It has been discovered that Hardcoded JWT Secret in AgileConfig Server allows remote attackers to use the generated JWT token to gain administrator access. The affected versions are AgileConfig Server prior to 1.6.8.
CVE ID: CVE-2022-35540 (Critical)
A SQL injection vulnerability has been discovered in Library Management System. The affected version is Library Management System v1.0.
CVE ID: CVE-2022-36725 (Critical), CVE-2022-36722 (Critical)
Apple has released security update to address an out-of-bounds write vulnerability in Safari for macOS Big Sur and macOS Catalina.
CVE ID: CVE-2022-32893
Siemens has released security updates to address OpenSSL Infinite Loop vulnerability in multiple industrial products. Successful exploitation of this vulnerability can create a denial-of-service condition in the affected products.
CVE ID: CVE-2022-0778 (High)
Dell has released security updates to address multiple vulnerabilities in Dell EMC PowerFlex Rack that can be exploited by malicious users to compromise the affected system.
A SQL injection vulnerability has been discovered in Barangay Management System. The affected version is Barangay Management System v1.0.
CVE ID: CVE-2022-35175 (Critical)
It has been discovered that the IBM Security Verify Governance Identity Manager virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. The affected version is IBM Security Verify Governance Identity Manager 10.0.
CVE ID: CVE-2022-22455 (Critical)
It has been discovered that Zoom On-Premise Meeting Connector Zone Controller (ZC) fails to properly parse STUN error codes, which can result in memory corruption and can allow a malicious actor to crash the application. The affected versions are Zoom On-Premise Meeting Connector Zone Controller (ZC) versions prior to 4.8.20220419.112.
CVE ID: CVE-2022-28750 (Critical)
Buffer Overflow vulnerability has been discovered in D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 via authenticationcgi_main.
CVE ID: CVE-2022-36525 (Critical)
Command Injection vulnerability has been discovered in D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 via /htdocs/upnpinc/gena.php.
CVE ID: CVE-2022-36523 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-2625 (High), CVE-2022-33741 (High), CVE-2022-26365 (High), CVE-2022-33740 (High), CVE-2022-37434 (Critical)
Debian has released
security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-32792,
CVE-2022-32816, CVE-2022-24805, CVE-2022-24806, CVE-2022-24807,
CVE-2022-24808, CVE-2022-24809, CVE-2022-24810, CVE-2022-29536,
CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855,
CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859,
CVE-2022-2860, CVE-2022-2861.
Cisco has released
security updates to resolve several vulnerabilities in multiple
Cisco products. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-20871
(High), CVE-2022-20829 (Medium)
WordPress has released
security updates to address vulnerabilities in Migration, Backup,
Staging – WPvivid plugin for WordPress, Download Manager plugin
for WordPress, and All-in-One Video Gallery plugin for WordPress.
CVE ID: CVE-2022-2442 (High), CVE-2022-2436 (High),
CVE-2022-2633 (High)
Apple has released
security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-32894,
CVE-2022-32893
Google has released
Chrome Beta 105 (105.0.5195.37) for iOS, Chrome 104
(104.0.5112.97) for Android, Chrome Beta 105 (105.0.5195.35) for
Android, and Beta channel 105.0.5195.37 for Windows, Mac and
Linux.
Zoom has released
security updates to address a privilege escalation vulnerability
in Auto Updater for Zoom Client for Meetings for macOS. The
affected products are Zoom Client for Meetings for macOS
(Standard and for IT Admin) starting version 5.7.3 and before
version 5.11.6. CVE ID: CVE-2022-28757 (High)
Multiple vulnerabilities
have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected
system. The updates are available.
Microsoft has released
Microsoft Edge Mobile Stable Channel (Version 104.0.1293.60).
This update contains a fix for CVE-2022-2856, which has an
exploit in the wild.
A SQL injection
vulnerability has been discovered in Clinic's Patient Management
System. The affected version is Clinic's Patient Management
System v1.0. CVE ID: CVE-2022-36242 (Critical)
A code injection
vulnerability has been discovered in Esri Portal for ArcGIS which
can potentially cause arbitrary code execution in a victims
browser. The affected versions are Esri Portal for ArcGIS
versions 10.8.1 and below. CVE ID: CVE-2022-38193
(Critical)
A SQL injection
vulnerability has been discovered in Mingsoft MCMS. The affected
version is Mingsoft MCMS 5.2.8. CVE ID: CVE-2022-36599
(Critical), CVE-2022-36272 (Critical)
A buffer overflow
vulnerability has been discovered in the FTcpListener thread of
The Isle Evrima (the dedicated server on Windows and Linux),
which allows a remote attacker to crash any server with an
accessible RCON port, or possibly execute arbitrary code. The
affected versions are The Isle Evrima 0.9.88.07 before
2022-08-12. CVE ID: CVE-2022-38221 (Critical)
It has been discovered
that totd uses a fixed UDP source port in upstream queries sent
to DNS resolvers. This allows DNS cache poisoning because there
is not enough entropy to prevent traffic injection attacks. The
affected version is totd 1.5.3. CVE ID: CVE-2022-34294
(Critical)
It has been discovered
that Airspan AirVelocity 1500 web management UI displays SNMP
credentials in plaintext and stores SNMPv3 credentials unhashed
on the filesystem, enabling anyone with web access to use these
credentials to manipulate the eNodeB over SNMP. The affected
versions are Airspan AirVelocity 1500 web management UI older
than 15.18.00.2511. CVE ID: CVE-2022-36308
(Critical)
It has been discovered
that multiple CODESYS vulnerabilities affect several WAGO
products. The mitigations are available. CVE ID: CVE-2019-9013
(High), CVE-2019-9011, CVE-2020-12067, CVE-2020-12069,
CVE-2021-33485 (Critical), CVE-2020-6081 (High), CVE-2021-36763
(High), CVE-2021-36765 (High), CVE-2021-29241 (High),
CVE-2021-29242 (High)
An authorization bypass vulnerability through User-Controlled Key has been discovered in the GitHub repository emicklei/go-restful. The affected versions are GitHub repository emicklei/go-restful prior to v3.8.0.
CVE ID: CVE-2022-1996 (Critical)
Multiple vulnerabilities
such as out-of-bounds write, and heap-based buffer overflow have
been discovered in HDF5 file format, which allows an attacker to
execute remote code on a targeted device. CVE ID: CVE-2022-25972,
CVE-2022-25942, CVE-2022-26061
Multiple vulnerabilities
have been discovered in WWBN AVideo Web App, which can lead to
command injection or authentication bypass. CVE ID:
CVE-2022-32777, CVE-2022-32778, CVE-2022-32761, CVE-2022-28710,
CVE-2022-30534, CVE-2022-33147, CVE-2022-33148, CVE-2022-33149,
CVE-2022-32572, CVE-2022-26842, CVE-2022-32770, CVE-2022-32771,
CVE-2022-32772, CVE-2022-30690, CVE-2022-28712, CVE-2022-29468,
CVE-2022-30605, CVE-2022-32282
WordPress has released a security update to address a vulnerability due to deserialization of untrusted input via the $log_file value in Broken Link Checker plugin for WordPress. The affected versions are Broken Link Checker versions up to, and including 1.11.16.
CVE ID: CVE-2022-2438 (High)
It has been discovered that cyber threat actors have been targeting unpatched Zimbra Collaboration Suite (ZCS) instances in both government and private sector networks. Organizations that detect potential compromises should apply the mitigations.
CVE ID: CVE-2022-27924 (High), CVE-2022-27925 (High), CVE-2022-37042 (High), CVE-2022-30333 (High), CVE-2022-24682 (Medium)
An inadequate encryption strength vulnerability has been discovered in LS Electric's Equipment- LS ELEC PLC and XG5000. Successful exploitation of this vulnerability can allow to decrypt credentials and gain full access to the affected Programmable Logic Controller (PLC).
CVE ID: CVE-2022-2758 (Medium)
Delta Electronics has released security updates to address an improper restriction of XML external entity reference vulnerability in its Equipment- Delta Robot Automation Studio (DRAS) that can cause read and exfiltrate sensitive information from the affected host machine.
CVE ID: CVE-2022-2759 (Medium)
An unrestricted upload of a file with a dangerous type vulnerability has been discovered in B&R Industrial Automation's Equipment- Automation Studio 4, which can cause a threat to the integrity and confidentiality of data or cause a Denial of Service condition. The mitigations are available.
CVE ID: CVE-2021-22289 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A vulnerability has been discovered in taocms website settings that allows arbitrary php code to be injected by modifying config.php. The affected version is taocms 3.0.2.
CVE ID: CVE-2022-36262 (Critical)
A vulnerability in VR Calendar WordPress plugin allows any user to execute arbitrary PHP functions on the site. The affected versions are VR Calendar WordPress plugin through 2.2.2.
CVE ID: CVE-2022-2314 (Critical)
An authentication bypass vulnerability has been discovered in YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsofts Active Directory.
CVE ID: CVE-2022-37397 (Critical)
A stack overflow vulnerability has been discovered in /goform/setAutoPing of Tenda W6. An attacker can use this vulnerability to execute arbitrary code execution. The affected version is Tenda W6 V1.0.0.9(4122).
CVE ID: CVE-2022-35559 (Critical)
A vulnerability has been discovered in Red Hat Process Automation Manager that allows an adversary to conduct a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.
CVE ID: CVE-2022-2457 (Critical)
Softing has released security updates to address multiple vulnerabilities in its Equipment- Secure Integration server that can cause a Denial of Service (DoS) condition.
CVE ID: CVE-2022-1069 (High), CVE-2022-2334 (High), CVE-2022-2336 (Critical), CVE-2022-1373 (High), CVE-2022-2338 (Medium), CVE-2022-1748 (High), CVE-2022-2337 (High), CVE-2022-2547 (High), CVE-2022-2335 (High)
Multiple vulnerabilities have been discovered in Emerson's Equipment- Proficy Machine Edition. Successful exploitation of these vulnerabilities can allow execution of remote hidden code on the connected Programmable Logic Controller (PLC) and malicious files to be uploaded from the PLC to connected workstations. The mitigations are available.
CVE ID: CVE-2022-2793 (Medium), CVE-2022-2792 (Medium), CVE-2022-2791 (Medium), CVE-2022-2790 (Medium), CVE-2022-2789 (Medium), CVE-2022-2788 (Critical)
Multiple vulnerabilities have been discovered in Sequi's Equipment- Sequi PortBloque S, which can result in unauthorized changes to device configuration, to include adding new users or changing existing passwords for persistent access to the device.
CVE ID: CVE-2022-2662 (Critical), CVE-2022-2661 (Critical)
Google has released Dev channel 106.0.5239.0 (Platform version: 15047.0.0/15048.0.0) for most ChromeOS devices,Chrome Stable 104 (104.0.5112.99) for iOS and Stable channel 104.0.5112.101 for Mac & Linux & 104.0.5112.102/101 for Windows to resolve multiple vulnerabilities. An exploit for insufficient validation of untrusted input in intents vulnerability (CVE-2022-2856) exists in the wild.
CVE ID: CVE-2022-2852 (Critical), CVE-2022-2854 (High), CVE-2022-2855 (High), CVE-2022-2857 (High), CVE-2022-2858 (High), CVE-2022-2853 (High), CVE-2022-2856 (High), CVE-2022-2859 (Medium), CVE-2022-2860 (Medium), CVE-2022-2861 (Medium)
Red Hat has released
security updates to address multiple vulnerabilities in Red Hat
OpenShift sandboxed containers. The affected product is Red Hat
OpenShift Container Platform 4.11 for RHEL 8 x86_64. CVE
ID: CVE-2021-40528 (Medium), CVE-2022-1621 (High), CVE-2022-1629
(High), CVE-2022-22576 (High), CVE-2022-25313 (Medium),
CVE-2022-25314 (High), CVE-2022-27774 (Medium), CVE-2022-27776
(Medium), CVE-2022-27782 (High), CVE-2022-29824 (Medium)
Microsoft has released security updates to address an elevation of privilege vulnerability in Windows Defender Credential Guard affecting multiple products. Successful exploitation of this vulnerability can allow an attacker to gain SYSTEM privileges.
CVE ID: CVE-2022-34711 (High)
Microsoft has released security updates to address a security feature bypass vulnerability in Windows Defender Credential Guard affecting multiple products. Successful exploitation of this vulnerability can allow an attacker to bypass Kerberos protection used by Defender Credential Guard.
CVE ID: CVE-2022-35822 (High)
Ubuntu has released
security updates to resolve multiple vulnerabilities in WebKitGTK
Web and JavaScript engines that can cause Cross Site Scripting
(XSS) attacks, Denial of Service (DoS) attacks, and arbitrary code
execution. The affected products are Ubuntu 22.04 LTS & Ubuntu
20.04 LTS. CVE ID: CVE-2022-2294 (High),
CVE-2022-32792, CVE-2022-32816
Out of bounds write
vulnerability has been discovered in Chrome OS Audio Server in
Google Chrome for Chrome OS. This vulnerability allows a remote
attacker to potentially exploit heap corruption via crafted audio
metadata. The affected version are Google Chrome for Chrome OS
prior to 102.0.5005.125. CVE ID: CVE-2022-2587
(Critical)
It has been discovered
that due to insecure session management, SAP Enable Now allows an
unauthenticated attacker to gain access to user's account. On
successful exploitation, an attacker can view or modify user data
causing limited impact on confidentiality and integrity of the
application. CVE ID: CVE-2022-35293 (Critical)
An authentication-bypass
vulnerability has been discovered in MSNSwitch MNT.2408 of Mega
System Technologies Inc. This vulnerability allows
unauthenticated attackers to arbitrarily configure settings
within the application, leading to remote code execution. CVE ID: CVE-2022-32429 (Critical)
Multiple vulnerabilities
have been discovered in IBM products. An attacker can exploit
these vulnerabilities to take control of an affected system. The
updates are available.
TRUMPF has released
security updates to address multiple vulnerabilities in OPC UA
SDK that affects several TRUMPF products. CVE ID: CVE-2022-29864
(High), CVE-2022-29862 (High)
Privilege Escalation
vulnerability has been discovered in Auto Updater for Zoom Client
for Meetings for macOS. The affected products are Zoom Client for
Meetings for macOS (Standard and for IT Admin) starting with
version 5.7.3 and before 5.11.5. CVE ID: CVE-2022-28756
(High)
Multiple vulnerabilities have been discovered in several NetApp products.An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-35912(Critical),CVE-2022-33879(Low),CVE-2022-32532(Critical),CVE-2022-29582(High),CVE-2022-26477(High),CVE-2021-23055(Medium)
It has been discovered
that IBM Robotic Process Automation does not require users to
have strong passwords by default, which makes it easier for
attackers to compromise user accounts. The affected versions are
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2. CVE ID: CVE-2022-35280 (Critical)
It has been discovered
that ts-deepmerge package is vulnerable to Prototype Pollution
due to missing sanitization of the merge function. The affected
versions are ts-deepmerge package before 2.0.2. CVE
ID: CVE-2022-25907 (Critical)
An insufficient verification of data authenticity OT: ICEFALL vulnerability has been discovered in Emerson's Equipment- ROC800, ROC800L and DL8000 that can cause file manipulation.
CVE ID: CVE-2022-30264 (Medium)
Multiple vulnerabilities have been discovered in Baxter's Equipment- Sigma Spectrum Infusion Pumps that can result in access to sensitive data, alteration of system configuration, and impact on system availability.
CVE ID: CVE-2020-12039 (Medium), CVE-2020-12040 (High), CVE-2020-12045 (High), CVE-2020-12041 (High), CVE-2020-12047 (High), CVE-2020-12043 (High)
Zeppelin ransomware, a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS) is targeting critical infrastructure organizations. Adversary gain initial access to victim networks via RDP exploitation, exploiting SonicWall firewall vulnerabilities and phishing campaigns.
A security feature bypass vulnerability has been discovered in signed third party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process.
CVE ID: CVE-2022-34301, CVE-2022-34302, CVE-2022-34303
A memory corruption vulnerability has been discovered in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599.
CVE ID: CVE-2022-27631 (Critical)
A memory corruption vulnerability has been discovered in the httpd unescape functionality of Asuswrt and Asuswrt-Merlin. A specially-crafted HTTP request can lead to memory corruption. The affected versions are Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.
CVE ID: CVE-2022-26376 (Critical)
A heap-based buffer over-read vulnerability or buffer overflow vulnerability has been discovered in zlib through 1.2.12
CVE ID: CVE-2022-37434 (Critical)
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
CVE ID: CVE-2022-0028 (High)
SonicWall has released security updates to address multiple Linux Kernel vulnerabilities that affect SonicWall SMA1000 Platform. The affected products are SonicWall SMA1000 12.4.2-02044 and earlier versions.
CVE ID: CVE-2021-33909 (High), CVE-2022-0847 (High)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20715 (High), CVE-2022-20866 (High), CVE-2022-20713 (Medium), CVE-2022-20829 (Medium), CVE-2021-1585 (Medium)
Dell has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cross site scripting vulnerability has been discovered in jQuery UI Checkboxradio, a third-party library used by Drupal. jQuery UI has released security update to address this vulnerability.
CVE ID: CVE-2022-31160
Google has released Chrome Beta 105 (105.0.5195.28) for iOS, LTS channel 96.0.4664.218 (Platform Version: 14268.99.0) for most ChromeOS devices, LTC- 102.0.5005.170 (Platform Version: 14695.115.0) for most ChromeOS devices, Beta channel 105.0.5195.28 for Windows, Mac and Linux, and Chrome Beta 105 (105.0.5195.26) for Android.
CVE ID: CVE-2022-2477 (High), CVE-2022-2481 (High), CVE-2022-2480 (High), CVE-2022-2479 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SQL injection vulnerability has been discovered in SourceCodester Interview Management System. Affected version is 1.0.
CVE ID: CVE-2022-2679 (Critical)
It has been discovered that Renato employs weak password complexity requirements that allows attackers to crack user passwords via brute-force attacks. The affected version is Renato v0.17.0.
CVE ID: CVE-2022-35143 (Critical)
It has been discovered that Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.
CVE ID: CVE-2022-34993 (Critical)
It has been discovered that Crow has a heap-based buffer overflow vulnerability via the function qs_parse in query_string.h. Successful exploitation of this vulnerability can allow attackers to remotely execute arbitrary code in the context of the vulnerable service.
CVE ID: CVE-2022-34970 (Critical)
It has been discovered that Nextcloud Mail has a vulnerability that can lead to Server-Side Request Forgery (SSRF). The updates are available.
CVE ID: CVE-2022-31132 (Critical)
Authentication Bypass vulnerability has been discovered in GitHub repository bookwyrm-social/bookwyrm. Version prior to 0.4.5 are affected.
CVE ID: CVE-2022-2651 (Critical)
It has been discovered that GVRET Stable Release contain a buffer overflow vulnerability via the handleConfigCmd function at SerialConsole.cpp.
CVE ID: CVE-2022-35161 (Critical)
Heap-based buffer overflow vulnerability has been discovered in sqbaselib.cpp in SQUIRREL due to lack of a certain sq_reservestack call.
CVE ID: CVE-2022-30292 (Critical)
A vulnerability has been discovered in Vinchin Backup and Recovery. The server uses a hard-coded password for the administrator user. Successful exploitation can allow an attacker to bypass authentication on the system.
CVE ID: CVE-2022-35866 (Critical)
Microsoft has released security updates to address a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT).
CVE ID: CVE-2022-34713 (High)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Network File System.
CVE ID: CVE-2022-34715 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Point-to-Point Protocol (PPP). An unauthenticated attacker can send a specially crafted connection request to a RAS server, which can lead to remote code execution on the RAS server machine.
CVE ID: CVE-2022-30133 (Critical)
Ubuntu has released security updates to resolve a vulnerability in libcdio, which can
result in a heap buffer overflow or in a NULL pointer dereference.
If a user or automated system were tricked into opening a
specially crafted file, an attacker can use this vulnerability to
cause a Denial of Service. The affected products are Ubuntu 16.04
ESM, and Ubuntu 14.04 ESM. CVE ID: CVE-2017-18198
(High), CVE-2017-18199 (Medium)
SAP has released
security updates to address several vulnerabilities affecting
multiple products. An attacker can exploit these vulnerabilities
to take control of an affected system.
Multiple vulnerabilities
have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected
system. The updates are available.
AUMA Riester has
released security updates for SIMA2 Master Station that contains
an outdated version of ntpd, a reference implementation of the
Network Time Protocol (NTP), which is affected by several
vulnerabilities. CVE ID: CVE-2015-7853 (Critical),
CVE-2015-7705 (Critical), CVE-2018-12327 (Critical),
CVE-2015-7871 (Critical), CVE-2018-7183 (Critical)
Debian has released
security update to resolve multiple vulnerabilities in Gstreamer
plugins to demux Mastroska and AVI files which can result in
Denial of Service or the execution of arbitrary code. CVE
ID: CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923,
CVE-2022-1924, CVE-2022-1925, CVE-2022-2122
Ubuntu has released
security updates to resolve multiple vulnerabilities in Linux
kernel. The affected products are Ubuntu 16.04 ESM, and Ubuntu
14.04 ESM. CVE ID: CVE-2022-2588 (Medium),
CVE-2022-2586 (Medium)
Microsoft has released
updates to address multiple vulnerabilities in Microsoft
software. An attacker can exploit these vulnerabilities to take
control of an affected system.
VMware has released
security updates to address multiple vulnerabilities in vRealize
Operations, and VMware Workstation. A remote attacker can exploit
these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22983 (Medium), CVE-2022-31672 (High),
CVE-2022-31673 (Medium), CVE-2022-31674 (Medium), CVE-2022-31675
(Medium)
Dell has released
security updates to address multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
Intel has released
security updates to address multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
Citrix has released
security update to address a vulnerability in Citrix Hypervisor
7.1 LTSR CU2 that can allow privileged code in a PV guest VM to
fail to perform management operations. CVE ID: CVE-2022-33745
(High)
It has been discovered
that Execution unit scheduler contention can lead to a side
channel vulnerability in AMD CPU microarchitectures codenamed
“Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading
(SMT). By measuring the contention level on scheduler queues an
attacker can leak sensitive information. CVE ID: CVE-2021-46778
Adobe has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-34253(Critical), CVE-2022-34255, CVE-2022-34256, CVE-2022-34254, CVE-2022-34257, CVE-2022-34258, CVE-2022-34259, CVE-2022-34260, CVE-2022-34261, CVE-2022-34262, CVE-2022-34263, CVE-2022-34264, CVE-2022-35673, CVE-2022-35674, CVE-2022-35675, CVE-2022-35676,CVE-2022-35677, CVE-2022-34235, CVE-2022-35665, CVE-2022-35666, CVE-2022-35668, CVE-2022-35670, CVE-2022-35667, CVE-2022-35671, CVE-2022-35678
Multiple memory
corruption vulnerabilities have been discovered in the httpd
unescape functionality of FreshTomato. The affected version is
FreshTomato 2022.1. CVE ID: CVE-2022-28665
(Critical), CVE-2022-28664 (Critical)
An insufficient
verification of data authenticity, OT:ICEFALL vulnerability has
been discovered in Emerson's Equipment- ControlWave that can
cause file manipulation, Remote Code Execution (RCE), or Denial
of Service (DoS). CVE ID: CVE-2022-30262 (Critical)
Multiple OT: ICEFALL
vulnerabilities have been discovered in Emerson's Equipment-
OpenBSI that can cause Remote Code Execution (RCE), change
controller configuration, or cause a Denial of Service (DoS)
condition. CVE ID: CVE-2022-29959 (Critical),
CVE-2022-29960 (High)
Multiple vulnerabilities
have been discovered in Zoom, affecting its several platforms. An
attacker can exploit these vulnerabilities to take control of an
affected system. The updates are available. CVE ID:
CVE-2022-34759, CVE-2022-34760, CVE-2022-34761, CVE-2022-34762,
CVE-2022-34763, CVE-2022-34764, CVE-2022-34765, CVE-2020-35198,
CVE-2020-28895, CVE-2021-22156, CVE-2021-22789, CVE-2021-22790,
CVE-2021-22791, CVE-2021-22792, CVE-2021-22778, CVE-2021-22779,
CVE-2021-22780, CVE-2021-22781, CVE-2021-22782,
CVE-2020-12525, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846,
CVE-2019-6847, CVE-2019-6841, CVE-2019-6842, CVE-2018-7240,
CVE-2018-7241, CVE-2018-7242, CVE-2021-44228, CVE-2021-45046,
CVE-2021-45105, CVE-2021-4104,
CVE-2021-44832, CVE-2021-22786, CVE-2022-37302, CVE-2022-37301, CVE-2022-37300
Schneider Electric has
released security updates to resolve multiple vulnerabilities in
its products. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-37300
(Critical), CVE-2022-37301 (High), CVE-2022-37302 (Medium),
CVE-2021-22786 (High)
A stack-based buffer overflow vulnerability has been discovered in Realtek eCos routers that allows Remotely Execute Code (RCE) without authentication via a crafted SIP packet that contains malicious SDP data. The affected versions are Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1.
CVE ID: CVE-2022-27255 (Critical)
NetApp has released
security updates for StorageGRID deployed with a Linux kernel to
address a vulnerability which can allow a remote unauthenticated
attacker to view limited metrics information and modify alert
email recipients and content. CVE ID: CVE-2022-23238
(High)
A vulnerability has been
discovered in SourceCodester Online Admission System that affects
an unknown code of the component POST Parameter Handler. The
manipulation of the argument shift leads to sql injection. CVE ID: CVE-2022-2643 (Critical)
Debian has released
security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
A vulnerability has been
discovered in Twitter that allowed someone to enter a phone
number or email address into the log-in flow in the attempt to
learn if that information was tied to an existing Twitter
account, and if so, which specific account.
It has been discovered
that the Simple Membership WordPress plugin allows users to
change their membership at the registration stage due to
insufficient checking of a user supplied parameter. The affected
versions are Simple Membership WordPress plugin before 4.1.3. CVE ID: CVE-2022-2317 (Critical)
F5 Networks has released
security updates to address a vulnerability in BIG-IP Advanced
WAF and BIG-IP ASM systems that incorrectly handled certain
requests.
HarmonyOS has released
security bulletin to address multiple vulnerabilities affecting
several Huawei phones and tablets that run HarmonyOS. Security
patch levels of 2022-08-01 or later address all of these issues.
It has been discovered
that DedeCMS contains a Remote Code Execution (RCE) vulnerability
via the component mytag_ main.php. The affected version is
DedeCMS v5.7.95. CVE ID: CVE-2022-34531 (Critical)
It has been discovered
that Hiby R3 PRO firmware contains a file upload vulnerability
via the file upload feature. The affected versions are Hiby R3
PRO firmware v1.5 to v1.7. CVE ID: CVE-2022-34496
(Critical)
An improper access
control vulnerability has been discovered in SourceCodester
Garage Management System. The affected version is SourceCodester
Garage Management System 1.0. CVE ID: CVE-2022-2578
(Critical)
Google Play has released
security update to address an Incorrect signature trust
vulnerability in Google Play services SDK
play-services-basement. CVE ID: CVE-2022-1799
(Critical)
A URL restriction bypass
vulnerability has been discovered in the GitHub
repository plantuml/plantuml that can cause Server Side Request
Forgery (SSRF). The affected versions are GitHub
repository plantuml/plantuml prior to V1.2022.5. CVE
ID: CVE-2022-1379 (Critical)
Microsoft has released
Microsoft Edge Stable Channel (Version 104.0.1293.47) to resolve
multiple vulnerabilities. CVE ID: CVE-2022-33636
(High), CVE-2022-33649 (Critical), CVE-2022-35796 (High)
It has been
discovered that the Simple Membership WordPress plugin allows
users to change their membership at the registration stage due to
insufficient checking of a user supplied parameter. The affected
versions are Simple Membership WordPress plugin before 4.1.3. CVE ID: CVE-2022-2317 (Critical)
It has been discovered
that DedeCMS contains a Remote Code Execution (RCE) vulnerability
via the component mytag_ main.php. The affected version is
DedeCMS v5.7.95. CVE ID: CVE-2022-34531 (Critical)
It has been discovered
that Hiby R3 PRO firmware contains a file upload vulnerability
via the file upload feature. The affected versions are Hiby R3
PRO firmware v1.5 to v1.7. CVE ID: CVE-2022-34496
(Critical)
An improper access
control vulnerability has been discovered in SourceCodester
Garage Management System. The affected version is SourceCodester
Garage Management System 1.0. CVE ID: CVE-2022-2578
(Critical)
Google Play has released
security update to address an Incorrect signature trust
vulnerability in Google Play services SDK
play-services-basement. CVE ID: CVE-2022-1799
(Critical)
A URL restriction bypass
vulnerability has been discovered in the GitHub
repository plantuml/plantuml that can cause Server Side Request
Forgery (SSRF). The affected versions are GitHub
repository plantuml/plantuml prior to V1.2022.5. CVE
ID: CVE-2022-1379 (Critical)
Microsoft has released
Microsoft Edge Stable Channel (Version 104.0.1293.47) to resolve
multiple vulnerabilities. CVE ID: CVE-2022-33636
(High), CVE-2022-33649 (Critical), CVE-2022-35796 (High)
It has been discovered that the KUKA SystemSoftware V/KSS robot control systems of KUKA KR C4 and KR C5 product lines are affected by an access control vulnerability in the WorkVisual Service Host interface. The mitigations are available.
CVE ID: CVE-2022-2242 (Critical)
It has been discovered that Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. This vulnerability allows an attacker to inject arbitrary commands.
CVE ID: CVE-2022-25168 (Critical)
The top malware strains
observed in 2021 are Agent Tesla, AZORult, Formbook, Ursnif,
LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and
GootLoader. Updates made by malware developers, and reuse of code
from these malware strains, contribute to the malware’s longevity
and evolution into multiple variations. Critical infrastructure
organisations are urged to prepare for and mitigate potential
cyber threats immediately by updating software, enforcing
Multiple Factor Authentication (MFA), securing and monitoring RDP
and other potentially risky services, making offline backups of
data and providing end-user awareness and training.
A path traversal
vulnerability via crafted HTTP request has been discovered in
muhttpd version 1.1.5 and earlier. Security update is available. CVE ID: CVE-2022-31793
Ubuntu has released security updates
to address several vulnerabilities in multiple products. An
attacker can exploit these vulnerabilities to take control of an
affected system.
It has been discovered
that OMICARD EDMs API function has insufficient validation
vulnerability for user input that allows SQL injection
vulnerability to access, modify, delete database or disrupt
service. CVE ID: CVE-2022-32964 (Critical)
It has been discovered
that Pligg CMS contain a time-based SQL injection vulnerability
via the page_size parameter at load_data_for_groups.php. The
affected version is Pligg CMS v2.0.2. CVE ID: CVE-2022-34956
(Critical)
An out of bounds write vulnerability
due to uninitialized data has been discovered in httpclient that
can lead to remote escalation of privilege. The update is
available. CVE ID: CVE-2022-26437 (Critical)
An XML External Entity
Injection (XXE) vulnerability has been discovered in IBM
DataPower Gateway. The affected versions are IBM DataPower
Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8,
10.5.0.0, and 2018.4.1.0 through 2018.4.1.21. CVE
ID: CVE-2022-31775 (Critical)
It has been discovered that WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package. CVE ID: CVE-2022-34558 (Critical)
A Remote Code Execution(RCE) vulnerability via a crafted packet has been discovered in TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n. CVE ID: CVE-2022-34555 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in ejs (aka Embedded JavaScript templates) package for Node.js. CVE ID: CVE-2022-29078 (Critical)
An execution with unnecessary privileges vulnerability has been discovered in Digi International's Equipment- ConnectPort X2D Gateway that may result in malicious code execution. CVE ID: CVE-2022-2634
(Critical)
Huawei has released a security update to address an input verification vulnerability in Huawei CV81-WDM FW products. Successful exploitation of this vulnerability can lead to DoS attacks.
CVE ID: CVE-2022-37395 (High)
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-34369 (High), CVE-2022-34371 (High), CVE-2022-34378 (Medium)
Google has released Beta channel 105.0.5195.19 (Platform version: 14989.26.0) for most ChromeOS devices, Chrome 105 (105.0.5195.19) Beta channel for Windows, Linux, and Mac, Stable channel 104.0.5112.83 (Platform version: 14909.100.0) for most ChromeOS devices, Chrome Beta 105 (105.0.5195.19) for iOS, and Chrome Beta 105 (105.0.5195.17) for Android to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2609 (High), CVE-2022-2620 (Medium), CVE-2022-2608 (High), CVE-2022-2613 (Medium), CVE-2022-2607 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected
system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
It has been discovered that OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use this machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
CVE ID: CVE-2022-32965 (Critical)
DrayTek has released
security update to address a Remote Code Execution(RCE)
vulnerability in DrayTek Vigor Routers. An attacker can exploit
this vulnerability to take control of an affected system. CVE ID: CVE-2022-32548 (Critical)
Ubuntu has released security updates to resolve multiple vulnerabilities in NVIDIA graphics drivers that can cause a Denial of Service (DoS) or possibly execute arbitrary code. The affected products are Ubuntu 22.04, Ubuntu 20.04 & Ubuntu 18.04.
CVE ID: CVE-2022-31607, CVE-2022-31615, CVE-2022-31608
Synology has released security updates to address multiple vulnerabilities in its several products.
CVE ID: CVE-2022-27618 (Medium), CVE-2022-27621 (Medium), CVE-2022-27620 (Medium), CVE-2022-27619 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
A prototype pollution vulnerability has been discovered in the GitHub repository automattic/mongoose. The affected versions are GitHub repository automattic/mongoose prior to 6.4.6.
CVE ID: CVE-2022-2564 (Critical)
A buffer overflow vulnerability has been discovered in the cgi component of Synology Audio Station that allows remote attackers to execute arbitrary commands via unspecified vectors. The affected versions are Synology Audio Station before 6.5.4-3367.
CVE ID: CVE-2022-27612 (Critical)
A buffer overflow vulnerability has been discovered in the cgi component of Synology Media Server that allows remote attackers to execute arbitrary code via unspecified vectors. The affected versions are Synology Media Server before 1.8.1-2876.
CVE ID: CVE-2022-22683 (Critical)
A vulnerability has been discovered in PHP fileinfo functions which can lead to heap corruption. The affected versions are PHP versions 8.1.x & below 8.1.8.
CVE ID: CVE-2022-31627 (Critical)
An out of bounds read vulnerability has been discovered in Google Chrome that allows to compromise the renderer process to potentially perform a sandbox escape via a crafted HTML page. The affected versions are Google Chrome prior to 102.0.5005.115.
CVE ID: CVE-2022-2010 (Critical)
An OS command injection vulnerability has been discovered in the OX App Suite. The affected versions are OX App Suite through 7.10.6.
CVE ID: CVE-2022-24405 (Critical)
It has been discovered that a vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVE ID: CVE-2022-34577 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 & ManageEngine Access Manager Plus before 4303.
CVE ID: CVE-2022-35405 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20827 (Critical), CVE-2022-20841 (High), CVE-2022-20842 (Critical), CVE-2022-20820 (Medium), CVE-2022-20852 (Medium), CVE-2022-20914 (Medium), CVE-2022-20816 (Medium), CVE-2022-20869 (Medium)
It has been discovered that Intel RetBleed CPU vulnerability affects multiple F5 products that allow information disclosure.
CVE ID: CVE-2022-29901 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-34918 (High), CVE-2022-30783 (Medium), CVE-2022-30784 (Medium), CVE-2022-30786 (Medium), CVE-2022-30788 (Medium), CVE-2022-30789 (Medium), CVE-2022-30785 (Medium), CVE-2022-30787 (Medium), CVE-2022-1679 (High), CVE-2022-28893 (High), CVE-2022-1652 (High)
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities have been discovered in uContext for Clickbank WordPress plugins, uContext for Amazon WordPress plugins, Link Optimizer Lite WordPress plugins, and Banner Cycler WordPress plugins.
CVE ID: CVE-2022-2542 (High), CVE-2022-2541 (High), CVE-2022-2540 (High), CVE-2022-2233 (High)
Dell has released security updates to address multiple vulnerabilities in third-party components that affect Dell Data Computing Appliance (DCA). An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
CVE ID: CVE-2022-27484 (Medium), CVE-2022-23442 (Medium), CVE-2022-22299 (High)
NVIDIA has released security updates for NVIDIA GPU Display Driver to address multiple vulnerabilities that can lead to Denial of Service (DoS), information disclosure, escalation of privileges, code execution, or data tampering.
Google has released Beta channel 104.0.5112.83 (Platform version: 14909.100.0) for most ChromeOS devices, Chrome Dev 105 (105.0.5195.17) for Android, Chrome Stable 104 (104.0.5112.71) for iOS, Chrome 104 (104.0.5112.69) for Android, and Chrome 104.0.5112.79 (Mac/linux) and 104.0.5112.79/80/81 (Windows) to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605,CVE-2022-2606,CVE-2022-2607, CVE-2022-2608, CVE-2022-2609,CVE-2022-2610,CVE-2022-2611, CVE-2022-2612, CVE-2022-2613,CVE-2022-2614,CVE-2022-2615, CVE-2022-2616, CVE-2022-2617,CVE-2022-2618, CVE-2022-2619,CVE-2022-2620, CVE-2022-2621, CVE-2022-2622,CVE-2022-2623,CVE-2022-2624
It has been discovered that EasyUse MailHunter Ultimates cookie deserialization function has an inadequate validation vulnerability that allows an unauthenticated remote attacker to execute arbitrary code, manipulate system commands or interrupt service.
CVE ID: CVE-2022-35223 (Critical)
An incorrect access control vulnerability has been discovered in HashiCorp product Vault Enterprise. The affected products are Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0.
CVE ID: CVE-2022-36129 (Critical)
It has been discovered that in mistune the support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. The affected versions are mistune through 2.0.2.
CVE ID: CVE-2022-34749 (Critical)
Mitsubishi Electric has released security updates to address OpenSSL vulnerabilities in its product- GT SoftGOT2000 that can cause Denial of Service (DoS), and arbitrary command execution. The affected product is GT SoftGOT2000 version 1.275M.
CVE ID: CVE-2022-1292 (Critical), CVE-2022-0778 (High)
Multiple vulnerabilities such as buffer overflow, command injection, information disclosure, Denial of Service (DoS), and hard-coded credentials have been discovered in TCL LinkHub Mesh Wi-Fi system.
GitLab has released Community Edition and Enterprise Edition version 15.2.2 to resolve a number of regressions and bugs in 15.2 release and prior versions.
Android has released security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-08-05 or later, address all of these issues.
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
Openstack manilla has released security updates to address a vulnerability in Openstack manilla owning a Ceph File system "share", which can compromise the confidentiality and integrity of a file system. The vulnerability has been fixed in RHCS 5.2 and Ceph 17.2.2.
CVE ID: CVE-2022-0670 (Critical)
A vulnerability has been discovered in Joplin that allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. The affected version is Joplin v2.8.8.
CVE ID: CVE-2022-35131 (Critical)
A vulnerability has been discovered in OpenKM Community Edition which allows an attacker to perform a XML external entity injection attack. The affected version is OpenKM Community Edition 6.3.10 and before.
CVE ID: CVE-2022-2131 (Critical)
It has been discovered that software/apt-lib.pl in Webmin lacks HTML escaping for a UI command. The affected versions are Webmin prior to 1.997
CVE ID: CVE-2022-36446 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Atos Unify OpenScape that can compromise the confidentiality and integrity of the system. The affected versions are Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1.
CVE ID: CVE-2022-36444 (Critical)
It has been discovered that the Cab fare calculator WordPress plugin does not validate the controller parameter before using it in require statements, which can lead to Local File Inclusion (LFI) vulnerability. The affected versions are Cab fare calculator WordPress plugin before 1.0.4.
CVE ID: CVE-2022-1391 (Critical)
Dell has released security updates to address multiple authentication bypass vulnerabilities in its products. The affected products are Dell PowerProtect Cyber Recovery, and Dell CloudLink.
CVE ID: CVE-2022-34372 (Critical), CVE-2022-34380 (Critical), CVE-2022-34379 (Critical)
It has been discovered that Obsidian allows obsidian://hook-get-address remote code execution vulnerability because window.open is used without checking the URL. The affected versions are Obsidian 0.14.x and 0.15.x before 0.15.5.
CVE ID: CVE-2022-36450 (Critical)
A vulnerability has been discovered in the /api/plugin/upload component of Dataease that allow attackers to execute arbitrary code via a crafted plugin. The affected version is Dataease v1.11.1.
CVE ID: CVE-2022-34113 (Critical)
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities have been discovered in Osamaesh WP Visitor Statistics plugin of WordPress. The affected versions are Osamaesh WP Visitor Statistics plugin including 5.7 and below.
CVE ID: CVE-2022-33965 (Critical)
WordPress has released security update to address a Cross-Site Scripting vulnerability in Simple SEO plugin for WordPress. The affected versions are Simple SEO versions up to, and including 1.7.91.
CVE ID: CVE-2022-1628 (Medium)
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to resolve multiple vulnerabilities in Linux kernel. The affected products are Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2022-20141 (High), CVE-2022-25258 (Medium), CVE-2022-25375 (Medium), CVE-2022-34918 (High)
Foxit has released an updated Foxit PDF Reader 12.0.1 & Foxit PDF Editor 12.0.1 for Window platform to resolve multiple vulnerabilities in Foxit PDF Reader version 12.0.0.12394 & earlier, & Foxit PDF Editor version 12.0.0.12394, 11.2.2.53575 & all previous 11.x versions, 10.1.8.37795 & earlier and released updated Foxit PDF Editor for Mac 12.0.1 and Foxit PDF Reader for Mac 12.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor for Mac versions 12.0.0.0601, 11.1.2.0420 & earlier & Foxit PDF Reader for Mac version 12.0.0.0601, 11.1.2.0420 and earlier.
A Denial of Service (DoS) vulnerability has been discovered in Yokogawa CENTUM controller FCS. The affected products are CENTUM VP, and CENTUM CS 3000 controller FCS.
CVE ID: CVE-2022-33939 (Medium)
GitLab has released updated versions 15.2.1, 15.1.4, and 15.0.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.1, and Thunderbird 91.12. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-36319 (Medium), CVE-2022-36318 (Medium), CVE-2022-36314 (Medium), CVE-2022-2505 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A type confusion vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Software, Enhanced HIM for PowerFlex, and Connected Components Workbench that can cause a Denial of Service condition. The affected products are FactoryTalk Linx Enterprise software versions 6.20, 6.21, and 6.30, Enhanced HIM (eHIM) for PowerFlex 6000T version 1.001, Connected Components Workbench software versions 11, 12, 13, and 20 and FactoryTalk View Site Edition version 13.
CVE ID: CVE-2022-1096 (Medium)
Google Chrome has released Dev channel 105.0.5195.10 for Windows, Mac and Linux, Chrome Beta 105 (105.0.5195.7) for iOS, and Chrome Dev 105 (105.0.5195.8) for Android.
Multiple vulnerabilities have been discovered in PyPI that lead to a code execution backdoor vulnerability inserted by a third party.
CVE ID: CVE-2022-34983 (Critical), CVE-2022-34982 (Critical), CVE-2022-34981 (Critical), CVE-2022-34509 (Critical), CVE-2022-34501 (Critical), CVE-2022-34500 (Critical)
It has been discovered that the Apache Xalan Java XSLT library is vulnerable to an integer truncation vulnerability when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
CVE ID: CVE-2022-34169 (Critical)
An arbitrary file upload vulnerability has been discovered in the file upload component of ButterCMS that allows attackers to execute arbitrary code via a crafted SVG file. The affected version is ButterCMS v1.2.8.
CVE ID: CVE-2022-27260 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in Red Hat OpenShift Enterprise ASYNC Stream container images. The affected product is Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64.
CVE ID: CVE-2020-29368 (High), CVE-2022-27666 (High), CVE-2022-1012, CVE-2022-1729, CVE-2022-32250 (High)
Samba has released security updates to address multiple vulnerabilities in several versions of Samba. An attacker can exploit one of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-2031 (Medium), CVE-2022-32742 (Medium), CVE-2022-32744 (High), CVE-2022-32745 (Medium), CVE-2022-32746 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in several CODESYS products. The affected products are CODESYS Development System prior version V3.5.17.10 , CODESYS Installer prior version V1.3.0 , CODESYS SVN prior version V4.4.0.0 and CODESYS Development System V3 setup from V3.5.17.0 & before V3.5.18.20.
CVE ID: CVE-2021-21863 (High), CVE-2021-21864 (High), CVE-2021-21865 (High), CVE-2021-21866 (High), CVE-2021-21867 (High), CVE-2021-21868 (High), CVE-2021-21869 (High)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google Chrome has released Beta channel 104.0.5112.65 for Windows, Mac and Linux, Chrome Beta 104 (104.0.5112.69) for Android, Dev channel 105.0.5195.5 (Platform version: 14989.11.0) for most ChromeOS devices, and LTS channel 96.0.4664.215 (Platform Version: 14268.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2010 (High), CVE-2022-1488 (Medium), CVE-2021-30560 (Medium), CVE-2022-29824 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
It has been discovered that an insufficient policy enforcement vulnerability in the developer tools of Google Chrome allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The affected versions are Google Chrome prior to 100.0.4896.88.
CVE ID: CVE-2022-1309 (Critical)
An authorization bypass vulnerability has been discovered in Web page "wizardpwd.asp" of ALLNET router. The affected version is ALLNET Router model WR0500AC.
CVE ID: CVE-2022-34767 (Critical)
Multiple vulnerabilities have been discovered in Cisco Nexus Dashboard which allow execution of arbitrary commands, read or upload container image files, or perform a Cross-Site Request Forgery (CSRF) attack.
CVE ID: CVE-2022-20858 (Critical), CVE-2022-20857 (Critical)
It has been discovered that Wavlink WN530HG4 M30HG4.V5030.191116 contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVE ID: CVE-2022-34045 (Critical)
It has been discovered that Goldshell ASIC Miners contain a hardcoded credentials vulnerability which allows attackers to remotely connect via the SSH protocol (port 22). The affected version is Goldshell ASIC Miners v2.1.x.
CVE ID: CVE-2022-24657 (Critical)
It has been discovered that an on-premise installation of the Pega Platform is configured with the port for the JMX interface, if exposed to the Internet, can cause upload serialized payloads as port filtering is not properly configured in the system.
CVE ID: CVE-2022-24082 (Critical)
A vulnerability has been discovered in Easergy P5 version V01.401.102 & prior that can result in Remote Code Execution (RCE) or the crash of HTTPs stack which is used for the Web HMI device.
CVE ID: CVE-2022-34756 (Critical)
A SQL injection vulnerability has been discovered in the lux extension for TYPO3. The affected versions are TYPO3 lux extension before 17.6.1, and 18.x through 24.x before 24.0.2.
CVE ID: CVE-2022-35628 (Critical)
It has been discovered that FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f contains a heap buffer overflow vulnerability via the function sfnt_init_face.
CVE ID: CVE-2022-27404 (Critical)
A memory corruption vulnerability has been discovered in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9.
CVE ID: CVE-2022-28711 (Critical)
It has been discovered that COVID19 Testing Management System contain SQL Injection vulnerability via the admin panel. The affected version is COVID19 Testing Management System 1.0.
CVE ID: CVE-2021-33470 (Critical)
It has been discovered that in Octopus Deploy the Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. The affected versions are Octopus Deploy 2018.4.4 through 2018.5.1.
CVE ID: CVE-2018-11320 (Critical)
It has been discovered that multiple vulnerabilities in Node.js affect F5 products. An attacker can exploit these vulnerabilities to perform domain hijacking or injection attacks. The affected products are BIG-IP (all modules), and BIG-IQ Centralized Management.
CVE ID: CVE-2021-3672 (Medium), CVE-2021-22931 (Critical)
Multiple vulnerabilities have been discovered in ABB Ability(TM) Operations Data Management Zenon. Successful exploitation can allow attackers to log additional messages and access files from the Zenon system. The affected versions are Zenon all versions upto 8.20.
CVE ID:CVE-2022-34836 (Medium), CVE-2022-34837 (Medium), CVE-2022-34838 (High)
An authentication bypass vulnerability has been discovered in CodexShaper's WP OAuth2 Server plugin at WordPress. The affected versions are CodexShaper's WP OAuth2 Server plugin 1.0.1 and below.
CVE ID: CVE-2022-34839 (Critical)
Honeywell has released security updates to address multiple OT:ICEFALL vulnerabilities in Honeywell's Equipment- Saia Burgess PG5 PCD that can allow configuration manipulation.
CVE ID: CVE-2022-30319 (High), CVE-2022-30320 (High)
Honeywell has released security updates to address multiple vulnerabilities in Honeywell's Equipment- Safety Manager that can allow for configuration and firmware manipulation or Remote Code Execution (RCE).
CVE ID: CVE-2022-30313 (High), CVE-2022-30314 (High), CVE-2022-30315 (High), CVE-2022-30316 (High)
MOXA has released security updates to address multiple out-of-bounds write vulnerabilities in MOXA's Equipment- NPort 5110 that can allow an attacker to change memory values and/or cause the device to become unresponsive.
CVE ID: CVE-2022-2044 (High), CVE-2022-2043 (High)
Inductive Automation has released security updates to address an improper restriction of XML External Entity Reference vulnerability in Inductive Automation's Equipment- Ignition that can allow an attacker to obtain file contents.
CVE ID: CVE-2022-1704 (High)
Dell has released security updates to address several vulnerabilities in its products. The affected products are Dell Command | Integration Suite for System Center, Dell Secure Connect Gateway, and Dell Policy Manager for Secure Connect Gateway.
CVE ID: CVE-2022-34373 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.1, Firefox ESR 91.12, and Firefox 103. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
McAfee has released security update to address a DLL hijacking vulnerability in the McAfee Agent (MA) Smart Installer for Windows. The affected versions are McAfee Agent (MA) Smart Installer for Windows prior to 5.7.7.
CVE ID: CVE-2022-2313 (High)
A vulnerability has been discovered in WAVLINK WN535K2 and WN535K3 that affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to OS Command Injection vulnerability.
CVE ID: CVE-2022-2487 (Critical)
A vulnerability has been discovered in WAVLINK WN535K2 and WN535K3 that affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to OS Command Injection vulnerability.
CVE ID: CVE-2022-2486 (Critical)
It has been discovered that the mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty.
CVE ID: CVE-2022-34635 (Critical)
It has been discovered that Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 contains an insufficient cryptography vulnerability via the component /rocket/RocketCore.scala.
CVE ID: CVE-2022-34632 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in Spryker Commerce. The affected version is Spryker Commerce OS 1.4.2.
CVE ID: CVE-2022-28888 (Critical)
It has been discovered that WolfSSH contains an integer overflow vulnerability via the function wolfSSH_SFTP_RecvRMDIR. The affected version is WolfSSH v1.4.7.
CVE ID: CVE-2022-32073 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy-WI. The affected versions are Roxy-WI versions prior to 6.1.1.0.
CVE ID: CVE-2022-31137 (Critical)
A heap-based buffer over-read vulnerability has been discovered in singlevar in lparser.c in Lua. The affected versions are Lua from (including) 5.4.0 up to (excluding) 5.4.4.
CVE ID: CVE-2022-28805 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-32546 (High), CVE-2022-32547 (High), CVE-2022-32545 (High), CVE-2022-31799 (Critical), CVE-2022-2129 (High), CVE-2022-33070 (Medium)
Multiple vulnerabilities have been discovered in Nuki (smart lock) products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID:CVE-2022-32509 (High), CVE-2022-32504 (High), CVE-2022-32502 (High), CVE-2022-32507 (High), CVE-2022-32503 (High), CVE-2022-32510 (High), CVE-2022-32506 (Medium), CVE-2022-32508 (Medium), CVE-2022-32505 (Medium)
FileWave has released security updates to address an authentication bypass, and hard-coded cryptographic key vulnerabilities in FileWave’s mobile device management (MDM) system. The affected versions are FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2.
CVE ID: CVE-2022-34907 (Critical), CVE-2022-34906 (Critical)
It has been discovered that Dataease contains a SQL injection vulnerability via the parameter dataSourceId. The affected version is Dataease v1.11.1.
CVE ID: CVE-2022-34115 (Critical)
It has been discovered that the package convert-svg-core is vulnerable to Remote Code Injection via sending an SVG file containing the payload. The affected versions are convert-svg-core before 0.6.2.
CVE ID: CVE-2022-25759 (Critical)
It has been discovered that Nginx NJS contains an out-of-bounds read vulnerability via njs_scope_value at njs_scope.h. The affected version is Nginx NJS v0.7.4.
CVE ID: CVE-2022-34029 (Critical)
It has been discovered that UNIT4 TETA Mobile Edition (ME) contains a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. The affected version is UNIT4 TETA Mobile Edition (ME) before 29.5.HF17.
CVE ID: CVE-2022-27434 (Critical)
A vulnerability has been discovered in the ContentResource API of dotCMS. This vulnerability allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution. The affected versions are dotCMS 3.0 through 22.02.
CVE ID: CVE-2022-26352 (Critical)
It has been discovered that the Scoptrial package in PyPI contain a code execution backdoor vulnerability via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. The affected version is PyPI v0.0.5.
CVE ID: CVE-2022-34057 (Critical)
It has been discovered that libnx_apl.so on Nexans FTTO GigaSwitch implements a Backdoor Account for SSH logins on port 50200 or 50201. The affected versions are Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02.
CVE ID: CVE-2022-32985 (Critical)
Skyhigh has released security updates to address Authentication Bypass, and Improper Neutralization of Special Elements in Output Used by a Downstream Component vulnerabilities in Secure Web Gateway (SWG). The affected versions are SWG 11.x earlier than 11.2.1, SWG 10.x earlier than 10.2.12, SWG 9.x earlier than 9.2.23, and SWG 8.x earlier than 8.2.28.
CVE ID: CVE-2022-2310 (Critical), CVE-2022-34914 (Critical)
Ubuntu has released security updates to address a vulnerability in PHP. A remote attacker can use this vulnerability to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. The affected products is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-31627
Multiple vulnerabilities such as Sensitive Information Disclosure, and Unauthorized Setting Changes have been discovered in Transposh WordPress Translation WordPress plugins. The affected versions are Transposh WordPress Translation versions up to, and including, 1.0.8.1.
CVE ID: CVE-2022-2462 (Medium), CVE-2022-2461 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Barangay Management System contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. The affected version is Barangay Management System v1.0.
CVE ID: CVE-2022-34023 (Critical)
A vulnerability has been discovered in Poly EagleEye Director II. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication. The affected versions are Poly EagleEye Director II before 2.2.2.1.
CVE ID: CVE-2022-26479 (Critical)
Roxy-WI has released security update to address a vulnerability that allows the system command to be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. The affected versions are Roxy-WI Prior to version 6.1.1.0. Roxy-WI version 6.1.1.0 contains a patch for this vulnerability.
CVE ID: CVE-2022-31161 (Critical)
Heap-based buffer over-read vulnerability has been discovered in Mbed TLS. This vulnerability can cause a server crash or possibly information disclosure based on error responses. The affected versions are Mbed TLS before 2.28.2 and 3.x before 3.2.0.
CVE ID: CVE-2022-35409 (Critical)
Heap-based buffer overflow vulnerability has been discovered in sqbaselib.cpp in SQUIRREL due to lack of a certain sq_reservestack call. The affected versions is SQUIRREL 3.2.
CVE ID: CVE-2022-30292 (Critical)
It has been discovered that Irzip contains a heap memory corruption via the component lrzip.c:initialise_control. The affected versions is Irzip v0.640.
CVE ID: CVE-2022-28044 (Critical)
Stored Cross-Site Scripting vulnerability has been discovered in Stockists Manager for Woocommerce and Simple Banner WordPress plugins. Security update is available for Simple Banner WordPress plugins. No patches are available for Stockists Manager for Woocommerce WordPress plugins.
CVE ID: CVE-2022-2518 (High), CVE-2022-2515 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SonicWall has released security updates to address SQL Injection vulnerability. The affected products are SonicWall GMS 9.3.1-SP2-Hotfix1 and earlier versions, and Analytics On-Prem 2.5.0.3-2520 and earlier versions.
CVE ID:CVE-2022-22280 (Critical)
Open-Xchange has released security updates to address multiple vulnerabilities in its OX App Suite products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID:CVE-2022-23100 (High), CVE-2022-23099 (Low), CVE-2021-42550, CVE-2022-23101 (Medium), CVE-2022-24405 (High), CVE-2022-24406 (Medium)
Dell has released security updates to address a third-party component (Polkit) vulnerability in Dell Disk Library for mainframe (DLm). The affected versions are Models DLm8500 and DLm 2500 running DLm versions before 5.5.0.0.
CVE ID: CVE-2021-4034 (High)
Dell has released security updates to address an Improper Handling of Insufficient Permissions or Privileges vulnerability in Dell EMC NetWorker. The affected versions are Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x, and 19.7.0.0.
Google Chrome has released Beta channel 104.0.5112.57 (Platform version: 14909.79.0) for most ChromeOS devices, Dev channel 105.0.5191.0 for Mac and Windows & 105.0.5191.2 for Linux, and Chrome Dev 105 (105.0.5190.2) for Android.
Johnson Controls has released security updates to address a vulnerability impacting Metasys ADS/ADX/OAS with MUI that allow an unauthenticated user to access the Metasys ADS/ADX/OAS with MUI web API and enumerate users. The affected products are all Metasys ADS/ADX/OAS 10 and 11 versions with MUI.
CVE ID: CVE-2021-36200
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Rockwell Automation has released security updates to resolve deserialization of untrusted data and path traversal vulnerabilities in Rockwell Automation's Equipment- ISaGRAF Workbench that can result in directory traversal, privilege escalation, and arbitrary code execution.
CVE ID: CVE-2022-2463 (Medium), CVE-2022-2464 (High), CVE-2022-2465 (High)
ABB has released security updates to address an improper privilege management vulnerability in ABB's Equipment- Drive Composer, Automation Builder & Mint Workbench. Successful exploitation can allow Remote Code Execution. The affected products are ABB Drive Composer Entry versions 2.0 to 2.7, ABB Drive Composer Pro versions 2.0 to 2.7 and ABB Automation Builder versions 1.1.0 to 2.5.0 and Mint Workbench- Builds 5866 and prior.
CVE ID: CVE-2022-31216 (High), CVE-2022-31217 (High), CVE-2022-31218 (High), CVE-2022-31219 (High), CVE-2022-26057 (Medium)
A session hijacking vulnerability has been discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.
CVE ID: CVE-2022-35890 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability via the whois lookup tool has been discovered in Best Practical's RT for Incident Response (RTIR). The affected versions are RTIR before 4.0.3 and 5.x before 5.0.3.
CVE ID: CVE-2022-25800 (Critical)
It has been discovered that android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916. Security updates are available.
CVE ID: CVE-2022-20216 (Critical)
It has been discovered that Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. The affected versions are Ampere Altra and AltraMax devices before SRP 1.09.
CVE ID: CVE-2022-32295 (Critical)
A vulnerability has been discovered in IOBit IOTransfer which can cause data theft and Remote Code Execution (RCE). The affected version is IOBit IOTransfer 4.3.1.1561.
CVE ID: CVE-2022-24562 (Critical)
An improper access control vulnerability has been discovered in SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions.
CVE ID: CVE-2022-22282 (Critical)
AutomationDirect has released security updates to address a cleartext transmission of sensitive information vulnerability in AutomationDirect's Equipment- Stride Field I/O that can allow an attacker to obtain user credentials.
CVE ID: CVE-2022-2485 (Critical)
Apple has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google Chrome has released Dev channel 105.0.5187.0 (Platform version: 14985.0.0) for most ChromeOS devices, Chrome Beta 104 (104.0.5112.54) for iOS, Extended Stable channel 102.0.5005.167 for Windows and Mac, Beta channel 104.0.5112.57 for Windows, Mac and Linux, and Chrome Beta 104 (104.0.5112.55) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A Local File Inclusion (LFI) vulnerability has been discovered in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 that allows attackers to execute arbitrary PHP code via a crafted HTTP request.
CVE ID: CVE-2022-32409 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162.
CVE ID: CVE-2022-28369 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0.
CVE ID: CVE-2022-28375 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162.
CVE ID: CVE-2022-28373 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability via scripted action tools has been discovered in Best Practical's RT for Incident Response (RTIR). The affected versions are RTIR before 4.0.3 and 5.x before 5.0.3
CVE ID: CVE-2022-25801 (Critical)
Argo CD has released security updates to address an improper certificate validation vulnerability, which can cause Argo CD to trust a malicious OpenID Connect (OIDC) provider. The affected versions are Argo CD 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5. Security updates are available for Argo CD versions 2.4.5, 2.3.6, and 2.2.11.
CVE ID: CVE-2022-31105 (Critical)
Atlassian has released security updates to address Servlet Filter Dispatcher vulnerabilities in its products.
CVE ID: CVE-2022-26136 (Critical), CVE-2022-26137 (Critical)
Atlassian has released security updates to address a vulnerability in Questions For Confluence app for Confluence Server, and Confluence Data Center. The affected versions are Questions for Confluence 2.7.34, 2.7.35, and Questions for Confluence 3.0.2.
CVE ID: CVE-2022-26138 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Cisco will not release security updates to address the vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers as they have entered the end-of-life process.
Drupal has released security updates to address multiple vulnerabilities in Drupal Core.
CVE ID: CVE-2022-25276, CVE-2022-25277 (Critical), CVE-2022-25278, CVE-2022-25275
Ubuntu has released security updates to address a vulnerability that incorrectly handled signatures constructed from SSH public keys in PyJWT. A remote attacker could use this vulnerability to forge a JWT signature. The affected versions are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-29217 (High)
Oracle Solaris has released security updates to address multiple vulnerabilities in third party software that is included in Oracle Solaris distributions.
Accusoft has released a security update to address a use-after-free vulnerability in Accusoft ImageGear PSD Header. This vulnerability can lead to out-of-bounds heap writes, which can cause memory corruption and code execution. The affected version is Accusoft ImageGear 19.10.
CVE ID: CVE-2022-29465
Oracle has released its critical patch update for July 2022 to address 349 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dahua has released security updates to address multiple vulnerabilities in Dahua's Equipment- DHI-ASI7213X-T1 that can allow unauthorized access, upload malicious files, and cause a Denial of Service (DoS) condition. The affected products are Dahua ASI7XXX versions prior to v1.000.0000009.0.R.220620, Dahua IPC-HDBW2XXX versions prior to v2.820.0000000.48.R.220614 and Dahua IPC-HX2XXX versions Prior to v2.820.0000000.48.R.220614.
CVE ID: CVE-2022-30560 (High), CVE-2022-30561 (Medium), CVE-2022-30562 (Low), CVE-2022-30563 (Medium)
WordPress has released security updates to resolve a Stored Cross-Site Scripting vulnerability via the ‘templates[browsingpage]‘ parameter in the WP-UserOnline plugin. The affected versions are WP-UserOnline versions up to, and including 2.87.6.
CVE ID: CVE-2022-2473 (Medium)
Dell has released security updates to address several vulnerabilities in Dell products. The affected products are Dell Connectrix (Brocade), Dell SmartFabric Storage Software, Dell Connectrix (Cisco) DCNM and NDFC, and Dell Connectrix (Cisco) MDS DCNM.
Google Chrome has released Stable channel 103.0.5060.132 (Platform version: 14816.131.0) for most ChromeOS devices and Stable channel 103.0.5060.134 for Windows, Mac and Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2477 (High), CVE-2022-2478 (High), CVE-2022-2479 (High), CVE-2022-2480 (High), CVE-2022-2481 (High), CVE-2022-2163 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database, or disrupt services.
CVE ID: CVE-2022-32456 (Critical)
A vulnerability has been discovered in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft. Successful exploitation can result in takeover of PeopleSoft Enterprise. The affected versions are PeopleSoft Enterprise PeopleTools 8.58 and 8.59.
CVE ID: CVE-2022-21543 (Critical)
A vulnerability has been discovered in Itech Auction Script that can initiate the attack remotely. The affected version is Itech Auction Script 6.49.
CVE ID: CVE-2017-20138 (Critical)
A SQL injection vulnerability has been discovered in seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3.
CVE ID: CVE-2022-29601 (Critical)
A SQL injection vulnerability has been discovered in oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3.
CVE ID: CVE-2022-29600 (Critical)
A permission assignment vulnerability has been discovered in Application Security module of HarmonyOS that can affect data integrity and confidentiality.
CVE ID: CVE-2022-34737 (Critical)
A misconfigured file permission vulnerability has been discovered in netaddr gem before version 2.0.4 which can result in 0777 permissions in the target filesystem.
CVE ID: CVE-2019-17383 (Critical)
Multiple vulnerabilities have been discovered in MiCODUS' Equipment- MV720 GPS tracker. Successful exploitation can allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features (e.g., alarms).
CVE ID: CVE-2022-2107 (Critical), CVE-2022-2141 (Critical), CVE-2022-2199 (High), CVE-2022-34150 (High), CVE-2022-33944 (Medium)
Mitsubishi Electric has released security updates to address multiple vulnerabilities in its Equipment- GENESIS64 and MC Works64 which can cause information disclosure, Denial of Service (DoS) condition or Remote Code Execution (RCE).
CVE ID: CVE-2022-29834 (High), CVE-2022-33315 (High), CVE-2022-33316 (High), CVE-2022-33317 (High), CVE-2022-33318 (Critical), CVE-2022-33319 (High), CVE-2022-33320 (High)
Zyxel has released security updates to address privilege escalation, and authenticated directory traversal vulnerabilities in its products.
CVE ID: CVE-2022-30526, CVE-2022-2030
Veritas has released security updates to address multiple vulnerabilities in NetBackup OpsCenter. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-36954 (Critical), CVE-2022-36951 (Critical), CVE-2022-36950 (Critical), CVE-2022-23457 (Critical), CVE-2022-36949 (Critical), CVE-2022-36952 (High), CVE-2022-36948 (Medium), CVE-2022-36953 (Medium)
Grails has released security updates to address a Remote Code Execution (RCE) vulnerability in Grails framework. This vulnerability allows an attacker to remotely execute code within a Grails application runtime by issuing a specially crafted web request that grants the attacker access to the class loader.
CVE ID:CVE-2022-35912 (Critical)
A Remote Code Execution (RCE) vulnerability via the function parserIfLabel at function.php has been discovered in PbootCMS. The affected version is PbootCMS v3.1.2.
CVE ID: CVE-2022-32417 (Critical)
It has been discovered that Apache CloudStack has a SAML 2.0 authentication Service Provider plugin which is vulnerable to XML external entity (XXE) injection. The affected versions are Apache CloudStack version 4.5.0 and later.
CVE ID: CVE-2022-35741 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to resolve multiple vulnerabilities in WebKitGTK Web & JavaScript engines that can cause Cross Site Scripting (XSS) attacks, Denial of Service (DoS) attacks, and arbitrary code execution. The affected products are Ubuntu 22.04 LTS & Ubuntu 20.04 LTS.
CVE ID: CVE-2022-26710, CVE-2022-22677
Ubuntu has released security updates to address a vulnerability in libhttp-daemon-perl package that can cause HTTP Request smuggling attack. The affected products are Ubuntu 16.04 ESM & Ubuntu 14.04 ESM.
CVE ID: CVE-2022-31081 (Medium)
WordPress has released security updates to resolve a deserialization of an untrusted input vulnerability via the ‘fts_url’ parameter in Feed Them Social – for Twitter feed, Youtube and more plugin. The affected versions are Feed Them Social – for Twitter feed, Youtube & more versions up to, and including 2.9.8.5.
CVE ID: CVE-2022-2437 (High)
Dell has released security updates to address several vulnerabilities in multiple third-Party components. The affected products are various versions of Dell Avamar Server Hardware Appliance Gen4S and Gen4T, Dell Avamar Virtual Edition, Dell Avamar NDMP Accelerator, Dell Avamar VMware Image Proxy, Dell NetWorker Virtual Edition (NVE) , Dell PowerProtect DP Series Appliance and Dell Integrated Data Protection Appliance (IDPA).
Google has released LTC (Long Term Support Candidate) channel 102.0.5005.153 (Platform Version: 14695.114.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2156 (Critical), CVE-2022-2294 (High), CVE-2021-30560 (Medium), CVE-2022-29824 (Medium)
Multiple critical vulnerabilities in the CODESYS V3 runtime affect Festo controller CECC products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
CVE ID: CVE-2021-33485 (Critical), CVE-2020-10245 (Critical), CVE-2019-13548 (Critical), CVE-2019-18858 (Critical), CVE-2018-10612 (Critical), CVE-2021-33485 (Critical), CVE-2019-9010 (Critical)
SonicWall has released security updates to address a Remote Code Execution (RCE) vulnerability in SonicWall Switch and an improperly implemented security check vulnerability in the SonicWall Hosted Email Security. The affected products are SonicWall Switch version 1.1.1.0-2s and earlier and SonicWall Hosted Email Security 10.0.17.7319 and earlier versions.
CVE ID: CVE-2022-2323 (High), CVE-2022-2324 (High)
It has been discovered that Zimbra Collaboration Open Source does not encrypt the initial-login randomly created password that is visible in cleartext on port UDP 514 (aka the syslog port). The affected version is Zimbra Collaboration Open Source 8.8.15.
CVE ID: CVE-2022-32294 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates for some products are available.
CVE ID: CVE-2021-33473 (Critical), CVE-2021-37404 (Critical), CVE-2022-1678 (High), CVE-2022-1882 (High), CVE-2022-2097 (Low), CVE-2022-2274 (High), CVE-2022-29824 (Medium), CVE-2022-29968 (High), CVE-2022-32250 (High), CVE-2022-32275 (High), CVE-2022-24735 (High), CVE-2022-24736 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
ABB has released security updates to address a path traversal vulnerability in the implementation of the Totalflow TCP protocol in ABB G5 products. Successful exploitation of this vulnerability can lead to root access.
CVE ID: CVE-2022-0902 (High)
Multiple out of bounds read vulnerabilities have been discovered in Open Design Alliance's equipment- Drawings SDK. Successful exploitation can allow a user to open a malicious DWG file that can lead to the application crashing or to arbitrary code execution.
CVE ID: CVE-2022-28807 (High), CVE-2022-28808 (High), CVE-2022-28809 (High)
Dell has released security update to address Cross-Site Request Forgery (CSRF) & Java StackOverflow vulnerabilities in Dell Data Protection Central that can lead to processing of unintended server operations. The affected products are Dell Data Protection Central Security versions 19.1, 19.2, 19.3, 19.4, 19.5, and 19.6.
CVE ID: CVE-2022-34367 (Medium), CVE-2020-36518 (High)
Google Chrome has released Dev channel 105.0.5176.3 for Windows, Mac and Linux, Chrome Beta 104 (104.0.5112.48) for iOS, and Chrome Dev 105 (105.0.5176.0) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel that can cause a Denial of Service (DoS) or execute arbitrary code.
CVE ID: CVE-2022-1975, CVE-2022-1974, CVE-2022-1734 (High), CVE-2022-0500 (High), CVE-2022-33981 (Low), CVE-2022-1789 (Medium)
Hertzbleed vulnerability in AMD processors is affecting multiple F5 products that may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
CVE ID: CVE-2022-23823 (Medium)
Hertzbleed vulnerability in Intel(R) processors is affecting multiple F5 products that may allow an authenticated attacker to potentially enable information disclosure via network access.
CVE ID: CVE-2022-24436 (Medium)
Juniper Networks has released security updates to address multiple vulnerabilities affecting its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that Netwrix Auditor is vulnerable to an insecure object deserialization issue that is caused by an unsecured .NET remoting service. Successful exploitation can cause Remote Code Execution (RCE) on Netwrix Auditor servers. The affected versions are all supported versions of Netwrix Auditor prior to 10.5.
Drupal has released security update to address Remote Code Execution, and Information disclosure vulnerabilities in dompdf/dompdf third-party dependency that affects the Entity Print module. The affected versions are dompdf/dompdf versions below 2.0.0.
Cisco released a security update to address an authentication bypass vulnerability in Cisco Identity Services Engine (ISE). Successful exploitation can allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.
CVE ID: CVE-2022-20733 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates for some products are available.
CVE ID: CVE-2022-1183 (High), CVE-2022-1734 (High), CVE-2022-1998 (High), CVE-2022-2068 (Medium), CVE-2022-23712 (High), CVE-2018-10237 (Medium), CVE-2022-22970 (High), CVE-2022-27778 (High), CVE-2022-27779 (Medium), CVE-2022-27780 (Medium), CVE-2022-27781 (Medium), CVE-2022-27782 (Medium), CVE-2022-30115 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-46141, CVE-2021-46142, CVE-2022-2319, CVE-2022-2320, CVE-2022-34903
Citrix has released security updates to resolve vulnerabilities that affect Citrix Hypervisor, when running on AMD Zen 1 or AMD Zen 2 CPUs.
CVE ID: CVE-2022-23825, CVE-2022-29900
Microsoft released security updates to address an elevation of privilege vulnerability in Windows Client Server Runtime Subsystem (CSRSS) affecting multiple window products that can cause a gain in system privileges.
CVE ID: CVE-2022-22047 (High)
Multiple vulnerabilities such as information disclosure and arbitrary speculative code execution have been discovered in several AMD Processor used in Desktop, Mobile, Graphics, Chromebook and Server. Mitigations are available.
CVE ID: CVE-2022-29900 (RETbleed) (aka CVE-2022-23816), CVE-2022-23825
Windows 8.1 will reach end of support on January 10, 2023, at which point technical assistance and software updates will no longer be provided. The affected editions are Windows 8.1-Enterprise, Enterprise N, N, Pro with Media Center, Professional, Professional N and SL.
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. Successful exploitation of this vulnerability can allow for the execution of arbitrary scripts. Veeam Management Pack for Microsoft System Center 8.0 has reached End-of-Fix, and all users are recommended to upgrade to the latest version of Veeam Management Pack for Microsoft System Center.
CVE ID: CVE-2022-32225
Siemens has released security updates and mitigations to resolve multiple vulnerabilities in its products.
CVE ID: CVE-2022-31619 (Critical), CVE-2022-26649 (Critical), CVE-2022-33736 (Critical), CVE-2021-29998 (Critical), CVE-2021-40358 (Critical), CVE-2021-44222 (Critical), CVE-2022-34819 (Critical)
Hitachi Energy has released security updates to address multiple vulnerabilities in Hitachi Energy's Equipment- MSM. Successful exploitation can cause an attacker to gain access to sensitive information or to cause a Denial of Service (DoS), or trick the user into downloading malicious software. The affected products are MSM version 2.2 and earlier.
CVE ID: CVE-2018-16842 (Critical), CVE-2016-8618 (Critical), CVE-2016-8619 (Critical), CVE-2016-7167 (Critical)
Microsoft released security updates to mitigate multiple vulnerabilities in Azure Site Recovery (ASR). These vulnerabilities affect all ASR on-premises customers using a VMware/Physical to Azure scenario and are fixed in the latest ASR 9.49 release.
Adobe has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has released security updates to address multiple vulnerabilities in its software. An attacker can exploit these vulnerabilities to take control of an affected system.
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Dahua's Equipment- DHI-ASI7213X-T1, a facial recognition access controller. Successful exploitation of these vulnerabilities can allow unauthorized access, upload malicious files and cause a Denial of Service (DoS) condition. The affected product is Dahua ASI7213X-T1: Firmware v1.000.10Be006.0.R.201213.
CVE ID: CVE-2022-2334 (High), CVE-2022-2335 (Medium), CVE-2022-2336 (High), CVE-2022-2337 (High), CVE-2022-2338 (High)
Intel has released security updates to address multiple information disclosure vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-28693 (Medium), CVE-2022-29901 (Medium)
HP has released security updates to resolve multiple information disclosure vulnerabilities (known as RETbleed) discovered in some Intel Processors and AMD Processors. The affected products are HP Wolf for Business, HP Wolf Pro Security, HP Sure Click Enterprise and HP Sure Access Enterprise.
CVE ID: CVE-2022-23816 (Medium), CVE-2022-23824 (Medium), CVE-2022-23825 (Medium), CVE-2022-28693 (Medium), CVE-2022-29901 (Medium)
HP has released updated versions of Tera2 Zero Client Firmware that remediate a vulnerability discovered in firmware version 22.04 and earlier.
CVE ID: CVE-2022-1805 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Lenovo has released security updates to address multiple vulnerabilities in its products and has also provided information & mitigation about vulnerabilities in Intel and AMD processors affecting Lenovo products.
CVE ID: CVE-2022-34884, CVE-2022-34888, CVE-2022-1890, CVE-2022-1891, CVE-2022-1892, CVE-2022-29901, CVE-2022-28693, CVE-2022-29900, CVE-2022-23825
Dell has released security updates to resolve an improper access control vulnerability in the Identity and Access Management (IAM) module of Dell ECS that allows read access to unauthorized data.
CVE ID: CVE-2022-31231 (Medium)
Lenze SE has released a security update to resolve a vulnerability that causes skip the password verification upon second login in multiple cabinet series products. Successful exploitation can allow full access to the device without knowledge of the password.
CVE ID: CVE-2022-2302 (Critical)
It has been discovered that Python LDAP incorrectly handled certain regular expressions which can cause Denial of Service (DoS). Security updates are available. The affected products are Ubuntu 22.04, Ubuntu 21.10, Ubuntu 20.04 and Ubuntu 18.04. CVE ID: CVE-2021-46823 (Medium)
It has been discovered that Dovecot incorrectly handled multiple passdb configuration entries which can cause privilege escalation vulnerability. Security updates are available. The affected products are Ubuntu 22.04, Ubuntu 21.10, Ubuntu 20.04 and Ubuntu 18.04. CVE ID: CVE-2022-30550
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
A Cross-Site Scripting (XSS) vulnerability in Apache Tomcat affects F5 product's Traffix SDC. Successful exploitation can compromise the confidentiality and integrity of data on the affected system. The affected versions are Traffix SDC 5.2.0 and 5.1.0. CVE ID: CVE-2022-34305 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released a security update to address memory access vulnerabilities in Vim package that can cause corruption of sensitive information, a crash, arbitrary code execution, or use unexpected values. CVE ID: CVE-2022-1968 (High), CVE-2022-1897 (High), CVE-2022-1942 (High)
Multiple vulnerabilities have been discovered in Bently Nevada equipment's 3701/4X series, all versions and 60M100 (3701/60), all versions Condition Monitoring System (CMS) that can allow file manipulation, Remote Code Execution (RCE), or cause a Denial-of-Service (DoS) condition. Security updates are available for Bently Nevada 701/4X series. Bently Nevada 60M100 (3701/60) is approaching end-of-life status, only mitigation is available. CVE ID: CVE-2022-29953 (Critical), CVE-2022-29952 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates for some products are available.
CVE ID: CVE-2022-1183 (High), CVE-2022-1734 (High), CVE-2022-1998 (High), CVE-2022-2068 (Medium), CVE-2022-23712 (High), CVE-2022-28660 (Critical), CVE-2022-29170 (High), CVE-2022-30594 (High), CVE-2022-22976 (Medium), CVE-2022-22978 (Critical), CVE-2022-31621 (Medium), CVE-2022-31622 (Medium), CVE-2022-31623 (Medium), CVE-2022-31624 (Medium)
An improper restriction of rendered UI layers or frames vulnerability has been discovered in Rockwell Automation's Equipment- MicroLogix 1100/1400 that can lead to a loss of sensitive information, such as authentication credentials.
CVE ID: CVE-2022-2179 (Medium)
Dell has released security updates to address multiple vulnerabilities in Dell PowerStore Family that can be exploited by malicious users to compromise the affected system.
Google has released Beta channel 104.0.5112.36 (Platform version: 14909.52.0) for most ChromeOS devices, Beta channel 104.0.5112.39 for Windows, Mac and Linux, and Chrome Beta 104 (104.0.5112.37) for Android.
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Mitsubishi Electric has released security updates to resolve a Denial of Service (DoS) vulnerability due to uncontrolled resource consumption in Mitsubishi Electric's Equipment- MELSEC iQ-R Series C Controller Module.
CVE ID: CVE-2021-20600
Microsoft has released Microsoft Edge Stable Channel (Version 103.0.1264.49), which incorporates the latest security updates of the Chromium project. Security updates resolve heap buffer overflow vulnerability in WebRTC and type Confusion vulnerability in V8. CVE ID: CVE-2022-2294, CVE-2022-2295
Android has released security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-06-05 or later, address all of these issues.
Festo has released security updates to address multiple preauthentication command injection vulnerabilities in Festo controller CECC-X-M1 product family. Any person who is able to gain access to the webserver can run arbitrary system commands on the device with root privileges. CVE ID: CVE-2022-30308 (Critical), CVE-2022-30309 (Critical), CVE-2022-30310 (Critical), CVE-2022-30311 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20812 (Critical), CVE-2022-20813 (Critical), CVE-2022-20808 (High), CVE-2022-20752 (Medium), CVE-2022-20862 (Medium), CVE-2022-20859 (Medium), CVE-2022-20768 (Medium), CVE-2022-20815 (Medium), CVE-2022-20800 (Medium), CVE-2022-20791 (Medium)
Maui ransomware is being used to target Healthcare and Public Health (HPH) Sector organisations. Maui ransomware (maui.exe) is an encryption binary. aui uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt target files.
Dell has released security update to address a Remote Code Execution (RCE) vulnerability in Cloud Mobility for Dell EMC Storage version 1.3.0 and prior. Any basic user may purposefully or accidently exploit this vulnerability, leading to RCE with full take over of the system. CVE ID: CVE-2022-33936 (High)
SUSE has released security update to resolve a Denial of Service (DoS) vulnerability via set-cookie2 header vulnerability in haproxy. CVE ID: CVE-2022-0711 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
HarmonyOS has released security bulletin to address multiple vulnerabilities affecting several Huawei phones and tablets that run HarmonyOS. Security patch levels of 2022-07-01 or later address all of these issues.
A vulnerability exists in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Affected version is OpenSSL 3.0.4. It is recommended to upgrade to OpenSSL 3.0.5. CVE ID: CVE-2022-2274 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in various WordPress plugins. Security update is available for Visualizer WordPress plugin. No patches are available for AnyMind Widget and FreeMind WP Browser WordPress plugins. CVE ID: CVE-2022-2251 (High), CVE-2022-2252 (High), CVE-2022-2256 (High)
Dell has released security update to address a privilege escalation vulnerability in Dell PowerProtect Cyber Recovery versions before 19.11. CVE ID: CVE-2022-32481 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address multiple vulnerabilities in PHP & Django. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31625 (Critical), CVE-2022-31626 (High), CVE-2022-34265 (High)
Django has released security updates to address a SQL injection vulnerability in Django's main branch, versions 4.1, 4.0, and 3.2. CVE ID: CVE-2022-34265 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released updated Chrome 103 (103.0.5060.71) for Android, Stable channel 103.0.5060.114 for Windows, and Extended Stable channel 102.0.5005.148 for Windows and Mac. An exploit for heap buffer overflow vulnerability (CVE-2022-2294) exists in the wild. CVE ID: CVE-2022-2294 (High), CVE-2022-2295 (High), CVE-2022-2296 (High)
SUSE has released security updates to resolve multiple vulnerabilities in Linux Kernel. CVE ID: CVE-2022-1116 (High), CVE-2022-1734 (High), CVE-2022-1966, CVE-2022-1972, CVE-2022-32250 (High)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. The Debian Long Term Support (LTS) team also announced that Debian 9 stretch support has reached its end-of-life on July 1, 2022. Debian will not provide further security updates for Debian 9.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel & curl package. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-28388 (High), CVE-2022-21125 (Medium), CVE-2022-21123 (Medium), CVE-2022-21166 (Medium), CVE-2022-1652 (High), CVE-2022-1353 (High), CVE-2022-28356 (High), CVE-2022-1734 (High), CVE-2021-4202 (High), CVE-2022-1419 (High), CVE-2021-4197 (High), CVE-2022-1679 (High), CVE-2022-27781 (High), CVE-2022-32208.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that NVFLARE contains a vulnerability in its PKI implementation module, that can cause Remote Code Execution (RCE), Denial Of Service (DoS), and impact both confidentiality and integrity. The affected products are NVFLARE, versions prior to 2.1.2. CVE ID: CVE-2022-31604 (Critical)
It has been discovered that NVFLARE contains a vulnerability in its utils module, that can cause Remote Code Execution (RCE), Denial Of Service (DoS), and impact both confidentiality and integrity. The affected products are NVFLARE, versions prior to 2.1.2. CVE ID: CVE-2022-31605 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in the curl package that allow to perform a machine-in-the-middle attack and Denial of Service (DoS) attack. CVE ID: CVE-2022-32208, CVE-2022-27781 (High)
Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates are available for WP All Import and Download Manager WordPress plugins. No patch is available for Image Slider and Gallery for Social Photo WordPress plugins. CVE ID: CVE-2022-1565 (Medium), CVE-2022-2223 (Medium), CVE-2022-2224 (Medium), CVE-2022-2101 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple Operational Technology (OT):ICEFALL vulnerabilities have been discovered in Emerson's Equipment- DeltaV Distributed Control System. Successful exploitation of these vulnerabilities can result in a Denial-of-Service (DoS) condition, manipulation of runtime communications, or compromise of a controller. CVE ID: CVE-2022-29957 (Medium), CVE-2022-29962 (Medium), CVE-2022-29963 (Low), CVE-2022-29964 (Medium), CVE-2022-29965 (High), CVE-2022-30260 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in CODESYS V3 products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-30791 (Medium), CVE-2022-30792 (Medium), CVE-2022-22519 (High),CVE-2022-22513 (High), CVE-2022-22514 (High), CVE-2022-22518 (Medium), CVE-2022-22517 (High), CVE-2022-22515 (High)
Google has released updated Dev channel 105.0.5148.2 for Windows, Mac and Linux, Chrome Beta 104 (104.0.5112.29) for iOS, and Chrome Dev 105 (105.0.5149.0) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An improper authentication vulnerability has been discovered in Exemys' Equipment- RME1 that can allow an attacker with network access to bypass authentication and perform administrative operations. It is recommended to update to a new supported product RME2 as RME1 is considered to be an end-of-life product. CVE ID: CVE-2022-2197 (Critical)
Cross-Site Scripting (XSS) and OS command injection vulnerabilities have been discovered in Distributed Data Systems' Equipment- WebHMI, which can allow a user with administrative privileges in WebHMI to execute arbitrary OS commands or impact other logged-in users. The affected products are WebHMI 4.1.1.7662 and possibly prior versions. CVE ID: CVE-2022-2254 (Medium), CVE-2022-2253 (Critical)
GitLab has released updated versions 15.1.1, 15.0.4, and 14.10.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities. CVE ID: CVE-2022-2185 (Critical), CVE-2022-2235 (High), CVE-2022-2230 (High), CVE-2022-2229 (High)
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1116 (High), CVE-2018-10237 (Medium)
McAfee has released a security update to address a privilege escalation vulnerability in Data Exchange Layer (DXL) Broker for Windows prior to 6.0.0.280. CVE ID: CVE-2022-2188 (Medium)
Jira has released security updates to address a vulnerability that allows a remote, authenticated user to perform a full-read Server Side Request Forgery (SSRF) in Mobile Plugin for Jira Data Center and Server. CVE ID: CVE-2022-26135 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address a vulnerability that allows to log password hashes when reporting schema failures in its cloud-init package. An attacker with access to these logs can use this to gain user credentials. CVE ID: CVE-2022-2084
Mozilla has released a security update to address a vulnerability in Firefox for iOS. An attacker can exploit this vulnerability to take control of an affected system. CVE ID: CVE-2022-31746 (Medium)
Google has released Chrome Beta 104 (104.0.5112.29) & Chrome 103 (103.0.5060.70) for Android, Dev channel 105.0.5140.0 (Platform version: 14943.0.0) & Beta channel 104.0.5112.23 (Platform version: 14909.26.0) for most ChromeOS devices and Beta channel 104.0.5112.29 for Windows, Mac and Linux.
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-29599 (Critical), CVE-2021-36773 (High), CVE-2022-31214 (High)
MITRE has released a list of the top 25 most dangerous software weaknesses that can cause exploitation of vulnerabilities and allow adversaries to completely take over a system, steal data, or prevent applications from working.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 91.11 and 102, Firefox 102, and Firefox ESR 91.11. An attacker can exploit these vulnerabilities to take control of an affected system.
ABB has released security updates to address multiple incorrect default permissions vulnerabilities in its equipment- e-Design which can allow privilege escalation or a Denial-of Service (DoS) condition. The affected products are e-Design all versions prior to 1.12.2.0006. CVE ID: CVE-2022-28702 (Medium), CVE-2022-29483 (High)
Multiple Operational Technology (OT):ICEFAL vulnerabilities have been discovered in Omron Equipment- SYSMAC CS/CJ/CP Series & NJ/NX Series. Successful exploitation of these vulnerabilities can cause a Denial-of-Service (DoS) condition and allow Remote Code Execution (RCE). CVE ID: CVE-2022-31204 (Medium), CVE-2022-31205 (Medium), CVE-2022-31206 (Medium), CVE-2022-31207 (Medium)
A missing authentication for critical function, Operational Technology (OT):ICEFAL vulnerability has been discovered in Motorola Solutions' Equipment- MOSCAD IP Gateway all versions and ACE IP Gateway all versions. Successful exploitation of this vulnerability can result in manipulation of device configuration. CVE ID: CVE-2022-30276 (High)
Multiple Operational Technology (OT):ICEFAL vulnerabilities have been discovered in Motorola Solutions' Equipment- MDLC. Successful exploitation of these vulnerabilities can result in message manipulation, exposure of the attack surface of the MDLC protocol parser, memory corruption, and exposure of sensitive information. The affected product are MDLC versions 4.80.0024, 4.82.004 & 4.83.001. CVE ID: CVE-2022-30273 (Medium), CVE-2022-30275 (High)
Huawei has released a security update to address a password verification vulnerability in WS7200-10 which can cause disclosure of sensitive system information. The affected product is WS7200-10 version 11.0.2.13. CVE ID: CVE-2022-33735 (Medium)
Foxit has released an updated Foxit PDF Reader 12.0 and Foxit PDF Editor 12.0 to resolve multiple vulnerabilities in Foxit PDF Reader version 11.2.2.53575 & earlier, Foxit PDF Editor version 11.2.2.53575 & all previous 11.x versions and Foxit PDF Editor version 10.1.8.37795 & earlier versions.
Hitachi Energy has released security updates to address a vulnerability in the Modbus stack that can cause stack overflow which results in a reboot of the product. The affected products are Hitachi Energy's RTU500 series. CVE ID: CVE-2022-2081 (High)
Advantech has released security update to address multiple vulnerabilities in Advantech's Equipment- iView that can cause read or modify sensitive data, disclose information, or execute arbitrary code. The affected products are Advantech iView management software, all versions prior to 5_7_04_6469. CVE ID: CVE-2022-2143 (Critical), CVE-2022-2135 (High), CVE-2022-2136 (High), CVE-2022-2137 (Medium), CVE-2022-2142 (High), CVE-2022-2138 (High), CVE-2022-2139 (Medium)
Multiple Operational Technology (OT):ICEFALL vulnerabilities have been discovered in all version of Motorola Solutions ACE1000, a Remote Terminal Unit (RTU). Remediation and upgradation are available. CVE ID: CVE-2022-30271 (Critical), CVE-2022-30270 (Critical), CVE-2022-30274 (High), CVE-2022-30269 (Medium), CVE-2022-30272 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Dev channel 104.0.5112.23 (Platform version: 14909.26.0) for most ChromeOS devices, Stable channel 103.0.5060.66 for Windows, and Stable channel 103.0.5060.64 (Platform version: 14816.82.0) for most ChromeOS devices to resolve multiple vulnerabilities.
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address a vulnerable USB2CAN interface implementation in Linux kernel. A local attacker can use this vulnerability to cause a denial of service (system crash). CVE ID: CVE-2022-28388 (High)
Dell has released security updates to address OpenSSL vulnerability in Dell Precision Workstation that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2022-0778 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address multiple vulnerabilities in Citrix Hypervisor that may allow privileged code in a PV guest VM to compromise the host. CVE ID: CVE-2022-26362 (Medium), CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166
OFFIS has released security updates to address Path Traversal, Relative Path Traversal, and NULL Pointer Dereference vulnerabilities in its Equipment- DCMTK. Successful exploitation of these vulnerabilities can allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution. CVE ID: CVE-2022-2119 (High), CVE-2022-2120 (High), CVE-2022-2121 (Medium)
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.
Ubuntu has released security updates to resolve multiple vulnerabilities in Apache HTTP Server. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Chrome 104 (104.0.5112.20) Beta channel for Windows, Mac & Linux, Chrome Beta 104 (104.0.5112.22) for iOS and Chrome Dev 105 (105.0.5135.3) & Chrome Beta 104 (104.0.5112.18) for Android.
CODESYS has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31802 (Critical), CVE-2022-31803 (Critical), CVE-2022-31804 (Critical), CVE-2022-31805 (Critical), CVE-2022-31806 (Critical), CVE-2022-1965 (High), CVE-2022-32136 (High), CVE-2022-32137 (High), CVE-2022-32138 (High), CVE-2022-32139 (High), CVE-2022-32140 (High), CVE-2022-32141 (High), CVE-2022-32142 (High), CVE-2022-32143 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vendor's Operational Technology (OT) products are affected with a set of 56 vulnerabilities named "ICEFALL", triggered due to insecure-by-design practices in OT. The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures.
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.
Ubuntu has released security updates to resolve a vulnerability in Squid and Squid3 packages which incorrectly handled the Gopher protocol that caused Squid to crash, resulting in a Denial of Service (DoS). CVE ID: CVE-2021-46784
Cisco has released security updates to resolve arbitrary code execution and command injection vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20828 (Medium), CVE-2022-20829 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Free Live Chat Support WordPress plugin. The affected versions are Free Live Chat Support versions up to, and including 1.0.11. CVE ID: CVE-2022-2039 (High)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the DX Share Selection WordPress plugin. The affected versions are DX Share Selection plugin versions up to, and including 1.4. CVE ID: CVE-2022-2001 (High)
Dell has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-4160 (Medium), CVE-2022-24423 (Medium), CVE-2022-0778 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
An out-of-bounds write vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) of Pyramid Solutions used in Weidmueller Interface. Successful exploitation of vulnerability by sending a specially crafted packet can result in a Denial of Service (DoS) condition. CVE ID: CVE-2022-1737 (Critical)
An insufficient verification of data authenticity vulnerability has been discovered Phoenix Contact's equipment- ProConOS/ProConOS eCLR and MULTIPROG that can allow uploading of arbitrary malicious code after gaining access to the communication to products utilizing it. The mitigations and workarounds are available. CVE ID: CVE-2022-31801 (Critical)
An insufficient verification of data authenticity vulnerability has been discovered in Phoenix Contact's equipments- ILC, AXC, RFC, PC WORX & FC, that can allow an attacker to upload logic with arbitrary code. The mitigations and workarounds are available. CVE ID: CVE-2022-31800 (Critical)
A missing authentication for critical function vulnerability has been discovered in several Phoenix Contact's equipments. Successful exploitation of vulnerability can allow changes to configurations, manipulate services, or cause a Denial of Service (DoS) condition. The mitigations and workarounds are available. CVE ID: CVE-2019-9201 (Critical)
It has been discovered that if SIMATIC WinCC OA implements client-side only authentication when neither server-side authentication (SSA) nor Kerberos authentication is enabled, can allow attackers to impersonate as other users or exploit the client-server protocol without being authenticated. Remediation is available. CVE ID: CVE-2022-33139 (Critical)
Google has released Chrome 103 (103.0.5060.53) for Android, Extended Stable channel 102.0.5005.134 for Windows & Mac, Chrome Stable 103 (103.0.5060.54) for iOS, LTS LTC-102 102.0.5005.75 (Platform Version: 14695.85.0) for most ChromeOS devices, Chrome Dev 104 (104.0.5112.18) for Android, and Chrome 103 stable channel (103.0.5060.53)for Windows, Mac and Linux to resolve multiple vulnerabilities. CVE ID: CVE-2022-2156 (Critical)
A missing authentication for critical function vulnerability has been discovered in JTEKT's Equipment- TOYOPUC Products, that can cause a Denial of Service condition, change control logic, or disable communication links. Workarounds are available. CVE ID: CVE-2022-29951 (High), CVE-2022-29958 (High)
It has been discovered that SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. SMA Technologies has released a tool to address this vulnerability. CVE ID: CVE-2022-2154
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
QNAP NAS has released security updates to resolve a vulnerability in PHP that affects its operating system. Successful exploitation can cause Remote Code Execution (RCE). The affected products are QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later and QuTScloud c5.0.x and later. CVE ID: CVE-2019-11043 (High)
OpenSSL has released security updates to resolve vulnerability that can cause the execution of arbitrary commands with the privileges. This vulnerability affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. CVE ID: CVE-2022-2068 (Medium)
Foxit has released an updated Foxit PhantomPDF 10.1.8 to resolve multiple vulnerabilities in Foxit PhantomPDF version 10.1.7.37777 and earlier versions.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Yokogawa STARDOM. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-29519 (Medium), CVE-2022-30997 (Medium)
Spring has released security updates to address SpEL Injection vulnerability through annotated query methods with SpEL expressions in Spring Data MongoDB application. The affected products are Spring Data MongoDB 3.4.0, 3.3.0 to 3.3.4 and older, unsupported versions. CVE ID: CVE-2022-22980
Ubuntu has released security updates to resolve multiple vulnerabilities in Intel Microcode. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-0127 (Medium), CVE-2021-0145 (Medium), CVE-2021-0146 (Medium), CVE-2021-33117 (Medium), CVE-2021-33120 (Medium), CVE-2022-21123, CVE-2022-21127, CVE-2022-21151 (Medium), CVE-2022-21166
Huawei has released security update to address an input verification vulnerability in Huawei printers. Successful exploitation of this vulnerability can cause device service exceptions. CVE ID: CVE-2022-34159 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has announced that it will remove Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. All organisations are urged to expedite migration to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022, for all protocols. This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication.
FastJson has released security update to resolve vulnerability in its package before 1.2.83 which allows attackers to utilise “AutoTypeCheck” mechanism and achieve Remote Code Execution (RCE) in FastJson. CVE ID: CVE-2022-25845 (Critical)
WordPress has released security updates to resolve a sensitive information disclosure vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugins. The affected versions are GiveWP – Donation Plugin and Fundraising Platform plugins versions up to, and including, 2.20.2. CVE ID: CVE-2022-2117 (Medium)
Google has released Dev channel 104.0.5112.14 for Windows, Mac & Linux, Chrome Beta 104 (104.0.5112.8) for iOS, Dev channel 104.0.5112.12 for Mac & Linux and 104.0.5112.14 for Windows, and Chrome Dev 104 (104.0.5112.10) for Android.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
HP has released security update to address a vulnerability that allows unauthorized modification of certain files in HP ThinPro 7.2 Service Pack 8 (SP8) affecting its thin client products. HP has released Service Pack 10 (SP10) to remediate the vulnerability. CVE ID: CVSS-2022-1602 (Medium)
Dell has released security updates for Dell EMC PowerScale OneFS to address multiple vulnerabilities that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2022-31229 (Critical), CVE-2022-31230 (High)
Multiple vulnerabilities have been discovered in AutomationDirect equipment- DirectLOGIC with Ethernet Communication Modules that can cause a loss of sensitive information, unauthorised changes and a Denial of Service (DoS) condition. The mitigations are available. CVE ID: CVE-2022-2004 (High), CVE-2022-2003 (High)
AutomationDirect has released security updates to resolve a vulnerability which can cause cleartext transmission of sensitive information in its Equipment- DirectLOGIC with Serial Communication. CVE ID: CVE-2022-2003 (High)
AutomationDirect has released security updates to address multiple vulnerabilities in its Equipment- C-more EA9 HMI that can cause a loss of sensitive information and the ability to run code execution with elevated privileges. CVE ID: CVE-2022-2006 (High), CVE-2022-2005 (High)
Multiple vulnerabilities have been discovered in Hillrom Medical Equipment- Welch Allyn medical devices. Successful exploitation of these vulnerabilities can allow an attacker to compromise software security by executing commands, gaining privileges, reading sensitive information, evading detection, etc. CVE ID: CVE-2022-26388 (Medium), CVE-2022-26389 (High)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the WordPress plugin Button Widget Smartsoft. The affected products are Button Widget Smartsoft versions up to, and including, 1.0.1. CVE ID: CVE-2022-1912 (High)
WordPress has released security updates to resolve a vulnerability in Wbcom Designs – BuddyPress Group Reviews plugins. The affected versions are Wbcom Designs – BuddyPress Group Reviews plugins versions up to, and including, 2.8.3. CVE ID: CVE-2022-2108 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
A Remote Code Execution (RCE) vulnerability has been discovered in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that can cause an affected device to restart unexpectedly, resulting in a Denial of Service (DoS) condition. Cisco will not release software updates as routers have entered the end-of-life process. CVE ID: CVE-2022-20825 (Critical)
Cisco released a security update to resolve an authentication bypass vulnerability in Cisco Secure Email & Web Manager that can cause an unauthenticated remote attacker to bypass authentication and log in to the web management interface of an affected device. CVE ID: CVE-2022-20798 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31626, CVE-2022-31625
Google has released updated Stable channel 102.0.5005.125 (Platform version: 14695.107.0) for most ChromeOS devices, Beta channel 103.0.5060.53 for Windows, Mac & Linux, Dev channel 104.0.5110.0 for Windows, Mac & Linux, and Chrome Beta 103 (103.0.5060.53) for Android.
Synaptics has released security updates to address a vulnerability in Synaptics Fingerprint drivers that use SGX that can cause Denial of Service (DoS) and information disclosure. CVE ID: CVE-2021-3675
Spring has released a security update to address a Denial of Service (DoS) vulnerability in Spring Cloud Function 3.2.5 and prior versions. CVE ID: CVE-2022-22979 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Cisco has released security updates and work around to resolve multiple vulnerabilities in its products. CVE ID: CVE-2022-20733, CVE-2022-20736, CVE-2022-20817, CVE-2022-20819, CVE-2022-20664
A vulnerability has been discovered in AMD processors which by using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. CVE ID: CVE-2022-23823
Windows has released security updates to address a Remote Code Execution (RCE) vulnerability in Windows Network File System. CVE ID: CVE-2022-30136 (Critical)
Zoom has released security updates to resolve insufficient authorisation check and DLL injection vulnerabilities in its platform. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-28749 (Medium), CVE-2022-22788 (High)
Hitachi Energy has released security update to resolve a vulnerability in Actbar2.ocx module that affects Hitachi Energy's equipment- PROMOD IV. An attacker who successfully exploit this vulnerability can delete arbitrary files once the system is compromised. CVE ID: CVE-2010-3591 (Critical)
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address multiple vulnerabilities in Application Delivery Management (Citrix ADM). An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-27511, CVE-2022-27512
Johnson Controls has released security updates to resolve Unverified Password Change, and Cross-site Scripting vulnerabilities in its Equipment- Metasys ADS/ADX/OAS Servers. Successful exploitation of these vulnerabilities can allow unauthorized users to compromise passwords and inject malicious code into web interfaces. CVE ID: CVE‐2022‐21935 (High), CVE‐2022‐21937 (High), CVE‐2022‐21938 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Meridian Cooperative has released security update to address an Improper Access Control vulnerability in its Equipment- Meridian. Successful exploitation of this vulnerability can result in a disclosure of sensitive information. CVE ID: CVE-2022-29578 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Intel products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-24436 (Medium), CVE-2022-21180 (Medium), CVE-2022-21123 (medium), CVE-2022-21125 (medium), CVE-2022-21127 (medium), CVE-2022-21166 (medium)
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-Q and L series CPU modules. A malicious attacker can cause a DoS condition in ethernet communications by sending a specially crafted packet. CVE ID: CVE-2022-24946 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve a path traversal vulnerability in rubygem-sinatra. The affected product is SUSE OpenStack Cloud Crowbar 8. CVE ID: CVE-2022-29970 (High)
Multiple vulnerabilities have been discovered in Trendnet TEW-831DR WiFi Router. Trendnet has released security updates for a few vulnerabilities. CVE ID: CVE-2022-30325 (Medium), CVE-2022-30326 (Medium), CVE-2022-30327 (High), CVE-2022-30328 (Medium), CVE-2022-30329 (Medium)
Debian has released security updates to address multiple vulnerabilities in the VLC media player, which can result in the execution of arbitrary code or Denial of Service (DoS) if a malformed media file is opened. CVE ID: CVE-2020-26664 (High)
A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in Mitsol Social Post Feed WordPress plugins versions up to and including 1.10. CVE ID: CVE-2022-0209 (Medium)
Drupal uses third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released security updates to resolve multiple vulnerabilities which affect some contributed projects or custom code on Drupal sites. CVE ID: CVE-2022-31042 (High), CVE-2022-31043
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Moxa has released a security update to resolve multiple out-of-bounds write vulnerabilities in Moxa's equipment- NPort 5110 Series Firmware Version 2.10.
A vulnerability in Data Distribution Service (DDS) software component has been discovered in Medtronic’s Valleylab™ FX8 and FT10 energy platforms. Medtronics has released a security update for Valleylab™ FX8 and mitigation for Valleylab™ FT10 energy platform to address vulnerability. CVE ID: CVE-2021-43547(High)
Google has released Chrome Dev 104 (104.0.5108.0) for Android, Extended Stable channel 102.0.5005.115 for Windows & Mac, Chrome Beta 103 (103.0.5060.42) for iOS and Stable channel 102.0.5005.115 for Windows, Mac & Linux to resolve multiple vulnerabilities. CVE ID: CVE-2022-2007 (High), CVE-2022-2008 (High), CVE-2022-2010 (High), CVE-2022-2011 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released security updates to address multiple vulnerabilities in Dell SupportAssist for Home PCs and Business PCs that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2022-29092 (High), CVE-2022-29093 (High), CVE-2022-29094 (High), CVE-2022-29095 (High)
Apache has released security updates for its HTTP Server to resolve multiple vulnerabilities.
CVE ID: CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in ToolBar to Share WordPress plugins versions up to and including 2.0.
CVE ID: CVE-2022-1918 (High)
It has been discovered that Festo controller CECC-X-M1 product family in multiple versions are affected by multiple preauthentication command injection vulnerabilities. Any person who is able to gain access to the webserver can run arbitrary system commands on the device with root privileges.
CVE ID: CVE-2022-30308 (Critical), CVE-2022-30309 (Critical), CVE-2022-30310 (Critical), CVE-2022-30311 (Critical)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Beta channel 103.0.5060.42 for Windows, Mac and Linux, Beta channel 103.0.5060.37 (Platform version: 14816.49.0) for most ChromeOS devices, and Chrome Beta 103 (103.0.5060.42) for Android.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Copify WordPress plugins versions up to, and including, 1.3.0. CVE ID: CVE-2022-1900 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released a security update to resolve an improper authentication vulnerability in Dell iDRAC9. Successful exploitation can cause gain to the VNC Console. The affected products are iDRAC9 versions 5.00.00.00 and later but before 5.10.10.00. CVE ID: CVE-2022-24422 (Critical)
Android has released security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2022-06-05 or later address all of these issues. CVE ID: CVE-2022-20130 (Critical), CVE-2022-20127 (Critical), CVE-2022-20140 (Critical), CVE-2022-20145 (Critical), CVE-2022-20210 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1304 (High), CVE-2022-30787, CVE-2022-30784 (Medium), CVE-2022-30783 (Medium), CVE-2022-30788 (Medium), CVE-2022-30789 (Medium), CVE-2022-30786 (Medium), CVE-2022-30785 (Medium), CVE-2022-30790
NVIDIA has released a security update to resolve multiple vulnerabilities in the NVIDIA DGX A100 firmware, which can lead to information disclosure, Denial of Service (DoS), or escalation of privileges. CVE ID: CVE-2022-28200 (High), CVE-2022-31599 (High), CVE-2022-31600 (High), CVE-2022-31601 (Medium), CVE-2022-31602 (Medium), CVE-2022-31603 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in encryption communications of Mitsubishi Electric air conditioning systems that can cause information disclosure, information tampering and Denial of Service (DoS). The mitigations are available. CVE ID: CVE-2022-24296 (Low), CVE-2016-2183 (High), CVE-2013-2566 (Medium), CVE-2015-2808 (Medium), CVE-2009-3555 (High)
A password-guessing attacks and CRLF injection vulnerabilities have been discovered in Zyxel in GS1200 series switches and in its legacy firewalls respectively. The mitigations are available.
Owl Labs has released security updates to address a vulnerability in Meeting Owl Pro which, can cause disclosure of sensitive information. CVE ID: CVE-2022-31460
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
SUSE has released security updates to resolve multiple vulnerabilities in Linux Kernel. CVE ID: CVE-2022-30594 (High), CVE-2022-1048 (High), CVE-2022-30594 (High)
Huawei has released a security updates to address an improper input verification and command injection vulnerabilities in its products. Successful exploitation of these vulnerabilities can lead to service abnormal and highest privileges of the printer respectively. CVE ID: CVE-2022-32203 (Critical), CVE-2022-32204 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CODESYS has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1989 (High), CVE-2022-1794 (High), CVE-2022-30791 (Medium), CVE-2022-30792 (Medium), CVE-2021-21863 (High), CVE-2021-21864 (High), CVE-2021-21865 (High), CVE-2021-21866 (High), CVE-2021-21867 (High), CVE-2021-21868 (High), CVE-2021-21869 (High)
An arbitrary out-of-bounds write and buffer overflow vulnerabilities have been discovered in U-Boot. CVE ID: CVE-2022-30790 (Critical), CVE-2022-30552 (High)
Multiple vulnerabilities have been discovered in Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. CVE ID: CVE-2022-1739, CVE-2022-1740, CVE-2022-1741, CVE-2022-1742, CVE-2022-1743, CVE-2022-1744, CVE-2022-1745, CVE-2022-1746, CVE-2022-1747
Dell has released security updates to address multiple vulnerabilities in its products that can be exploited by malicious users to compromise the affected system.
Google has released Dev channel 104.0.5098.0 for Windows, Mac and Linux, Chrome Beta 103 (103.0.5060.34) for iOS, and Chrome Dev 104 (104.0.5097.3) for Android.
Yokogawa has released security update to address a vulnerability in Wide Area Communication Router (WAC Router). If WAC Router is subjected to a DoS attack with malformed packets, the functions provided by WAC Router can stop.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
A Reflected Cross-Site Scripting vulnerability in WordPress plugins Download Manager and Stored Cross-Site Scripting vulnerability in WordPress plugins Ultimate Member have been discovered. The updates are available. CVE ID: CVE-2022-1985 (Medium), CVE-2022-1208 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An unauthenticated remote code execution vulnerability has been discovered in Atlassian Confluence Server and Data Center. CVE ID: CVE-2022-26134 (Critical)
Illumina has released security update to resolve multiple vulnerabilities in Illumina's Equipment- Local Run Manager (LRM). Successful exploitation of these vulnerabilities can allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. CVE ID: CVE-2022-1517 (Critical), CVE-2022-1518 (Critical), CVE-2022-1519 (Critical), CVE-2022-1521 (Critical), CVE-2022-1524 (High)
Multiple vulnerabilities such as Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, and OS Command Injection have been discovered in Carrier LenelS2's Equipment- HID Mercury access panels sold by LenelS2. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31479 (Critical), CVE-2022-31480 (High), CVE-2022-31481 (Critical), CVE-2022-31482 (High), CVE-2022-31483 (Critical), CVE-2022-31484 (High), CVE-2022-31485 (Medium), CVE-2022-31486 (High)
Mitsubishi Electric has released security updates to resolve Denial of Service(DoS) and Remote Code Execution Vulnerability due to Improper Input Validation in Mitsubishi Electric's Equipment- MELSEC-Q Series, MELSEC-L Series, and MELSEC iQ-R Series. A remote unauthenticated attacker can cause a denial of service (DoS) condition or execute malicious code on target products by sending specially crafted packets. CVE ID: CVE-2022-25163 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
It has been discovered that Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery. This vulnerability can allow unauthenticated attackers to inject malicious web scripts via forged request granted to trick a site administrator into performing an action such as clicking on a link. CVE ID: CVE-2022-1969 (High)
Mozilla has released security update to address a SQL injection vulnerability in Firefox for iOS 101. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1887 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22965 (Critical), CVE-2022-20742 (High), CVE-2022-20715 (High), CVE-2022-20759 (High), CVE-2022-20759 (High), CVE-2022-20745 (High), CVE-2022-20737 (High), CVE-2022-20760 (High), CVE-2022-20774 (Medium), CVE-2022-20821 (Medium)
Huawei has released a security update to address an insufficient input verification vulnerability in Huawei products. Successful exploitation of this vulnerability can lead to service abnormal. CVE ID: CVE-2022-32144 (High)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities such as Insufficient Session Expiration, and Not Using Password Aging have been discovered in Becton, Dickinson and Company's Equipment- Synapsys, and Pyxis. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22767 (High), CVE-2022-30277 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability in WordPress plugins Google Tag Manager for WordPress (GTM4WP) and Cross-Site Request Forgery vulnerability in WordPress plugins WPMK Ajax Finder have been discovered. The updates are available for Google Tag Manager for WordPress (GTM4WP). CVE ID: CVE-2022-1961 (Medium), CVE-2022-1749 (High)
Stack-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment- Alpha7 PC Loader. Successful exploitation of this vulnerability can allow arbitrary code execution. CVE ID: CVE-2022-1888 (High)
Dell has released security update for Dell EMC Unisphere Central to address multiple third-party component vulnerabilities that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2021-44832 (Medium), CVE-2022-22720 (Critical), CVE-2022-22721 (Critical)
A remote code execution vulnerability has been discovered in Windows when Microsoft Support Diagnostic Tool (MSDT) is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. CVE ID: CVE-2022-30190 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1664, CVE-2022-27406 (High), CVE-2021-46790 (Critical), CVE-2019-13050 (High)
Data breach/falsification and resource exhaustion vulnerability have been discovered in CAMS for HIS. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address multiple vulnerabilities in Subversion servers. The affected products are Ubuntu 22.04 LTS. CVE ID: CVE-2021-28544 (Medium), CVE-2022-24070 (High)
Red Hat has released security updates to address multiple vulnerabilities in several products. CVE ID: CVE-2022-1529 (Critical), CVE-2022-1802 (Critical)
Multiple vulnerabilities have been discovered in Keysight Technologies' equipment- N6854A Geolocation server and N6841A RF Sensor software. Successful exploitation of these vulnerabilities can allow an attacker to obtain arbitrary operating system files and execute arbitrary code. CVE ID: CVE-2022-1661 (High), CVE-2022-1660 (Critical)
Horner Automation has released a security update to resolve multiple vulnerabilities in Horner Automation's equipment- Cscape Csfont. Successful exploitation can cause the execution of arbitrary code by opening a malicious file. CVE ID: CVE-2022-27184 (High), CVE-2022-28690 (High), CVE-2022-29488 (High), CVE-2022-30540 (High)
Google has released updated Chrome 103 Beta channel 103.0.5060.24 & Dev channel 104.0.5083.0 for Windows, Mac and Linux, Beta channel 103.0.5060.22 (Platform version: 14816.25.0) for most ChromeOS devices and Chrome Dev 104 (104.0.5082.0) & Chrome Beta 103 (103.0.5060.22) for Android.
QNAP NAS has released security updates to address a Cross Site Request Forgery (CSRF) vulnerability in QNAP NAS running Proxy server that allows remote attackers to inject malicious code. CVE ID: CVE-2021-34360 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Citrix has released security updates to address multiple vulnerabilities in Citrix ADC and Citrix Gateway that can result in a Denial of Service (DoS). CVE ID: CVE-2022-27507 (Medium), CVE-2022-27508 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Red Hat has released security updates to address multiple vulnerabilities in several products. CVE ID: CVE-2018-25032 (High), CVE-2022-1271 (High), CVE-2022-1677 (Medium)
Google has released Chrome Dev 103 (103.0.5060.22) & Chrome 102 (102.0.5005.58, 102.0.5005.59) for Android, Chrome 102 stable channel 102.0.5005.61 for Mac and Linux, and Chrome 102 (102.0.5005.67) for iOS to resolve multiple vulnerabilities. CVE ID: CVE-2022-1853 (Critical)
An uncontrolled resource consumption vulnerability has been discovered in Rockwell Automation's equipment- Logix Controllers. Successful exploitation by an unauthorized user by sending malicious messages can cause Denial of Service (DoS) condition. The mitigations are available. CVE ID: CVE-2022-1797 (Medium)
An improper access control vulnerability has been discovered in Matrikon's equipment- Matrikon OPC Server. Successful exploitation can cause Remote Command Execution (RCE) with system-level privileges through the support of the IPersistFile COM interface. The mitigations are available. CVE ID: CVE-2022-1261 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
VMware has released a security update to address an XML External Entity (XXE) vulnerability in VMware Tools for Windows that can cause Denial of Service (DoS) condition or unintended information disclosure. The affected products are VMware Tools for Windows version 12.0.0, 11.x.y and 10.x.y. CVE ID: CVE-2022-22977 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released security updates and workarounds to resolve multiple vulnerabilities in its TCP Protocol Stack and Multiple FA Engineering software products. CVE ID: CVE-2021-20587 (High), CVE-2021-20588 (High), CVE-2020- 14521, CVE-2020-16226, CVE-2020-14496
Zyxel has released security updates to address multiple vulnerabilities in Zyxel firewalls, AP controllers and APs. CVE ID: CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve a vulnerability in Linux Kernel that can cause a Denial of Service (DoS) or a kernel information leak. CVE ID: CVE-2022-1280 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-1802 (Critical), CVE-2022-1529 (Critical)
Cisco has released security updates to resolve a vulnerability in the health check RPM of Cisco IOS XR software that can allow an unauthenticated, remote attacker to access the Redis instance that runs within the NOSi container. CVE ID: CVE-2022-20821 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security update to resolve SQL injection vulnerability in OpenLDAP. The affected products are Ubuntu 14.04 ESM & Ubuntu 16.04 ESM. CVE ID: CVE-2022-29155 (Critical)
Dell has released security updates for Dell EMC VxRail Appliance and Dell EMC Elastic Cloud Storage to resolve multiple third-party vulnerabilities that can be exploited by malicious users to compromise the affected system.
Google has released Chrome Beta 103 (103.0.5060.10) for iOS, Chrome Dev 103 (103.0.5060.13) for Android, and Dev channel 103.0.5060.13 for Windows, Mac and Linux.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in NETGEAR BR200 and BR500 routers that can be exploited if a user visits a malicious website or clicks a malicious link while accessing the router's management GUI. The mitigations are available.
WordPress has released a security update to resolve a Cross-Site Scripting (XSS) vulnerability in Google Tag Manager plugin for WordPress. The affected versions are Google Tag Manager versions up to and including 1.15. CVE ID: CVE-2022-1707 (Medium)
Apple has released security updates to address multiple vulnerabilities in iTunes for Windows. An attacker can exploit these vulnerabilities to take control of an affected device. CVE ID: CVE-2022-26751, CVE-2022-26711, CVE-2022-26774, CVE-2022-26773, CVE-2022-26717
BIND has released security update to address an assertion failure vulnerability. The affected products are BIND 9.18.0 -9.18.2 and 9.19.0 of the BIND 9.19 development branch. CVE ID: CVE-2022-1183 (High)
VMware has released security updates to resolve authentication bypass and local privilege escalation vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22972 (Critical), CVE-2022-22973 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1736, CVE-2022-1183, CVE-2016-7947 (Critical), CVE-2016-7948 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to resolve critical vulnerabilities in Dell Technologies PowerProtect Data Domain and Dell EMC Enterprise Hybrid Cloud. CVE ID: CVE-2022-24422 (Critical), CVE-2022-22972 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Stack-based buffer overflow vulnerability has been discovered in Circutor's equipment- COMPACT DC-S BASIC. Successful exploitation can cause Remote Code Execution (RCE). CVE ID: CVE-2022-1669 (Medium)
Wordfence has released a security update to resolve unauthenticated SQL Injection vulnerability in RSVPMaker plugin for WordPress. The affected versions are RSVPMaker versions up to and including 9.3.2. CVE ID: CVE-2022-1768 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
An integer overflow vulnerability has been discovered in Spring by VMware. The affected products are Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and older unsupported versions. The mitigations are available. CVE ID: CVE-2022-22976 (Medium)
Zoom has released security updates to resolve multiple vulnerabilities in Zoom Client for Meetings affecting several platforms. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22787 (Medium), CVE-2022-22786 (High), CVE-2022-22785 (Medium), CVE-2022-22784 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released security updates to address multiple Denial-of-Service (DoS) vulnerabilities in the MELSEC iQ-F series CPU module. CVE ID: CVE-2022-25161 (High), CVE-2022-25162 (Medium)
Synology has released security updates for Synology Calendar to address a vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Synology Calendar.
Apple has released security updates to resolve vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
NVIDIA has released security updates to resolve multiple vulnerabilities in the NVIDIA GPU Display Driver which can lead to Denial of Service(DoS), information disclosure, or data tampering.
Spring has released security updates to address an authorization bypass vulnerability in RegexRequestMatcher. The affected products are Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions. CVE ID: CVE-2022-22975 (High)
Dell has released security updates for Dell EMC RecoverPoint to address multiple vulnerabilities that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2021-4034, CVE-2021-44832
A vulnerability has been discovered in Apache Tomcat 9.0.0.M1 to 9.0.20, Apache Tomcat 8.5.0 to 8.5.75. An attacker can exploit this vulnerability to obtain sensitive information. The mitigations are available. CVE ID: CVE-2022-25762 (High)
Delta Electronics has released a security update to address stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics' equipment- CNCSoft. Successful exploitation can allow arbitrary code execution or information disclosure. CVE ID: CVE-2022-1405 (High), CVE-2022-1404 (Low)
Inkscape has released a security update to address multiple vulnerabilities in its product Inkscape Version 0.91. Successful exploitation of these vulnerabilities can allow unauthorized information disclosure and code execution. CVE ID: CVE-2021-42700 (Low), CVE-2021-42702 (Low), CVE-2021-42704 (High)
Cambium Networks has released security updates to address multiple vulnerabilities in Cambium Networks' equipment- cnMaestro. Successful exploitation can cause Remote Code Execution (RCE), sensitive data exfiltration and complete takeover of the main multi-tenant cloud infrastructure. CVE ID: CVE-2022-1357 (Critical), CVE-2022-1358 (Medium), CVE-2022-1361 (High), CVE-2022-1360 (High), CVE-2022-1362 (Medium), CVE-2022-1359 (Medium), CVE-2022-1356 (High)
Zyxel has released security updates to address an OS command injection vulnerability in its products. A command injection vulnerability in the CGI program of some firewall versions can allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. CVE ID: CVE-2022-30525
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve multiple vulnerabilities in several products.
CVE ID: CVE-2022-20770 (High), CVE-2022-20771 (High), CVE-2022-20785 (High), CVE-2022-20792, CVE-2022-20796 (Medium)
It has been discovered that Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user can exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. CVE ID: CVE-2022-24417 (High), CVE-2022-24418 (High)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20681 (High), CVE-2022-20677 (Medium), CVE-2022-20718 (Medium), CVE-2022-20719 (Medium)
Google has released Chrome Dev 103 (103.0.5055.0) for Android, Dev channel 103.0.5056.0 for Linux and Mac, 103.0.5057.3 for Windows, Stable channel 101.0.4951.67 for Windows, Chrome Beta 102 (102.0.5005.50) for iOS and Android.
Mitsubishi Electric has released security update to address multiple vulnerabilities discovered in the Open Source Software (OSS) used by VisualSVN Server of Mitsubishi Electric's equipment- MELSOFT iQ AppPortal. Exploitation of these vulnerabilities can allow attacker to disclose or tamper with information within the product, cause a Denial of Service (DoS) conditions or execute malicious programs. CVE ID: CVE-2020-13938 (Medium), CVE-2021-26691 (Critical), CVE-2021-34798 (High), CVE-2021-3711 (Critical), CVE-2021-44790 (Critical), CVE-2022-22720 (Critical), CVE-2022-23943 (Critical), CVE-2022-0778 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Spring has released security updates to resolve multiple denial of service vulnerabilities discovered in various Spring products. CVE ID: CVE-2022-22971 (Medium), CVE-2022-22970 (Medium)
HP has released security updates to mitigate multiple vulnerabilities discovered in the BIOS (UEFI Firmware) for certain HP PC products, which can allow arbitrary code execution. CVE ID: CVE-2021-3808 (High), CVE-2021-3809 (High)
Dell has released security update to address a Reflected Cross-Site Scripting vulnerability in the Unisphere UI of Dell Unity, Dell UnityVSA, and Dell UnityXT. Exploitation of this vulnerability can lead to information disclosure, session theft, or client-side request forgery. CVE ID: CVE-2022-29091 (Medium)
SUSE has released security updates to resolve multiple vulnerabilities in several products. CVE ID: CVE-2021-28688 (Medium), CVE-2021-39713 (Critical), CVE-2022-1011 (High), CVE-2022-0330 (High), CVE-2022-1158
Multiple vulnerabilities have been discovered in the firmware and libraries utilized by RAD-ISM-900-EN-BD devices of Phoenix Contact. These vulnerabilities can allow an attacker to execute arbitrary shell commands and/or upload arbitrary files to the device with root privileges. The family of RAD-ISM-900-EN-BD devices is end of life and will not receive updates anymore.
CVE ID: CVE-2022-29897 (Critical), CVE-2022-29898 (Critical)
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A spoofing vulnerability has been discovered in the Windows Local Security Authority (LSA). An unauthenticated attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. CVE ID: CVE-2022-26925 (High)
Hitachi Energy has released security update to address multiple vulnerabilities in Hitachi Energy's equipment- TXpert Hub CoreTec 4. An attacker can exploit these vulnerabilities to take control of the system node. CVE ID: CVE-2021-3156 (High), CVE-2021-35530 (Medium), CVE-2021-35531 (Medium), CVE-2021-35532 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Intel has released security updates to address multiple vulnerabilities in its products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
Google has released updated Extended Stable channel 100.0.4896.160 for Windows and Mac, and Stable channel 101.0.4951.64 for Windows, Mac and Linux to resolve multiple vulnerabilities. CVE ID: CVE-2022-1633 (High), CVE-2022-1634 (High), CVE-2022-1635 (High), CVE-2022-1636 (High), CVE-2022-1637 (High), CVE-2022-1638 (High), CVE-2022-1639 (High), CVE-2022-1640 (High), CVE-2022-1641 (Medium)
Microsoft has released security updates to address a Remote Code Execution vulnerability in Windows LDAP. An unauthenticated attacker can send a specially crafted request to a vulnerable server. Successful exploitation can result in the attacker's code running in the context of the SYSTEM account. CVE ID: CVE-2022-29130 (Critical)
Microsoft has released security updates to address a Remote Code Execution vulnerability in Windows LDAP. An unauthenticated attacker can send a specially crafted request to a vulnerable server. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Successful exploitation can result in the attacker's code running in the context of the SYSTEM account. CVE ID: CVE-2022-22012 (Critical)
Microsoft has released security updates to address a Remote Code Execution vulnerability in Windows Network File System. This vulnerability can be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution. CVE ID: CVE-2022-26937 (Critical)
Microsoft's Windows 11 Update KB5012643 appears to affect some .NET Framework 3.5 apps. The affected apps are using certain optional components in .NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components. Microsoft has released workaround to mitigate the issue.
Mitsubishi Electric has released security updates to resolve multiple vulnerabilities in MELSOFT GT OPC UA Client and Wireless Communication Standards IEEE 802.11.
Microsoft has released a security update to address a remote code execution vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was discovered in the third-party ODBC data connector used to connect to Amazon Redshift in Azure Data Factory Integration Runtime (IR) and Azure Synapse Pipelines. A remote attacker can exploit this vulnerability to take control of an affected system. CVE ID: CVE-2022-29972
It has been discovered that the uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predictable DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.
Ubuntu has released security update to address an use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker can use this vulnerability to crash DBus that can result in a denial of service. CVE ID: CVE-2020-35512 (High)
Google Chrome has released Chrome 101 (101.0.4951.61) for Android and Stable channel 101.0.4951.59 (Platform version: 14588.98.0) for most Chrome OS devices to resolve multiple vulnerabilities. CVE ID: CVE-2022-1633 (High), CVE-2022-1634 (High), CVE-2022-1635 (High), CVE-2022-1636 (High), CVE-2022-1637 (High), CVE-2022-1638 (High), CVE-2022-1639 (High), CVE-2022-1640 (High), CVE-2022-1641 (High)
Foxit has released Foxit PDF Reader 11.2.2 and Foxit PDF Editor 11.2.2 to resolve multiple vulnerabilities in Foxit PDF Reader 11.2.1.53537 and earlier versions, Foxit PDF Editor 11.2.1.53537 and all previous 11.x versions, 10.1.7.37777 and earlier versions.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Solana rBPF is affected by Incorrect Calculation vulnerability which is caused by improper implementation of sdiv instruction. This vulnerability can lead to the wrong execution path, which can result in huge loss in specific cases. CVE ID: CVE-2022-23066 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that due to a vulnerability in the yank action, any RubyGems.org user can remove and replace certain gems even if that user was not authorized to do so. CVE ID: CVE-2022-29176 (Critical)
It has been discovered that multiple Tecson Tankspion and GOKs SmartBox products have been affected by a vulnerability that does not properly restrict access to an endpoint which is responsible for saving settings, to an unauthenticated user with limited access rights. CVE ID: CVE-2019-12254 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Cron. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2019-9706 (Medium), CVE-2019-9705 (Medium), CVE-2017-9525 (Medium), CVE-2019-9704 (Medium)
It has been observed that Lazarus Group famous for cryptocurrency theft is widening its scope into using ransomware strain VHD in the Asia-Pacific (APAC) region. Their tactics include spear-phishing emails as well as the use of fake mobile applications.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Johnson Controls has released security updates to resolve a vulnerability in all Metasys ADS/ADX/OAS 10 and 11 versions. Under certain circumstances, an authenticated user can lock other users out of the system or take over their accounts. CVE ID: CVE‐2022‐21934
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20777 (Critical), CVE-2022-20779 (High), CVE-2022-20780 (High), CVE-2022-20796 (Medium), CVE-2022-20785 (Medium), CVE-2022-20770 (Medium), CVE-2022-20771 (Medium), CVE-2022-20734 (Medium), CVE-2022-20799 (Medium), CVE-2022-20801 (Medium), CVE-2022-20753 (Medium), CVE-2022-20764 (Medium), CVE-2022-20794 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released a security update to address multiple vulnerabilities in Dell EMC NetWorker vProxy. The affected versions are Dell EMC NetWorker vProxy 4.3.0-17 and earlier.
Drupal has released security updates to address multiple vulnerabilities in various Drupal modules. Drupal will not support the Duo Two-Factor Authentication module anymore.
Missing Authentication for Critical Function vulnerability has been discovered in BIG-IP. This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. CVE ID: CVE-2022-1388 (Critical)
Multiple heap overflow vulnerabilities have been discovered in several Aruba products. Successful exploitation of these vulnerabilities can result in the ability to execute arbitrary code. The updates are available. CVE ID: CVE-2022-23676 (Critical), CVE-2022-23677 (Critical)
Cisco has released security updates to address a privilege escalation vulnerability in the web services interface for remote access VPN features in multiple versions of Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software. CVE ID: CVE-2022-20759 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Yokogawa equipment's- CENTUM and ProSafe-RS which can allow leakage/tampering of data, cause a Denial-of-Service (DoS) condition, or allow a local attacker to execute arbitrary programs. The mitigations are available. CVE ID: CVE-2022-27188 (Medium), CVE-2022-26034 (Medium), CVE-2019-0203 (High), CVE-2018-11782 (Medium), CVE-2015-0248 (Medium)
Wordfence has released a security update to resolve a Cross-Site Scripting (XSS) vulnerability in WP JS plugin for WordPress. The affected versions are WP JS versions up to and including 2.0.6. CVE ID: CVE-2022-1567 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Firefox 100 and Firefox ESR 91.9. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-29914 (High), CVE-2022-29909 (High), CVE-2022-29916 (High), CVE-2022-29911 (High), CVE-2022-29912 (High), CVE-2022-29910 (High), CVE-2022-29915 (High), CVE-2022-29917 (High), CVE-2022-29918 (High)
Moxa has released security updates to address Remote Code Execution (RCE) vulnerability in Moxa's equipment- MXview series. An attacker with local privilege can gain system privilege and execute arbitrary code via a crafted module.
OpenSSL has released security updates to address multiple vulnerabilities in its products. CVE ID: CVE-2022-1473 (Low), CVE-2022-1434 (Low), CVE-2022-1343, CVE-2022-1292
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities related to open-source software have been observed in Hitachi Energy Gateway Station (GWS) and Hitachi Energy FACTS Control Platform (FCP) Products. Successful exploitations can eavesdrop on traffic between a network source and destination, gain unauthorized access to information, or cause a Denial-of Service (DoS).
Missing authentication for critical function vulnerability has been discovered in multiple version of TRUMPF TruTops Boost, TruTops Fab & TruTops Monitor products. Execution of this function can result in unauthorized access to change of data or disruption of the whole service. CVE ID: CVE-2022-1300 (Critical)
Ubuntu releases security update to resolve vulnerability in libinput of Ubuntu 22.04 LTS which caused libinput to crash or expose sensitive information.
Red Hat has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released security updates to resolve multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1215
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
Wordfence has released security updates to resolve a vulnerability in Ultimate Member plugin in WordPress. The affected versions are Ultimate Member plugin versions up to and including 2.3.1. CVE ID: CVE-2022-1209 (Medium)
CISCO has released security updates to resolve Spring Framework vulnerability in its products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22965 (Critical)
Tychon has released a security update to resolve a privilege escalation vulnerability due to the use of an OPENSSLDIR variable which can cause arbitrary code execution with system privileges. CVE ID: CVE-2022-26872
A privilege escalation vulnerability has been discovered in Windows software that uses Qt versions prior to 5.14. The update is available. CVE ID: CVE-2022-26873
NVIDIA has released a software update for the Windows versions of Omniverse Nucleus and Omniverse Cache to address a security issue that may lead to arbitrary code execution, impacting confidentiality, integrity, and availability. CVE ID: CVE-2022-28198
Dell EMC NetWorker remediation is available for multiple security vulnerabilities. These vulnerabilities may be exploited by malicious actors to compromise the affected system. CVE ID: CVE-2022-29082
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20714 (High), CVE-2022-20743 (High), CVE-2022-20740 (Medium)
Google Chrome has released updated Chrome Dev 103 (103.0.5028.0) for Android, Beta channel Chrome 102.0.5005.27 for Windows, Mac and Linux, Dev channel 103.0.5028.0 for Windows, Linux, and Mac, Chrome Beta 102 (102.0.5005.26) for Android, and LTS channel 96.0.4664.207 (Platform Version: 14268.82.0) for most ChromeOS devices to resolve multiple vulnerabilities. CVE ID: CVE-2022-1312 (High), CVE-2022-1308 (High), CVE-2022-1311 (High), CVE-2022-1125 (High), CVE-2022-1139 (Medium), CVE-2022-1364 (High)
Wordfence has released security updates to resolve an arbitrary file deletion vulnerability in All-in-One WP Migration plugin. The affected versions are All-in-One WP Migration versions up to and including 7.58. CVE ID: CVE-2022-1476 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Johnson Controls has released security updates to address a vulnerability that impacts Metasys ADS/ADX/OAS Servers. Under certain circumstances an authenticated user can elevate their privileges to Administrator. CVE ID: CVE‐2021‐36207
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in that allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM). Fixes are available for some products. CVE ID: CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125
Microsoft has released security updates to address a vulnerability in Azure Database for PostgreSQL Flexible Server that can result in unauthorized cross-account database access in a region.
A vulnerability has been discovered in Oracle Communications Billing and Revenue Management, a product of Oracle Communications Applications, which can cause an unauthenticated attacker with network access via TCP to compromise it. The affected versions are 12.0.0.4 and 12.0.0.5. CVE ID: CVE-2022-21431 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Zoom, affecting several platforms. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available. CVE ID: CVE-2022-22783 (High), CVE-2022-22782 (High), CVE-2022-22781 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
HP has released security updates for Teradici PCoIP Software and Firmware that remediate vulnerabilities discovered in libexpat prior to version 2.4.7. CVE ID: CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2021-45960 (High), CVE-2022-22825 (High), CVE-2022-22826 (High), CVE-2022-22827 (High), CVE-2021-46143 (High)
Philips has released security updates to resolve multiple vulnerabilities in several products. CVE ID: CVE-2022-26809 (Critical), CVE-2022-26784(Medium)
Huawei has released a security update to address a buffer overflow vulnerability in Huawei product. Successful exploitation of this vulnerability can lead to privilege escalation. CVE ID: CVE-2022-29797 (Critical)
ASUS has released a security update to resolve multiple vulnerabilities in ASUS RT-AX88U firmware. It is recommended that users update to the 3.0.0.4.386.46065 or newer version. CVE ID: CVE-2022-26673 (Medium), CVE-2022-26674 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has discovered multiple vulnerabilities, collectively referred to as Nimbuspwn, that can allow an attacker to elevate privileges to root on many Linux desktop endpoints. These vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. The updates are available. CVE ID: CVE-2022-29799 (High), CVE-2022-29800 (High)
Cisco has released security updates to resolve Denial of Service (DoS) vulnerability in the Modbus preprocessor of the Snort detection engine. This vulnerability affects all open source Snort project releases earlier than Release 2.9.19 and Release 3.1.11.0. CVE ID: CVE-2022-20685 (High)
Dell has released a security update to address an authentication bypass vulnerability in Dell SupportAssist OS Recovery, which can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2022-26865 (Medium)
NVIDIA has released security updates to resolve multiple vulnerabilities in its JetPack Software Development Kit (SDK) which can cause Denial of Service (DoS), escalation of privileges, and may impact data integrity and confidentiality. CVE ID: CVE-2022-28193 (High), CVE-2022-28194 (High), CVE-2022-28195 (Medium), CVE‑2022-28196 (Medium), CVE-2022-28197 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Wordfence has released a security update to resolve SQL Injection vulnerability in WordPress' RSVPMaker Plugin. The affected versions are WP RSVPMaker Plugin versions up to and including 9.2.5. CVE ID: CVE-2022-1453 (Critical)
Mitsubishi Electric has released security updates to resolve Denial-of-Service (DoS) vulnerability for some MELSEC series and MELIPC series products. CVE ID: CVE-2021-20609 (High), CVE-2021-20610 (High), CVE-2021-20611 (High)
A Remote Code Execution (RCE) vulnerability has been discovered in Apache CouchDB prior to 3.2.2 that can cause access to an improperly secured default installation without authentication and can gain admin privileges. CVE ID: CVE-2022-24706 (Critical)
An authentication bypass vulnerability has been discovered in ThinVNC version 1.0b1 that can cause code execution on the server by sending keyboard or mouse events to the server. CVE ID: CVE-2022-25226 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-24765 (High), CVE-2022-23451, CVE-2022-23452
IBM has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Netatalk versions prior to Netatalk 3.1.13. These vulnerabilities affect the QNAP operating system. CVE ID: CVE-2021-31439 (High), CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124,CVE-2022-23125, CVE-2022-0194
SUSE has released security updates to resolve multiple vulnerabilities in Linux Kernel. CVE ID: CVE-2022-1011 (High), CVE-2022-1016, CVE-2021-39713 (Critical), CVE-2022-0886
Wordfence has released security updates to resolve an Information Disclosure vulnerability in WordPress' Metform Elementor Contact Form Builder Plugin. The affected versions are WP Metform Elementor Contact Form Builder Plugin versions up to and including 2.1.3. CVE ID: CVE-2022-1442 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. CVE ID: CVE-2022-26674 (Critical)
It has been discovered that Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. Users of affected versions are recommended to upgrade to Spring Security OAuth above version 2.5.2. CVE ID: CVE-2022-22969 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Delta Electronics has released security update to address Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics' equipment- ASDA-Soft. Successful exploitation of these vulnerabilities can allow arbitrary code execution. CVE ID: CVE-2022-1402 (High), CVE-2022-1403 (High)
Johnson Controls has released security update to address Server-side Request Forgery vulnerability that impacts Metasys System Configuration Tool (SCT) and System Configuration Tool Pro (SCT Pro). A remote unauthenticated attacker can identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. CVE ID: CVE‐2021‐36203 (Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-43975 (Medium), CVE-2022-0617 (Medium), CVE-2022-24448 (Low), CVE-2022-24959 (Medium)
Google has released updated Chrome Dev 102 (102.0.5005.9) for Android, Dev channel 102.0.5005.6 (Platform version: 14695.11.0) for most ChromeOS devices, Beta channel 101.0.4951.41 (Platform version: 14588.67.0) for most ChromeOS devices, Dev channel 102.0.5005.12 for Linux, Mac and 102.0.5005.12/13 for Windows.
Memcached poisoning with unauthenticated request vulnerability has been discovered in Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0. It allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands become unescaped, causing an overwrite of arbitrary cached entries. CVE ID: CVE-2022-27924 (High)
Jira has released security update to address an authentication bypass vulnerability in Jira and Jira Service Management's web authentication framework. A remote, unauthenticated attacker can exploit this vulnerabiltiy by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration. CVE ID: CVE-2022-0540 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20732 (High), CVE-2022-20773 (High), CVE-2022-20783 (High), CVE-2022-20778 (Medium), CVE-2022-20795 (Medium), CVE-2022-20805 (Medium), CVE-2022-20790 (Medium), CVE-2022-20804 (Medium), CVE-2022-20787 (Medium), CVE-2022-20786 (Medium), CVE-2022-20788 (Medium), CVE-2022-20789 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Drupal has released security update to address an access bypass vulnerability in Drupal core. This vulnerability only affects sites using Drupal's revision system.
Google has released updated Chrome Beta 101 (101.0.4951.41) for Android, Chrome Beta 102 (102.0.5005.7) for iOS, and Beta channel 101.0.4951.41 for Windows, Mac and Linux.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Apache HTTP Server that affects QNAP NAS. CVE ID: CVE-2022-22721 (Critical), CVE-2022-23943 (Critical)
A data validation vulnerability has been discovered in Mitel Service Appliance component of MiVoice Connect, which can allow a malicious actor to perform Remote Code Execution (RCE) within the context of the Service Appliance. The remediation is available. CVE ID: CVE-2022-29499 (Critical)
Lenovo has released security updates to address multiple BIOS vulnerabilities in Lenovo Notebook that can lead to Privilege escalation vulnerability. CVE ID: CVE-2021-3970, CVE-2021-3971, CVE-2021-3972
Interlogix has released security update to address Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerabilities in Interlogix's equipment- Hills ComNav. Successful exploitation of these vulnerabilities can allow an attacker to log in to modify the system. CVE ID: CVE-2022-26519 (Medium), CVE-2022-1318 (Medium)
Automated Logic has released security update to address an Open Redirect vulnerability in Automated Logic's equipment- WebCtrl Server. Successful exploitation of this vulnerability can allow an attacker to redirect the user to a malicious webpage or to download a malicious file. CVE ID: CVE-2022-1019 (Medium)
Cisco has released security update to address a vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software. This vulnerability can allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. CVE ID: CVE-2022-20758 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security update to resolve a covert timing channel vulnerability in Dell BSAFE SSL-J that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2022-24409 (Medium)
Oracle has released its critical patch update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-21445 (Critical), CVE-2022-21431 (Critical), CVE-2022-21420 (Critical), CVE-2022-23305 (Critical), CVE-2018-1285 (Critical), CVE-2021-40438 (Critical), CVE-2022-22965 (Critical), CVE-2021-39275 (Critical), CVE-2021-3711 (Critical)
Elcomplus has released security update to address Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus's equipment- SmartPPT. An attacker can exploit these vulnerabilities to take control of an affected device. CVE ID: CVE-2021-43932 (Critical), CVE-2021-43939 (High), CVE-2021-43934 (Critical), CVE-2021-43930 (Medium)
Elcomplus has released security update to address Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in Elcomplus's equipment- SmartPPT SCADA Server. An attacker can exploit these vulnerabilities to take control of an affected device. CVE ID: CVE-2021-43932 (Critical), CVE-2021-43938 (High), CVE-2021-43934 (Critical), CVE-2021-43930 (Critical), CVE-2021-43937 (High)
An integer overflow or wraparound vulnerability has been discovered in in multiple Real-Time Operating Systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities can result in unexpected behavior such as a crash or a Remote Code Execution (RCE)/injection. The security update are available for some products. CVE ID: CVE-2021-3420 (Critical), CVE-2021-22156 (Critical)
It has been discovered that Siemens products are affected by Spring Framework vulnerability. Security updates are available for some products. CVE ID: CVE-2022-22965 (Critical)
Hitachi Energy has released security update to address a vulnerability in the HCI Modbus TCP function of the RTU500 series providing support for Modbus TCP slave functionality. An attacker can exploit this vulnerability only on RTU500 series in which HCI Modbus TCP is configured and enabled by project configuration. CVE ID: CVE-2022-28613 (High)
Ubuntu has released security updates to address several vulnerabilities in klibc. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-31870 (Critical), CVE-2021-31872 (Critical), CVE-2021-31873 (Critical), CVE-2021-31871 (High)
Dell has released security update to resolve SharpZipLib vulnerability in Dell EMC Log Scrubber that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2021-32840 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security update to resolve buffer overflow vulnerability in IPsec ESP transformation code in Linux Kernel. CVE ID: CVE-2022-27666 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released security update for LTS channel 96.0.4664.206 (Platform Version: 14268.81.0) for most ChromeOS devices. CVE ID: CVE-2022-1131 (High), CVE-2022-1141 (Medium), CVE-2022-1142 (Medium), CVE-2022-1145 (Medium), CVE-2022-1143 (Medium), CVE-2022-1144 (Medium)
An Incomplete Cleanup vulnerability has been discovered in Johnson Controls' equipment- Metasys ADS/ADX/OAS Servers. Successful exploitation of this vulnerability can allow a remote attacker to use a session token that has not been cleared upon log out of an authenticated user. The mitigations are available. CVE ID: CVE-2021-36205 (High)
Delta Electronics has released security update to address an Improper Restriction of XML External Entity Reference vulnerability discovered in Delta Electronics' equipment- DMARS, a Motion Controller program development tool. Successful exploitation of this vulnerability can allow an attacker to gain sensitive information. CVE ID: CVE-2022-1331 (Medium)
An information exposure vulnerability has been discovered in the Palo Alto Networks Cortex XDR agent that enables a local user to learn the cryptographic hash of the supervisor password when generating support files on a deployed agent. The Palo Alto Networks has also identified a technique that enables a local administrator to tamper with the Windows registry to disable the Cortex XDR agent on devices running a Windows operating system.
Wordfence has released security updates to resolve a Cross-Site Request Forgery vulnerability in WordPress' Fancy Product Designer Plugin. The affected versions are WP Fancy Product Designer Plugin versions up to and including 4.7.5. CVE ID: CVE-2021-4096 (High)
Schneider Electric has released a security bulletin that includes a range of technical analytics, hunting tools, and specific mitigations to help asset owners find and defend against the framework. The mitigations are available.
CODESYS has released a advisory for all CODESYS V3 products that can be targeted and have a communication server for the CODESYS protocol or for OPC UA. The mitigations are available.
VMware has released security updates and workarounds to resolve a remote code execution vulnerability in VMware Cloud Director. CVE ID: CVE-2022-22966 (Critical)
Multiple vulnerabilities have been discovered in Red Lion's equipment- DA50N. Successful exploitation of these vulnerabilities can result in data compromise, data modification, and a denial-of-service condition. Red Lion notes the DA50N series product is at end-of-life and does not intend to release a software update to address these vulnerabilities. Users are encouraged to apply workarounds and mitigations or upgrade their device to DA50A and DA70A. CVE ID: CVE-2022-26516 (High), CVE-2022-1039 (Critical), CVE-2022-27179 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Juniper Networks has released security update to address multiple vulnerabilities in Junos OS Evolved. These vulnerabilities affects all versions of Junos OS Evolved. CVE ID: CVE-2022-22195 (High)
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Valmet has released security update to address an Inadequate Encryption Strength vulnerability in Valmet's equipment- DNA, a distributed control system. Successful exploitation of this vulnerability can allow an attacker to execute commands remotely with system privileges. CVE ID: CVE-2021-26726 (High)
Inductive Automation has released security update to address Path Traversal vulnerability in Inductive Automation's equipment- Ignition. Successful exploitation of this vulnerability can allow an authenticated attacker with network access to execute code by uploading a malicious zip file. CVE ID: CVE-2022-1264 (Medium)
Citrix has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-27505, CVE-2022-27506, CVE-2022-27503, CVE-2021-44519, CVE-2021-44520, CVE-2022-26151, CVE-2022-21827
Microsoft has released security updates to address a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker can exploit this vulnerability to take control of an affected system. CVE ID:CVE-2022-26809 (Critical)
Microsoft has released security updates to address Remote Code Execution vulnerability in Windows Network File System. An attacker can send a specially crafted NFS protocol network message to a vulnerable Windows machine, which can enable remote code execution. This CVE ID is unique from CVE-2022-24497. CVE ID:CVE-2022-24491 (Critical)
Aethon has released security update to address Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting vulnerabilities in Aethon's equipment- TUG Home Base Server. Successful exploitation of these vulnerabilities can cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information. CVE ID:CVE-2022-1066 (High), CVE-2022-26423 (High), CVE-2022-1070 (Critical), CVE-2022-27494 (High), CVE-2022-1059 (High)
Schneider Electric's has released security updates and mitigations to resolve multiple vulnerabilities in its products. CVE ID:CVE-2022-24324 (Critical)
Apache has released security updates to resolve Remote Code Execution (RCE) vulnerability in Struts versions 2.0.0 - 2.5.29. An attacker can exploit this vulnerability to take control of an affected system. CVE ID:CVE-2021-31805
Adobe has released security updates to address several vulnerabilities in multiple products . Successful exploitation of these vulnerabilities can lead to arbitrary code execution, memory leaks, security feature bypass and privilege escalation.
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Zyxel has released a security update to address a local privilege escalation vulnerability in its AP Configurator. CVE ID:CVE-2022-26413 (High), CVE-2022-26414 (Medium), CVE-2022-0556 (High)
HP has released security updates to resolve multiple vulnerabilities in several products. The affected products are PCoIP Client, PCoIP Client SDK & PCoIP Graphics Agent of Windows, Linux & macOS.
Google has released updated Chrome 100 (100.0.4896.85) for iOS, Stable channel 100.0.4896.88 for Windows, Mac and Linux and Chrome 100 (100.0.4896.88) for Android.
CISA has added 8 known actively exploited vulnerabilities in Firebox & XTM, Microsoft Active Directory, Google Pixel, Checkbox Survey, Linux Kernel, QNAP Network-Attached Storage and User Interface (UI) for ASP.NET AJAX into its Catalog. CVE ID:CVE-2022-23176(High), CVE-2021-42287(High), CVE-2021-42278(High), CVE-2021-39793(High), CVE-2021-27852(Critical), CVE-2021-22600 (High), CVE-2020-2509 (Critical), CVE-2017-11317 (Critical)
Debian has released security update to resolve multiple vulnerabilities in Thunderbird which can cause Denial of Service (DoS) or the execution of arbitrary code. CVE ID:CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
Dell has released security update to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in ABB Arctic Wireless Gateways. An attacker can exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. Mitigation is available. CVE ID:CVE-2022-0947
Zyxel has released security updates to resolve OS command injection and buffer overflow vulnerabilities in several models of DSL/Ethernet CPE & Fiber ONT. CVE ID:CVE-2022-26413, CVE-2022-26414
Multiple vulnerabiliies have been discovered in FANUC Corporation's equipment- ROBOGUIDE. Successful exploitation of these vulnerabilities can lead to data corruption in users PC. CVE ID:CVE-2021-38483, CVE-2021-43986, CVE-2019-43988, CVE-2019-43990, CVE-2019-43933
ASEA Brown Boveri (ABB) has released security update to address Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource Consumption vulnerabilities in ABB's equipment Symphony Plus SPIET800 and PNI800. Successful exploitation of these vulnerabilities can cause the affected device to become unresponsive, resulting in a denial-of-service condition and requiring manual reboot. CVE ID:CVE-2021-22285 (High), CVE-2021-22286 (High), CVE-2021-22288 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Palo Alto Networks has released security update to address an OpenSSL infinite loop vulnerability in its multiple products that can result in a Denial-of-Service (DoS) to the application.
Google has released updated Beta channel 101.0.4951.26 (Platform version: 14588.41.0) for most Chrome OS devices, Dev channel 102.0.4987.0 for Windows, Linux and Mac, Chrome Beta 101 (101.0.4951.26) for iOS, and Chrome Dev 102 (102.0.4989.0) for Android.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released a security update to address Denial of Service (DoS) and malicious code execution vulnerability due to heap-based buffer overflow in the DHCP client function of VxWorks on the MELSEC-Q Series C Controller Module. The affected product is VxWorks version 6.4. CVE ID:CVE-2021-29998 (Critical)
Red Hat has released a product enhancement advisory for Red Hat Advanced Cluster Security for Kubernetes (RHACS) which includes bug fixes and feature improvements.
Huawei has released security update to address an improper authentication vulnerability in some Huawei products. Successful exploitation of this vulnerability can lead to control of the victim device. CVE ID: CVE-2022-22259 (High)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID:CVE-2022-20781 (Medium), CVE-2022-20763 (Medium), CVE-2022-20774 (Medium), CVE-2022-20784 (Medium), CVE-2022-20741 (Medium), CVE-2022-20782 (Medium), CVE-2022-20675 (Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux Kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released updated Chrome Beta 101 (101.0.4951.26) for Android, LTS-96 96.0.4664.204 (Platform Version: 14268.79.0) for most ChromeOS devices and Beta channel 101.0.4951.26 for Windows, Mac and Linux. CVE ID:CVE-2022-0977 (High), CVE-2022-0974 (High), CVE-2022-0972 (High)
CODESYS has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID:CVE-2022-22519 (High), CVE-2022-22513 (High), CVE-2022-22514 (High), CVE-2022-22518 (Medium), CVE-2022-22517 (High), CVE-2022-22516 (High), CVE-2022-22515 (High)
It has been discovered that Apache Lucene used in IBM products are vulnerable to a Denial of Service (DoS) attack by sending a specific regular expression query. The affected products are IBM Business Automation Workflow V21.0, V20.0, V19.0 & V18.0 and IBM Business Process Manager V8.6 & V8.5. The remediation/ fixes are available.
Cisco has released security updates to address Remote Code Execution (RCE) vulnerabilities in Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ and Spring Cloud Function Framework. These RCE vulnerabilities are affecting several Cisco products. CVE ID:CVE-2022-22965 (Critical), CVE-2022-22963 (Critical)
Microsoft has released security updates to address Remote Code Execution vulnerability in Windows Network File System. An attacker can send a specially crafted NFS protocol network message to a vulnerable Windows machine, which can enable remote code execution. CVE ID:CVE-2022-24497 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 91.8. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID:CVE-2022-1097 (High), CVE-2022-28281 (High), CVE-2022-1197 (Medium), CVE-2022-1196 (Medium), CVE-2022-28282 (Medium), CVE-2022-28285 (Medium), CVE-2022-28286 (Medium), CVE-2022-28289 (High), CVE-2022-24713 (Low)
Patient Portal has released security update to address authentication bypass using alternate path or channel vulnerability in Patient Portal's LifePoint Informatics equipment. Successful exploitation of this vulnerability can disclose sensitive information, including HIPAA-protected PII. CVE ID:CVE-2022-1067 (Medium)
Rockwell Automation has released security update to address deserialization of untrusted data vulnerability in Rockwell Automation's ISaGRAF equipment. Successful exploitation of this vulnerability can allow arbitrary code execution. CVE ID:CVE-2022-1118 (High)
Citrix Hypervisor has released security updates to address a vulnerability in Citrix Hypervisor and Citrix XenServer that allow privileged code in a guest VM to cause the host to crash or become unresponsive. CVE ID:CVE-2022-26357
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available. CVE ID:CVE-2022-22410 (Low), CVE-2018-25031 (Medium), CVE-2021-46708 (Medium), CVE-2021-38966 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID:CVE-2021-42392 (Critical), CVE-2022-23221 (Critical), CVE-2022-24761 (High)
Dell has released security update to address plain-text password storage vulnerability in Dell EMC Repository Manager version 3.4.0. CVE ID: CVE-2022-26856 (High)
Google has released updated Chrome Beta channel 101.0.4951.19 (Platform version: 14588.31.0) for most Chrome OS devices, Stable channel 100.0.4896.75 for Windows, Mac and Linux, Extended Stable 100.0.4896.75 for Windows and Mac, and Chrome 100 (100.0.4896.77) for iOS. Google has also released security update to resolve Type Confusion vulnerability in Stable channel. CVE ID: CVE-2022-1232 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities in Spring Framework and Denial of Service (DoS) vulnerability in Linux Kernel are affecting several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for Linux Kernel. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22950 (Medium), CVE-2022-0516 (High)
Remote Code Execution (RCE) vulnerability in the Spring Framework has affected TP-Links' DPMS (DeltaStream PON Management System). The mitigation is available. CVE ID: CVE-2022-22965
VMware has released security updates and workarounds to resolve critical Remote Code Execution (RCE) vulnerability in Spring Framework Project. CVE ID: CVE-2022-22965 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux Kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
Debian has released security update to resolve Denial of Service (DoS) or execution of arbitrary code vulnerability in zlib. CVE ID: CVE-2018-25032 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-25299 (High)
HP has released security updates for Teradici PCoIP Graphics Agent for Windows, Linux & macOS and Teradici PCoIP Standard Agent for Windows & Linux. The affected products are Mongoose web server prior to version 7.6. CVE ID: CVE-2022-25299 (High)
Multiple vulnerabilities such as Remote Code Execution (RCE) and Denial of Service (DoS) vulnerabilities have been discovered in multiple Fortinet products. Security updates are available for some products. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22963 (High), CVE-2022-0778 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products. CVE ID: CVE-2022-0543 (Critical), CVE-2022-22950 (Medium), CVE-2022-0516 (High), CVE-2022-23308 (High), CVE-2022-23710 (Medium)
Remote Code Execution vulnerabilities in Spring Framework / Spring Cloud Function are affecting Nutanix products. The updates are available. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22963 (Medium)
A code injection vulnerability has been discovered in Rockwell Automation's equipment, Studio 5000 Logix Designer, that may allow an attacker to download a modified program to the controller. CVE ID: CVE-2022-1159 (High)
Fuji Electric has released a security update to address multiple vulnerabilities in its equipment, Alpha5 that can allow an attacker to disclose sensitive information and execute arbitrary code. The affected products are Alpha5, all versions prior to 4.3. CVE ID: CVE-2022-21168 (Low), CVE-2022-21202 (Low), CVE-2022-24383 (High), CVE-2022-21228 (High), CVE-2022-21214 (High)
Wordfence has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in WordPress' WP YouTube Live Plugin. The affected versions are WP YouTube Live Plugin versions up to and including 1.7.21. CVE ID: CVE-2022-1187 (Medium)
Dell has released a security update to address an improper SMM communication buffer verification vulnerability in Dell PowerEdge products, which can cause arbitrary writes or Denial of Service (DoS). CVE ID: CVE-2022-22558 (Medium)
Google has released updated Chrome Beta 101 (101.0.4951.15) for Android, Dev channel 102.0.4972.0 for Windows, Linux and Mac, Chrome 101.0.4951.15 Beta channel for Windows, Mac and Linux and Chrome Beta 101 (101.0.4951.17) for iOS.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
An inclusion of functionality from untrusted control sphere vulnerability has been discovered in Rockwell Automation's equipment Logix Controllers which can allow an attacker to modify user programs. The mitigations are available. CVE ID: CVE-2022-1161 (Critical)
General Electric Renewable Energy has released security updates to address multiple vulnerabilities in it's equipments MDS iNET/iNET II/SD/TD220/TD220MAX Radios. Successful exploitation of these vulnerabilities can allow an attacker to control the configuration of the radio, join the network without proper authorisation or keep valid users from using the system correctly. CVE ID: CVE-2017-17562 (Critical), CVE-2022-24119 (Critical), CVE-2022-24116 (High), CVE-2022-24118 (Medium), CVE-2022-24120 (Medium), CVE-2022-24117 (High)
An OpenSSL infinite loop vulnerability has been discovered in Palo Alto Networks multiple products that can result in a Denial-of-Service (DoS) to the application. CVE ID: CVE-2022-0778 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities such as authentication bypass, information disclosure and information tampering have been discovered in Mitsubishi Electric FA Products. Successful exploitation of these vulnerabilities can cause login to the products or the information in the products may be disclosed or tampered with. CVE ID: CVE-2022-25155 (Medium), CVE-2022-25156 (Medium), CVE2022-25157 (High), CVE-2022-25158 (High), CVE-2022-25159 (Medium), CVE-2022-25160 (Medium)
A zero day Remote Code Execution (RCE) vulnerability has been discovered in JAVA libraries two vectors SpringCore & Spring Cloud Function. CVE ID: CVE-2022-22963
Wordfence has released security updates to resolve an information disclosure vulnerability in Be POPIA Compliant WordPress plugin. The affected versions are Be POPIA Compliant versions up to and including 1.1.5. CVE ID: CVE-2022-1186 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in several products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Dell has released security update to address multiple vulnerabilities Dell EMC NetWorker Runtime Environment (NRE) and Dell EMC PowerProtect Data Manager..
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
A missing authentication for critical function vulnerability has been discovered in Philips' equipment e-Alert which allows an unauthorised actor to remotely shutdown the system, if healthcare facilities are on the network. The affected products are e-Alert version 2.7 and prior. CVE ID: CVE-2022-0922 (Medium)
An improper restriction of XML external entity reference vulnerability has been discovered in Rockwell Automation's equipment ISaGRAF which can allow an attacker to pass local file data to a remote web server, leading to loss of confidentiality. The updates and mitigations are available. CVE ID: CVE-2022-1018 (Medium)
Multiple vulnerabilities have been discovered in Omron's equipment CX-Position. Successful exploitation of these vulnerabilities when parsing an NCI file can allow code execution. The affected products are CX-Position versions 2.5.3 and prior. CVE ID: CVE-2022-26419 (High), CVE-2022-25959 (High), CVE-2022-26417 (High), CVE-2022-26022 (High)
Modbus Tools has released security update to resolve stack-based buffer overflow vulnerability in its equipment Modbus Slave. Successful exploitation of vulnerability can crash the application when inputting a registration key. The affected products are Modbus Slave versions 7.4.2 and prior. CVE ID: CVE-2022-1068 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can exploit these vulnerabilities to take control of an affected system.
An information disclosure vulnerability has been discovered in VMware vCenter Server & Cloud Foundation. The security updates are available. CVE ID: CVE-2022-22948 (Medium)
ASUS has released software update to resolve multiple vulnerabilities in the ASUS Control Center, an integrated management software. CVE ID: CVE-2022-26668, CVE-2022-26669
Google has released security update for Dev channel 101.0.4951.13 (Platform version: 14588.23.0) for most Chrome OS devices, Chrome 100 (100.0.4896.58) for Android, Stable channel Chrome 100.0.4896.60 for Windows, Mac and Linux, Dev channel 101.0.4951.15 for Windows, Linux and Mac, and Chrome 100 (100.0.4896.56) for iOS.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released security updates & mitigations to resolve Denial of Service (DoS) and Log4j vulnerabilities in MELSEC iQ-R, Q and L series CPU modules and SW1DNN-GN610SRC-M all versions prior to Ver.1.02C respectively. CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical), CVE-2021-45105 (Medium), CVE-2020-5652 (High)
Wordfence has released security updates to resolve Arbitrary File Download vulnerability in Simple File List WordPress plugin. The affected versions are Simple File List versions up to and including 3.2.7. The updated version 3.2.8 is available. CVE ID: CVE-2022-1119 (High)
Siemens has released work around & mitigation to resolve SegmentSmack vulnerability in Interniche IP-Stack based Industrial devices, SIMATIC S7-300 and S7-400 which can lead to a Denial-of-Service. CVE ID: CVE-2019-19300 (High)
Google has released updated Stable channel 99.0.4844.94 (Platform version: 14469.59.0) for most Chrome OS devices, and Beta channel 100.0.4896.60 for Mac, Windows and Linux.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
NVIDIA has released security update for NVIDIA CUDA Toolkit SDK to resolve an integer overflow vulnerability which may lead to code execution, Denial of Service (Dos), or information disclosure. CVE ID: CVE‑2022‑21821 (High)
Dell has released security update to address privilege escalation vulnerability in Dell Command | Update, Dell Update, and Alienware Update versions before 4.5. CVE ID: CVE-2022-24426 (High)
It has been discovered that unauthorized users have accessed Moxa’s products by using the default password. Moxa reminds all users to change all default passwords immediately to enhance the security of their devices.
Google has released security update for Chrome 99 (99.0.4844.88) for Android, Extended Stable channel 98.0.4758.141 for Windows and Mac, Stable channel 99.0.4844.84 for Windows, Mac and Linux, and Chrome Beta 101 (101.0.4951.8) for iOS. CVE ID: CVE-2022-1096 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The products affected with critical vulnerabilities are PHP versions 7.4.x prior to 7.4.28, 8.0.x prior to 8.0.16, and 8.1.x prior to 8.1.3 & NPM url-parse versions prior to 1.5.9. CVE ID: CVE-2021-21708 (Critical), CVE-2022-0686 (Critical), CVE-2022-0691 (Critical)
Sophos has released workaround & remediation to resolve an authentication bypass vulnerability in the User Portal and Webadmin of its Firewall. The affected products are Sophos Firewall v18.5 MR3 (18.5.3) and older. CVE ID: CVE-2022-1040 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in OpenShift GitOps 1.4. CVE ID: CVE-2022-1025, CVE-2022-24730 (High), CVE-2022-24731 (Medium)
SonicWall has released security updates to address a stack-based buffer overflow vulnerability in SonicOS HTTP version via HTTP request that allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. The affected versions are SonicOS Gen 6 and Gen 7 firmware versions. CVE ID: CVE-2022-22274 (Critical)
mySCADA has released security updates to address command injection vulnerability in mySCADA's myPRO. Successful exploitation of this vulnerability can allow arbitrary operating system commands injection.
CVE ID: CVE-2022-0999 (High)
Yokogawa has released security updates to address multiple vulnerabilities in its CENTUM and Exaopc equipment's. Successful exploitation can suppress the alarms, read or write files, crash the server or execute arbitrary code.
CVE ID: CVE-2022-21194 (High), CVE-2022-23402 (High), CVE-2022-21808 (High), CVE-2022-22729 (High), CVE-2022-22151 (Medium), CVE-2022-21177 (Medium), CVE-2022-22145 (Medium), CVE-2022-22148 (High), CVE-2022-22141 (Medium), CVE-2022-23401 (High)
Google has released security update for Chrome Beta 100 (100.0.4896.56) for Android, Beta channel 100.0.4896.54 (Platform version: 14526.43.0) for most Chrome OS devices and Beta channel 100.0.4896.56 for Mac, Windows and Linux.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-4090 (High), CVE-2022-23235 (Low)
Debian has released security update to address a vulnerability in php-twig that allow a malicious user to execute arbitrary code.
CVE ID: CVE-2022-23614 (Critical)
VMware has released security updates to resolve OS command injection and file upload vulnerabilities in VMware Carbon Black App Control which can cause Remote Code Execution (RCE). CVE ID: CVE-2022-22951 (Critical), CVE-2022-22952 (Critical)
Cisco has released security updates to address a vulnerability in Cisco NX-OS Software for Cisco Nexus 9000 Series Switches which can cause dropping of Bidirectional Forwarding Detection (BFD) traffic on an affected device. CVE ID: CVE-2022-20623 (High)
A privilege escalation vulnerability and unsupported vulnerability have been discovered in Drupal project, Role Delegation module & Colorbox Node respectively. The update for Drupal project Role Delegation module is available.
Google has released security update for Dev channel 101.0.4951.6 (Platform version: 14588.11.0) for most Chrome OS devices and Dev channel 101.0.4951.7 for Windows, Linux and Mac.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Python, Apache HTTP Server, and OpenSSL that affects NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products. CVE ID: CVE-2022-0391 (High), CVE-2022-0778 (High), CVE-2022-22719 (High), CVE-2022-22720 (Critical), CVE-2022-22721 (Critical), CVE-2022-23943 (Critical)
Delta Electronics has released security updates for DIAEnergie to resolve multiple vulnerabilities. Successful exploitation of these vulnerabilities can allow an attacker to retrieve passwords in cleartext, remotely execute code, cause a user to carry out an action unintentionally, or log in and use the device with administrative privileges.
CVE ID: CVE-2021-33003 (Medium), CVE-2021-32967 (Critical), CVE-2021-32983 (Critical), CVE-2021-38390 (Critical), CVE-2021-38391 (Critical), CVE-2021-38393 (Critical), CVE-2021-32991 (Medium), CVE-2021-23228 (High), CVE-2021-44544 (High), CVE-2021-31558 (Medium), CVE-2021-44471 (High), CVE-2022-0988 (High)
McAfee has released security updates to address multiple vulnerabilities in ePolicy Orchestrator (ePO). This release addresses one blind SQL injection vulnerability in ePO and updates three libraries (Java, Apache HTTP Server, and Tomcat) used by ePO.
CVE ID: CVE-2022-0842 (Medium), CVE-2022-0857 (Medium), CVE-2022-0858 (Medium), CVE-2022-0859 (Medium), CVE-2022-0861 (Low), CVE-2022-0862 (Low), CVE-2021-42340 (Medium), CVE-2021-34798 (High), CVE-2020-13938 (Medium)
Google has released security update for Dev channel 101.0.4943.0 (Platform version: 14583.0.0) for most Chrome OS devices, and Stable channel 99.0.4844.86 (Platform version: 14469.58.0) for most Chrome OS devices.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Juniper Networks has released security update to address multiple vulnerabilities in Junos Space. These vulnerabilities affect Junos Space versions prior to 21.1R1.
Multiple vulnerabilities have been discovered in Mitsubishi Electrics products due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in Wireless Communication Standards IEEE 802.11. These vulnerabilities can allow an attacker to steal communication contents or inject unauthorized packets. Workarounds are available.
CVE ID: CVE-2020-24586 (Low), CVE-2020-24587 (Low), CVE-2020-24588 (Low), CVE-2020-26139 (Medium), CVE-2020-26140 (Medium), CVE-2020-26142 (High), CVE-2020-26143 (Medium), CVE-2020-26144 (Medium), CVE-2020-26145 (Medium), CVE-2020-26146 (Medium), CVE-2020-26147 (Medium)
HP has released security updates to address information disclosure, denial of service, and buffer overflow vulnerabilities in HP Print devices.
CVE ID: CVE-2022-24291 (High), CVE-2022-24292 (Critical), CVE-2022-24293 (Critical)
Debian has released security updates to address multiple vulnerabilities in Thunderbird, which can result in the execution of arbitrary code or information disclosure.
CVE ID: CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387
Drupal uses third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released security update which affects some Drupal sites.
CVE ID: CVE-2022-24775 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Western Digital has released security updates to address directory traversal vulnerability in EdgeRover that allows an attacker to carry out a local privilege escalation and escape basic file-system sandboxing.
CVE ID: CVE-2022-22988 (Critical)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in FANUC Robot Controllers. Successful exploitation can cause system software to stop working correctly due to data corruption.
CVE ID: CVE-2021-32996, CVE-2021-32998
NVIDIA has released security update for NVIDIA Data Center GPU Manager (DCGM) to address vulnerability in nvhostengine that can lead to code execution, Denial of Service (DoS) and escalation of privileges.
CVE ID: CVE-2022-21820 (Medium)
Johnson Controls has released security updates to address a vulnerability impacting Metasys ADS/ADX/OAS Servers with the MUI feature. An authenticated attacker can inject malicious code into the MUI PDF export feature.
CVE ID: CVE‐2021‐36202
Google has released security update for Chrome Beta 100 (100.0.4896.46) for Android, Beta channel 100.0.4896.44 (Platform version: 14526.28.0) for most Chrome OS devices, Beta channel 100.0.4896.45 for Mac and 100.0.4896.45 for Windows and Linux.
CKEditor library is used for WYSIWYG editing in Drupal projects. CKEditor has released security update that impacts Drupal.
CVE ID: CVE-2022-24728, CVE-2022-24729
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Security updates have been released for BIND to address multiple vulnerabilities.
CVE ID: CVE-2022-0667 (High), CVE-2022-0635 (High), CVE-2022-0396 (Medium), CVE-2021-25220 (Medium)
Multiple vulnerabilities such as Stack-based buffer overflow, and Insecurely loading Dynamic Link Libraries have been discovered in KINGSOFT WPS Office and KINGSOFT Internet Security. The affected products are no longer supported, and developer recommends to use alternative unaffected products.
CVE ID: CVE-2022-2594 (High), CVE-2022-26081 (High), CVE-2022-25969 (High), CVE-2022-26511 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A vulnerability has been discovered in CRI-O container engine for Kubernetes. This vulnerability, dubbed cr8escape, can allow an attacker to escape from a Kubernetes container and gain root access to the host and enable to move anywhere in the cluster. The security patch is available.
CVE ID: CVE-2022-0811 (High)
ASEA Brown Boveri (ABB) has released security update to address Execution with Unnecessary Privileges vulnerability in OPC Server for AC 800M. Successful exploitation of this vulnerability can allow a low privileged authenticated user to remotely execute arbitrary code.
CVE ID: CVE-2021-22284 (High)
Apple has released security updates to address vulnerabilities in Safari. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2022-22654, CVE-2022-22610, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released security update for Dev channel 101.0.4937.0 (Platform version: 14574.0.0) for most Chrome OS devices, Chrome 99 (99.0.4844.78) for Android, Extended Stable channel has been updated to 98.0.4758.132 for Windows and Mac, Stable channel has been updated to 99.0.4844.74 for Windows, Mac and Linux, and LTS channel has been updated to 96.0.4664.202 (Platform Version: 14268.77.0) for most ChromeOS devices.
CVE ID: CVE-2022-0971 (Critical)
Apache has released security updates for Apache HTTP Server to resolve multiple vulnerabilities.
CVE ID: CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
Dell has released security update to resolve multiple vulnerabilities in third-party Components of Dell EMC Policy Manager, DELL EMC Secure Connect Gateway and Dell BSAFE SSL-J.
A Remote Code Execution (RCE) vulnerability has been discovered in Veeam Backup & Replication which allow executing malicious code remotely without authentication. The patches have been released for Veeam Backup & Replication versions 10 and 11 only.
CVE ID: CVE-2022-26500 (Critical), CVE-2022-26501 (Critical)
A Local Privilege Escalation (LPE) vulnerability has been discovered in QNAP NAS which allows an unprivileged user to gain administrator privileges and inject malicious code. The affected products are all QNAP x86-based NAS and QNAP ARM-based NAS running QTS 5.0.x and QuTS hero h5.0.x.
CVE ID: CVE-2022-0847 (High)
A post authentication OS command injection vulnerability has been discovered in SonicWall's Secure Remote Access (SRA) series products and Secure Mobile Access (SMA) 100 series products. The updates are available for SMA100 Series products and no update has been released for End of Life (EoL) products SRA Series version 9.0.0.5-19sv and earlier.
CVE ID: CVE-2022-22273 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Parse Server has released security update to resolve a remote code execution (RCE) vulnerability. This vulnerability affects Parse Server in the default configuration with MongoDB.
CVE ID: CVE-2022-24760 (Critical)
Dell has released security update to address multiple vulnerabilities in Dell PowerScale OneFS that can potentially be exploited by malicious users to compromise the affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
ASUS has released MyASUS version 3.1.2.0 for ASUS laptops and desktop PCs which contains important security updates, including fixes for the CVE-2022-22814 vulnerability.
CVE ID: CVE-2022-22814 (Critical)
A privilege escalation vulnerability (AKA Dirty Pipe) has been discovered in Linux Kernel due to improper initialisation in new pipe buffer structure.
CVE ID: CVE-2022-0847 (High)
Debian has released security updates to resolve XML parsing vulnerabilities in the Tryton application platform which can cause information disclosure or Denial of Service (DoS).
CVE ID: CVE-2022-26661, CVE-2022-26662
An authentication bypass vulnerability has been discovered in NETGEAR DGND3700v2. NETGEAR will not release a fix for this vulnerability on the affected product as it is outside of the security support period.
Dell has released security updates for Dell Client Consumer and Commercial platform to address multiple SMM vulnerabilities that can potentially be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-24415 (High), CVE-2022-24416 (High), CVE-2022-24419 (High), CVE-2022-24420 (High), CVE-2022-24421 (High)
Google has released security update for Chrome Beta 100 (100.0.4896.30) for Android, Beta channel 100.0.4896.30 for Mac, Windows and Linux, Chrome Beta 100 (100.0.4896.28) for iOS, Dev channel 101.0.4928.0 (Platform version: 14553.0.0) for most Chrome OS devices and Dev channel 101.0.4929.5 for Windows, Linux and Mac.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Drupal has released security updates to address access bypass and Cross Site Scripting vulnerabilities in Opigno Learning path and SVG Formatter module respectively.
Palo Alto Networks has released security updates for PAN-OS software and GlobalProtect app to resolve use of a weak cryptographic algorithm and privilege escalation vulnerabilities respectively.
CVE ID: CVE-2022-0016 (High), CVE-2022-0022 (Medium)
Schneider Electric has released mitigations to resolve multiple vulnerabilities in EcoStruxure Control Expert, EcoStruxure Process Expert and SCADAPack RemoteConnect for x70, third party components used in AT&T Labs’ Compressor (XMilI) and decompressor (XDemill).
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
WPS Office for Windows v11.2.0.10258 has been released to resolve privilege escalation vulnerability in earlier versions.
CVE ID: CVE-2022-25943 (High)
Rust has released security update for Regex Crate to address a vulnerability that left applications open to Denial of Service (DoS) attacks.
CVE ID: CVE-2022-24713 (High)
Microsoft has released security update to resolve Remote Code Execution (RCE) vulnerability in Microsoft Exchange Server. An attacker can exploit this vulnerability to take control of an affected system. The affected products are Microsoft Exchange Server 2019, Microsoft Exchange Server 2016 and Microsoft Exchange Server 2013.
CVE ID: CVE-2022-23277 (High)
Citrix has released security update to address vulnerability in AMD CPU hardware that may allow code in a guest VM to infer the value of in-memory data in other guest VMs.
CVE ID: CVE-2021-26401
NVIDIA has released security update in NVIDIA JetPack Software Development Kit (SDK) to resolve Denial of Service (DoS), escalation of privileges and impact to data integrity and confidentiality vulnerabilities for its multiple products.
CVE ID: CVE‑2021‑34401 (High), CVE‑2021‑4034 (High), CVE‑2022‑21819 (High)
Hitachi Energy has released security update to address multiple vulnerabilities in Open-Source Software components that are used in the RelCare Cloud and OnPrem versions.
CVE ID: CVE-2020-1967 (High), CVE-2021-3156 (High), CVE-2021-3449 (Medium), CVE-2021-3450 (High), CVE-2021-27432 (High), CVE-2021-27434 (High), CVE-2021-28041 (High)
Microsoft has released updates to address multiple vulnerabilities in its software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. An attacker can exploit these vulnerabilities to take control of an affected system.
AVEVA has released security updates to address cleartext storage of sensitive information in memory vulnerability in AVEVA's System Platform.
CVE ID: CVE-2022-0835 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Wordfence has released security updates to resolve arbitrary file upload and stored Cross-Site Scripting (XSS) vulnerabilities in Ninja Forms File Uploads Extension WordPress plugin.
CVE ID: CVE-2022-0888 (Critical), CVE-2022-0889 (High)
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to address several vulnerabilities in Cisco Application Policy Infrastructure Controller (APIC). An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-1577 (Critical), CVE-2021-1579 (High), CVE-2021-1580 (Medium), CVE-2021-1581 (Medium)
Multiple vulnerabilities such as escalation of privilege and information disclosure have been discovered in Intel Trace Hub and Intel Processors respectively.
CVE ID: CVE-2021-33150 (Medium), CVE-2022-0001 (Medium), CVE-2022-0002 (Medium)
Proofpoint has released security update to resolve arbitrary code execution vulnerability in Proofpoint Insider Threat Management (ITM) Agent for Windows.
CVE ID: CVE-2022-25294 (High)
Security update has been released to address a vulnerability in the Linux kernel version 5.8 which allows overwriting data in arbitrary read-only files. The vulnerability has been fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
Multiple vulnerabilities have been discovered in Axeda agent, and Axeda Desktop Server for Windows.
CVE ID: CVE-2022-25246 (Critical), CVE-2022-25247 (Critical), CVE-2022-25248 (Medium), CVE-2022-25249 (High), CVE-2022-25250 (High), CVE-2022-25251 (Critical), CVE-2022-25252 (High)
Johnson Controls has released security update to address Log4J Remote Code Execution (RCE) vulnerability in PowerManage versions 4.0 to 4.8.
CVE ID: CVE-2021-44228 (Critical)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, Firefox for Android, Focus, and Thunderbird. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-26485 (Critical), CVE-2022-26486 (Critical)
Asterix has released security updates to address out of bounds memory access, Denial of Service (DoS) and arbitrary code execution vulnerabilities in multiple Asterix products.
OMRON CX-Programmer has released security updates to resolve multiple vulnerabilities in CX-Programmer v9.76.1 and earlier versions which is a part of CX-One (v4.60) suite.
CVE ID: CVE-2022-21124 (High), CVE-2022-25230 (High), CVE-2022-25325 (High), CVE-2022-21219 (High), CVE-2022-25234 (High)
Digital Arts Inc. has released security update to resolve improper check for certificate revocation vulnerability in i-FILTER. A Man-in-the-Middle (MITM) attack may allow an adversary to eavesdrop on an encrypted communication.
CVE ID: CVE-2022-21170 (Medium)
Missing authentication for critical function and improper protection against electromagnetic fault injection have been discovered in Power Line Communications J2497 (a.k.a. PLC4TRUCKS). Successful exploitation can allow a nearby attacker to execute diagnostic functions in the trailer or light the trailer ABS fault telltale in a tractor.
CVE ID: CVE-2022-26131 (Critical), CVE-2022-25922 (Medium)
Use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and Company's Equipment- Viper LT. Successful exploitation of this vulnerability can allow an attacker to access, modify, or delete sensitive information.
CVE ID: CVE-2022-22765 (High)
Use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and Company's Equipment- Pyxis. Successful exploitation can allow an attacker to gain access to electronic Protected Health Information (ePHI) or other sensitive information.
CVE ID: CVE-2022-22766 (High)
IPCOMM has released security update to address Cross-Site Scripting (XSS) and code injection vulnerability in it's equipment- ipDIO. Successful exploitation can allow an attacker to inject and execute arbitrary code. As ipDIO considered an end-of-life product, IPCOMM recommends upgrading to its ip4Cloud device.
CVE ID: CVE-2022-24432 (Medium), CVE-2022-21146 (Medium), CVE-2022-24915 (High), CVE-2022-22985 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google Chrome has released updated Chrome Beta 100 (100.0.4896.18) for Android, Beta channel 100.0.4896.20 for Windows, Mac and Linux , Dev channel 101.0.4918.0 (Platform version: 14543.0.0) for most Chrome OS devices and Dev channel 101.0.4919.0 for Windows, Linux and Mac desktop.
Dell has released security update to address multiple vulnerabilities in Dell EMC Integrated System for Microsoft Azure Stack Hub which can potentially be exploited by malicious users to compromise the affected system. The affected versions are Dell EMC 2112 and earlier.
Debian has released security updates to address request smuggling attack vulnerability in Varnish.
CVE ID: CVE-2022-23959 (Critical), CVE-2021-36740 (Medium)
Solarwinds has released security update for Serv-U to address a directory transversal vulnerability. This vulnerability can allow access to files relating to the Serv-U installation and server files.
CVE ID: CVE-2021-35250 (High)
GitLab has released Community Edition and Enterprise Edition version 14.6.6 to resolve a number of regressions and bugs in 14.6 release and prior versions.
A Cross-Site Scripting (XSS) vulnerability due to insufficient escaping and sanitization has been discovered in Amelia WordPress plugin. The affected versions are Amelia versions up to and including 1.0.46. The updated version 1.0.47 is available.
CVE ID: CVE-2022-0834 (High)
Dell has released security update to resolve multiple vulnerabilities in Dell EMC NetWorker vProxy. The affected versions are Dell EMC NetWorker vProxy 4.3.0-15 and earlier.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The affected products are Cisco Expressway Series & Cisco TelePresence VCS, Cisco Ultra Cloud Core SMI, Cisco ISE configured with RADIUS authentication services and CLI of Cisco StarOS.
CVE ID: CVE-2022-20754 (Critical), CVE-2022-20755 (Critical), CVE-2022-20762 (High), CVE-2022-20756 (High), CVE-2022-20665 (Medium)
TerraMaster has released security update to fix security vulnerability related to the Deadbolt ransomware attack in TerraMaster Operating Systems TOS 4.2.30 (ARM) and TOS 4.2.30 (X86).
VMware has released security update to resolve an uncontrolled search path vulnerability in VMware Tools for Windows. The affected versions are VMware Tools for Windows versions 11.x.y and 10.x.y. The updated version 12.0.0 is available.
CVE ID: CVE-2022-22943 (Medium)
Google Chrome has released updated version Chrome 99 (99.0.4844.48) for Android, Chrome 99 (99.0.4844.47) for iOS, Extended Stable channel 98.0.4758.119 for Windows & Mac and Stable channel 99.0.4844.51 for Windows, Mac & Linux.
Cisco has released security update to address vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software. Successful exploitation can cause Denial of Service (DoS) condition by sending a series of malicious Cisco Discovery Protocol messages to an affected device.
CVE ID: CVE-2022-20625 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
PJSIP- multimedia communication library has released version 2.12 to resolve multiple vulnerabilities in its previous versions.
CVE ID: CVE-2021-43299 (High), CVE-2021-43300 (High), CVE-2021-43301 (High), CVE-2021-43302 (Medium), CVE-2021-43303 (Medium)
Multiple vulnerabilities have been discovered in several Fortinet products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-22301 (High), CVE-2022-22300 (Low), CVE-2021-36166 (Critical), CVE-2022-22303 (Low), CVE-2020-15936 (Low), CVE-2021-36171 (High), CVE-2021-44166 (Low), CVE-2021-43070 (Medium), CVE-2021-43077 (High), CVE-2021-43075 (High)
SUSE has released security updates to resolve multiple vulnerabilities in php72.
CVE ID: CVE-2015-9253 (Medium), CVE-2017-8923 (Critical), CVE-2021-21707 (Medium)
Cisco has released security updates to resolve Denial of Service (DoS) vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA).
CVE ID: CVE-2022-20653 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Red Hat has released security update to resolve path traversal and dereference of symlinks vulnerability in OpenShift GitOps 1.3 on OCP 4.7-4.9.
CVE ID: CVE-2022-24348 (High)
It has been discovered that GE's equipment- Proficy CIMPLICITY all versions are vulnerable due to cleartext transmission of sensitive information. Successful exploitation can allow an attacker to capture a connection session, resulting in disclosure of sensitive information.
CVE ID: CVE-2022-21798 (High)
It has been discovered that Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
ASUSTOR NAS (Network-Attached Storage) has released security updates to resolve several security issues for its products. ASUSTOR NAS has also released guideline to mitigate ransomware and malware risks.
Juniper Networks has released security update to resolve stack-based buffer overflow and improper locking vulnerabilities in MX series and SRX series of Junos OS.
CVE ID: CVE-2022-22175 (High), CVE-2022-22178 (High)
Multiple vulnerabilities have been discovered in FATEK Automation's Equipment- FvDesigner. Successful exploitation can cause arbitrary code execution.
CVE ID: CVE-2022-25170 (High), CVE-2022-23985 (High), CVE-2022-21209 (High)
Bently Nevada has released security update to resolve an use of password hash with insufficient computational effort vulnerability in Bently Nevada's 3500 equipment.
CVE ID: CVE-2021-32997 (High)
VMware has released security update to resolve a stored Cross-Site Scripting (XSS) vulnerability affecting its Workspace ONE Boxer product.
CVE ID: CVE-2022-22944 (Medium)
Trend Micro has released critical patches to resolve vulnerabilities related to a static credential, integer overflow and Denial of Service (DoS) for Trend Micro ServerProtect.
CVE ID: CVE-2022-25329 (Critical), CVE-2022-25330 (High), CVE-2022-25331 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20623 (High), CVE-2022-20650 (High), CVE-2022-20624 (High), CVE-2021-1586 (High), CVE-2022-20625 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
A Remote Code Execution (RCE) vulnerability has been discovered in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition which can cause a partial Denial of Service (partial DOS).
CVE ID: CVE-2021-35689 (Critical)
GE has released security update to resolve an improper privilege management vulnerability in Proficy CIMPLICITY equipment.
CVE ID: CVE-2022-23921 (High)
It has been discovered that the backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. These services and their associated apps can be used to perform non-consensual, unauthorized monitoring and are commonly called "stalkerware."
Android has released security bulletin to address multiple vulnerabilities affecting several Android devices. Android 12L devices with security patch levels of 2022-03-01 or later are protected against these issues.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library, which can result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. It is recommended to upgrade the expat packages.
CVE ID: CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315
Multiple vulnerabilities have been discovered in Insyde BIOS that affects Siemens' products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-24030 (Critical), CVE-2021-45971 (Critical), CVE-2021-45970 (Critical), CVE-2021-45969 (Critical), CVE-2021-42554 (Critical)
Insyde has released security update to address multiple vulnerabilities in InsydeH2O products.
CVE ID: CVE-2021-43613 (Medium), CVE-2021-43614 (Medium), CVE-2021-38489 (High)
Dell has released security update for Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) for multiple vulnerabilities that can be exploited by malicious users to compromise the affected system.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security update to resolve multiple vulnerabilities in webkit2gtk and wpewebkit.
CVE ID: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released version 5.0.9 to resolve a Cross-Site Scripting (XSS) vulnerability due to insufficient escaping and sanitization of the settings parameter in Essential Addons for Elementor Lite WordPress plugin. The affected versions are Essential Addons for Elementor Lite versions up to and including 5.0.8.
CVE ID: CVE-2022-0683 (Medium)
Cisco has released security updates to address vulnerability in Cisco IOS XR software which allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
CVE ID: CVE-2021-34718 (High)
Juniper Networks has released security update to resolve an allocation of resources without limits or throttling vulnerability for all versions of Junos OS used in MX Series with SPC3, SRX Series.
CVE ID: CVE-2022-22153 (High)
Multiple vulnerabilities such as Cross-Site Scripting (XSS), template injection and authentication bypass have been discovered in a-blog cms. It is recommended to update the a-blog cms software to the latest version.
CVE ID: CVE-2022-24374 (Medium), CVE-2022-23916 (Medium), CVE-2022-23810 (Medium), CVE-2022-21142 (Medium)
Cisco has released security updates to address a command injection vulnerability in the CLI of Cisco IOS XE SD-WAN software which allow an authenticated, local attacker to execute arbitrary commands with root privileges.
CVE ID: CVE-2021-1529 (High)
A Cross-Site Scripting vulnerability due to insufficient escaping and sanitization of IP parameter, platform parameter & current_page_id parameter has been discovered in WP Statistics WordPress plugin. The affected versions are WP Statistics versions up to and including 13.1.5. The updated version 13.1.6 is available.
CVE ID: CVE-2022-25305 (High), CVE-2022-25306 (High), CVE-2022-25307 (High)
Google Chrome has released Stable channel updated version 98.0.4758.107 (Platform version: 14388.61.0) for most Chrome OS devices, Dev channel 100.0.4892.0 for Windows, Linux and Mac, and Beta 99 (99.0.4844.36) for iOS to resolve multiple vulnerabilities.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Moxa has released security updates to resolve vulnerability which can cause Man-In-The-Middle (MITM) attack in Moxa’s MGate MB3170/MB3270/MB3280/MB3480 Series Protocol Gateways.
Debian has released security update to address code execution vulnerability in zsh package, a powerful shell and scripting language.
CVE ID: CVE-2021-45444
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20653 (High), CVE-2022-20750 (Medium), CVE-2022-20659 (Medium)
Drupal has released security update to address information disclosure and improper input validation vulnerabilities in Quick Edit module and Drupal core's form API respectively.
CVE ID: CVE-2022-25270, CVE-2022-25271
Google Chrome has released updated version Beta 99 (99.0.4844.35) for Android, Beta channel 99.0.4844.33 (Platform version: 14469.24.0) for most Chrome OS devices, Beta channel for Desktop 99.0.4844.35 for Mac, Windows and Linux and LTC-96 to 96.0.4664.194 (Platform Version: 14268.73.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-0099 (High), CVE-2022-0308 (Medium), CVE-2022-0453 (High), CVE-2022-0456 (High), CVE-2022-0460 (Medium), CVE-2022-0465 (Medium), CVE-2022-0603 (High), CVE-2022-0608 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A SQL injection vulnerability due to insufficient escaping and parameterization has been discovered in WP Statistics WordPress plugin. The affected versions are WP Statistics versions up to and including 13.1.5. The updated version 13.1.6 is available.
CVE ID: CVE-2022-0651 (Critical), CVE-2022-25149 (Critical), CVE-2022-25148 (Critical)
Trend Micro has released an update to address a Privilege Escalation vulnerability in Trend Micro Antivirus for Mac. The update resolves a vulnerability in the product that allows a local attacker to modify a file during the update process and escalate their privileges.
CVE ID: CVE-2022-24671
Oracle Solaris has released security update to address multiple vulnerabilities in third party software that is included in Oracle Solaris distributions.
Trend Micro has released new security patches to resolve Denial of Service (DoS) and local privilege escalation vulnerabilities in Apex One Windows platform.
CVE ID: CVE-2022-24678 (Medium), CVE-2022-24679 (High), CVE-2022-24680 (High)
Huawei has released security update to address privilege escalation vulnerability in Huawei PCManager. Successful exploitation can allow an attacker to access certain resource beyond its privilege.
CVE ID: CVE-2021-40046 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi has released security update to resolve Cross Site Scripting (XSS) vulnerabilities in Electric's Energy Saving Data Collecting Server (EcoWebServerIII).
CVE ID: CVE-2016-10735 (Medium), CVE-2017-18214 (High), CVE2018-14040 (Medium), CVE-2018-14042 (Medium), CVE-2018-20676 (Medium), CVE-2019-8331 (Medium), CVE-2020-7746 (High), CVE-2020-11022 (Medium), CVE-2020-11023 (Medium)
Apache has released security update to resolve multiple vulnerabilities in its products.
CVE ID: CVE-2021-44521 (High) , CVE-2022-22931 (Medium), CVE-2022-23206 (High), CVE-2022-24112
Google Chrome has released version Chrome 98 (98.0.4758.101) for Android, Chrome 98 (98.0.4758.97) for iOS and Stable channel 98.0.4758.102 for Windows, Mac and Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2022-0603 (High), CVE-2022-0604 (High), CVE-2022-0605 (High), CVE-2022-0606 (High), CVE-2022-0607 (High), CVE-2022-0608 (High), CVE-2022-0609 (High), CVE-2022-0610 (Medium)
Dell has released security update to resolve credential disclosure vulnerability in EMC Enterprise Storage Analytics for vRealize Operations.
CVE ID: CVE-2021-43590 (Medium)
NVIDIA has released a security update to resolve privilege escalation vulnerability in Delegated License Service (DLS) virtual appliance component of NVIDIA License System.
CVE ID: CVE-2022-21818 (Medium)
Debian has released security update to resolve multiple vulnerabilities in Minetest package. Successful exploitation can cause Lua code injection or Denial of Service (DoS) attack against a Minetest server.
CVE ID: CVE-2022-24300 (Critical), CVE-2022-24301 (Medium)
Adobe has released security update to address an improper input validation vulnerability which can cause arbitrary code execution in Adobe Commerce and Magento Open Source. The affected versions are 2.4.3-p1 & earlier versions and 2.3.7-p2 & earlier versions of all platform.
CVE ID: CVE-2022-24086 (Critical)
Debian has released security update to resolve multiple vulnerabilities in Expat- an XML parsing C library. Successful exploitation can cause execution of arbitrary code or Denial of Service (DoS) attack if a malformed XML file is processed.
CVE ID: CVE-2021-45960 (High), CVE-2021-46143 (High), CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2022-22825 (High), CVE-2022-22826 (High), CVE-2022-22827 (High), CVE-2022-23852 (Critical), CVE-2022-23990 (Critical)
WordPress has released security update to address multiple vulnerabilities in WordPress versions prior to 5.9.2. Successful exploitation can allow a remote attacker to take control of an affected website.
A SQL injection vulnerability due to insufficient escaping and parameterization has been discovered in WP Statistics WordPress plugin. The affected versions are WP Statistics versions up to and including 13.1.4. The updated version 13.1.5 is available.
CVE ID: CVE-2022-0513 (Critical)
Google Chrome Dev channel has been updated to 100.0.4878.0 for Windows, Linux and Mac, and Beta channel has been updated to 99.0.4844.23 (Platform version: 14469.16.0) for most Chrome OS devices.
Wireshark has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
It has been discovered that Ifme, versions 1.0.0 to v.7.33.2 don't properly invalidate a user's session even after the user initiated logout. Successful exploitation can cause reuse of admin cookies either via local/network access or by other hypothetical attacks. The update is available.
CVE ID: CVE-2021-25992 (Critical)
A persistent Cross-Site Scripting (XSS) vulnerability has been discovered in two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
CVE ID: CVE-2022-23321
Moxa has released security updates to address cleartext transmission of sensitive information & hard-coded credentials vulnerability in MXview Series Network Management Software and EDR-G903, EDR-G902 & EDR-810 series secure routers.
CVE ID: CVE-2021-40390, CVE-2021-40392
Multiple vulnerabilities have been discovered in Samba that affects QNAP NAS. Successful exploitation may allow to access sensitive information, run arbitrary commands and impersonate existing services.
CVE ID: CVE-2022-0336, CVE-2021-44141, CVE-2021-44142
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released updated fixed software to resolve multiple critical vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 series routers.
Multiple vulnerabilities have been discovered in various Palo Alto Networks products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-0016 (High), CVE-2022-0017 (High), CVE-2022-0020 (Medium), CVE-2022-0011 (Medium), CVE-2022-0018 (Medium), CVE-2022-0019 (Medium), CVE-2022-0021 (Low)
Microsoft has released security updates to address multiple vulnerabilities in its products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
Jenkins has released security update to resolve XStream library’s vulnerability that can cause Denial of Service (DoS). The affected versions are Jenkins weekly up to and including 2.333 & Jenkins LTS up to and including 2.319.2.
CVE ID: CVE-2022-0538, CVE-2021-43859
Drupal has released security update to address Cross Site Scripting (XSS) and access bypass vulnerabilities in Custom Breadcrumbs module and Fancy File Delete module respectively.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has released security update to resolve an Elevation of Privilege Vulnerability (EPV) in Print Spooler software affecting multiple Window products.
CVE ID: CVE-2022-22718 (High)
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released security update to resolve a SQL injection vulnerability discovered in Fancy Product Designer WordPress plugin. This vulnerability allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information. The affected versions are Fancy Product Designer versions up to and including 4.7.4.
CVE ID: CVE-2021-4134 (High)
Intel has released security updates to address multiple vulnerabilities in several Intel products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
IBM has released security updates to address multiple vulnerabilities in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Zoom affecting several platforms. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-22780 (Medium), CVE-2022-22779 (Low)
Multiple vulnerabilities have been discovered in Mitsubishi Electric's FA Engineering Software Products. Mitsubishi Electric has released security updates to resolve these vulnerabilities.
CVE ID: CVE-2021-20587 (High), CVE-2021-20588 (High), CVE-2020-14521
Sonicwall has released work around & update to resolve an insufficient check of null pointer vulnerability in SonicWall SMA1000 SNMP. Successful exploitation of the vulnerability can cause Denial of Service(DoS). The affected products are SonicWall SMA1000 12.4.1-02779 and earlier.
Multiple vulnerabilities have been discovered in Chromium, which can result in the execution of arbitrary code, Denial of Service (DoS) or information disclosure. It is recommended to upgrade the chromium packages.
CVE ID: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470
A directory traversal vulnerability has been discovered in Argo CD, open-source Continuous Delivery (CD) platform which enables attackers to access sensitive information such as passwords and API keys. The affected products are Argo CD before 2.1.9 and 2.2.x before 2.2.4. The updates are available.
CVE ID: CVE-2022-24348
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2022-23307 (Critical), CVE-2022-23990 (Critical), CVE-2020-25638 (High), CVE-2021-22696 (High), CVE-2021-4160 (Medium),CVE-2019-16869 (High), CVE-2020-7238 (High)
A Cross-Site Scripting (XSS) vulnerability has been discovered in Plus one product CSV+. The affected products are CSV+ prior to 0.8.1.
CVE ID: CVE-2022-21241 (High)
Multiple vulnerabilities have been resolved in GitLab updated versions 14.7.1, 14.6.4, and 14.5.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Debian has released security update to resolve multiple vulnerabilities in Ruby.
CVE ID: CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-41817, CVE-2021-41819, CVE-2021-32066, CVE-2021-41816
Multiple vulnerabilities such as integer coercion error and out-of-bounds write have been discovered in FANUC's Equipment- R-30iA and R-30iB series controllers which can cause a buffer overflow condition, Remote Code Execution (RCE) and can crash the device being accessed.
CVE ID: CVE-2021-32996 (High), CVE-2021-32998 (High)
Dell PowerEdge has released security update to resolve information disclosure vulnerability in Intel Solid State Drive (SSD) Data Center (DC) products.
CVE ID: CVE-2021-0148 (High)
NETGEAR has released security update to resolve pre-authentication command injection & stack overflow vulnerabilities in several products. NETGEAR will not release fixes for the vulnerabilities on EX6100v1 as it is outside of the security support period.
Johnson Controls has released security update to address Log4J Remote Code Execution (RCE) vulnerability in PowerManage versions 4.0 to 4.8.
CVE ID: CVE-2021-44228 (Critical)
Google has released update Chrome Beta channel 99.0.4844.14 & Long Term Support (LTS) channel update 96.0.4664.180 to resolve critical vulnerabilities for most ChromeOS devices. Google has also released update Chrome Beta 99 (99.0.4844.16) for Android, Chrome 99 Beta channel update 99.0.4844.17 for Windows & Linux ,99.0.4844.15 for Mac and Chrome Beta update 99 (99.0.4844.18) for iOS to resolve multiple vulnerabilities.
CVE ID: CVE-2022-0096 (Critical), CVE-2022-0289 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
NVIDIA has released a software security update to address multiple vulnerabilities in GPU Display Driver that can cause Denial of Service (DoS) or memory corruption.
CVE ID: CVE-2022-21813 (Medium), CVE-2022-21814 (Medium), CVE-2022-21815 (Medium), CVE-2022-21816 (Medium)
Cisco has released security update to resolve multiple critical vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Successful exploitation can cause execution of arbitrary code/commands, elevate privileges, bypass authentication and authorization protections, fetch and run unsigned software and Denial of Service (DoS).
CVE ID: CVE-2022-20699 (Critical), CVE-2022-20700 (Critical), CVE-2022-20701 (Critical), CVE-2022-20702 (Medium), CVE-2022-20703 (Critical), CVE-2022-20704 (Medium), CVE-2022-20705 (High), CVE-2022-20706 (High), CVE-2022-20708 (Critical), CVE-2022-20707 (High), CVE-2022-20749 (High), CVE-2022-20709 (Medium), CVE-2022-20710 (Medium), CVE-2022-20711 (High), CVE-2022-20712 (High)
Google has released Chrome versions 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux, Beta channel 98.0.4758.79 (Platform version: 14388.44.0) for most Chrome OS devices, Chrome 98 (98.0.4758.87) for Android, Chrome 98 (98.0.4758.85) for iOS, and Dev channel 99.0.4844.16 for Windows, Linux and 99.0.4844.15 for Mac to address multiple vulnerabilities.
It has been discovered that InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM). The firmware update is available.
Multiple vulnerabilities have been discovered in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation can result in Denial-of-Service (DoS) or buffer-overflow conditions, Remote Code Execution (RCE) or information exposure. The affected products are CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX DDS.
Multiple vulnerabilities have been discovered in several Fortinet products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-36177 (Medium), CVE-2021-41016 (High), CVE-2021-43062 (Medium), CVE-2021-43073 (High), CVE-2021-41018 (High), CVE-2021-36193 (Medium), CVE-2021-42753 (High)
An authenticated OS command injection vulnerability has been discovered in Ricon Mobile's Equipment- Industrial Cellular router which can allow to inject and execute arbitrary shell commands as an Admin user.
CVE ID: CVE-2022-0365 (Critical)
It has been discovered that Advantech's Equipment- ADAM-3600 uses hard-coded cryptographic key inside the project folder which may allow an attacker to achieve Web Server login and perform unauthorized access to intercept traffic.
CVE ID: CVE-2022-22987 (Critical)
A critical Remote Code Execution (RCE) vulnerability has been resolved in Essential Addons for Elementor , a popular WordPress plugin. The affected versions are Essential Addons for Elementor version 5.0.4 and older.
My Cloud OS 5 has released Firmware 5.19.117 to improve the security of My Cloud OS 5 devices.
CVE ID: CVE-2020-25717, CVE-2020-21913, CVE-2022-22991, CVE-2022-22994, CVE-2022-22989, CVE-2022-22990, CVE-2022-22992, CVE-2022-22993
A Cross-Origin Resource Sharing (CORS) vulnerability has been discovered in NVIDIA Omniverse Launcher. Successful exploitation can lead to code execution, escalation of privileges and impact to confidentiality and integrity. NVIDIA has released a software update to address the issue.
CVE ID: CVE-2022-21817 (Critical)
A reflected Cross-Site Scripting (XSS) has been discovered in Fotobook WordPress plugin versions up to and including 3.2.3.
CVE ID: CVE-2022-03801 (Medium)
VMware has released security update to resolve an information disclosure vulnerability in VMware Cloud Foundation SDDC Manager.
CVE ID: CVE-2022-22939 (Medium)
It has been discovered that Samba vfs_fruit module allows out-of-bounds heap read and write via extended file attributes. This vulnerability allows a remote attacker to execute arbitrary code with root privileges.
CVE ID: CVE-2021-44142
Multiple critical vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2022-23218 (Critical), CVE-2022-23219 (Critical), CVE-2021-22060 (Medium), CVE-2021-41817 (High), CVE-2022-22846 (Medium), CVE-2022-22825 (High), CVE-2022-22826 (High), CVE-2022-22827 (High), CVE-2021-45485 (High)
IBM has released security update to fix Apache Log4j vulnerability in IBM Spectrum Scale. The affected products are IBM Spectrum Scale versions 5.0.0 - 5.0.5.11 (All HDFS Transparency versions) and 5.1.0 - 5.1.1 (HDFS Transparency version - 2.7.3 - 3.1.0).
CVE ID: CVE-2021-4104 (High)
An information disclosure vulnerability has been discovered in AMD Platform Security Processor (PSP) chipset driver affecting multiple Dell products. This vulnerability allows low privileged malicious users to access and leak data through the AMD Chipset Driver. The updates are available.
CVE ID: CVE-2021-26333 (Medium)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Symfony due to recent change in configuration loading. The affected Symfony products are versions 5.3.14, 5.4.3, and 6.0.3. This issue has been resolved in versions 5.3.15, 5.4.4, and 6.0.4.
Oracle Solaris has released security update to address multiple vulnerabilities in third party software that is included in Oracle Solaris distributions.
Google has released security update for Chrome Beta 99 (99.0.4844.7) for iOS, Stable channel 97.0.4692.102 for most Chrome OS devices and Dev channel 99.0.4844.11 for Windows, Mac and Linux.
A carry propagation bug has been discovered in the MIPS32 and MIPS64 squaring procedure. The affected OpenSSL versions are 1.0.2, 1.1.1 and 3.0.0. The updates are available.
CVE ID: CVE-2021-4160
Multiple vulnerabilities have been discovered in Fresenius Kabi's Equipment- Agilia Connect Infusion System. Successful exploitation of these vulnerabilities can allow an attacker to gain access to sensitive information, modify settings or parameters or perform arbitrary actions as an authenticated user. The updates are available.
Multiple vulnerabilities such as access bypass and information disclosure have been discovered in Private Taxonomy Terms module for Drupal. This module enables users to create 'private' vocabularies. The updates are available.
It has been discovered that all network connected Xerox VersaLink business printers and copy machines are susceptible to Denial of Service (DoS) attack via a crafted TIFF file in an unauthenticated HTTP POST request.
CVE ID: CVE-2022-23968
Debian has released security updates to resolve multiple vulnerabilities in uriparser, a library that parses Uniform Resource Identifiers (URIs).
CVE ID: CVE-2021-46141, CVE-2021-46142
It has been discovered that Embed Swagger WordPress plugin is vulnerable to reflected Cross-Site Scripting (XSS) due to insufficient escaping/sanitisation and validation.
CVE ID: CVE-2022-0381 (Medium)
Huawei has released security update to resolve laser command injection vulnerability in versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00).
CVE ID: CVE-2021-40043 (High)
An insufficient check for user-provided input has caused Cross Site Scripting (XSS) vulnerability in Navbar module for Drupal. The updates are available.
An improper restriction of XML external entity reference and path traversal vulnerabilities have been discovered in GE Gas Power's Equipment- ToolBoxST. Successful exploitation can result in data exfiltration or arbitrary write, overwrite and execution. The affected products are ToolBoxST OS all versions prior to 07.09.07C.
CVE ID: CVE-2021-44477 (High), CVE-2018-16202 (Medium)
A Cross Site Scripting (XSS) & directory traversal vulnerabilities have been discovered in TransmitMail. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22146 (Medium), CVE-2022-21193 (Medium)
A privilege escalation vulnerability has been discovered in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. Successful exploitation of this vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host in its default configuration.
CVE ID: CVE-2021-4034
Trend Micro has released security update to resolve directory traversal and code injection vulnerabilities in Deep Security Agent & Cloud One - Workload Security for Linux.
CVE ID: CVE-2022-23119 (High), CVE-2022-23120 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-41819 (High), CVE-2021-44716 (High), CVE-2021-45485 (High), CVE-2021-45960 (High), CVE-2021-46143 (High)
Multiple vulnerabilities have been discovered in Moodle. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0335, CVE-2022-0334, CVE-2022-0333, CVE-2022-0332
Multiple vulnerabilities have been discovered in Zimbra- a WebRTC stream aggregator. It is recommended to use Patch 23 for Zimbra 9.0.0 and Patch 30 for Zimbra 8.8.15.
Solarwinds has released security update to resolved Hibernate Query Language (HQL) injection vulnerability in Web Help Desk software which allows an attacker to execute Hibernate SQL queries against the database models defined in the source code..
CVE ID: CVE-2021-35232
Multiple vulnerabilities such as file inclusion, and file write have been discovered in CentOS Web Panel also known as Control Web Panel (CWP). Successful exploitation of vulnerabilities can lead to Remote Code Execution (RCE).
CVE ID: CVE-2021-45467, CVE-2021-45466
Multiple vulnerabilities have been discovered in various PrinterLogic's products. The affected products are PrinterLogic Web Stack version 19.1.1.13 SP9 and earlier, PrinterLogic Virtual Appliance version 20.0.1304 and earlier and PrinterLogic SaaS. The updates are available.
CVE ID: CVE-2021-42631, CVE-2021-42633, CVE-2021-42635, CVE-2021-42637,CVE-2021-42638, CVE-2021-42639, CVE-2021-42640, CVE-2021-42641, CVE-2021-42642
McAfee has released security update to address a SQL injection vulnerability in Data Loss Protection (DLP) ePO extension. Versions prior to 11.8.100, 11.7.101 and 11.6.401 are affected.
CVE ID: CVE-2021-4088 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-41819 (High), CVE-2021-44716 (High), CVE-2021-45485 (High), CVE-2021-45960 (High), CVE-2021-46143 (High), CVE-2021-45115 (High), CVE-2021-45116 (High), CVE-2021-45452 (Medium)
Multiple vulnerabilities have been discovered in Philips' Equipments- Vue PACS. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The security updates are available.
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- GENESIS64, MC Works64, GOT2000 series, GOT SIMPLE series, SoftGOT2000 and Tension Controller. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-23128 (Critical), CVE-2022-23130 (Medium), CVE-2022-23129 (High), CVE-2022-23127 (Medium), CVE-2020-5675 (High)
Zabbix has released security update to resolve authentication bypass/instance takeover vulnerability in Frontend(F) component. The affected product are Frontend (F) version 5.4.0 - 5.4.8 & 6.0.0alpha1.
CVE ID: CVE-2022-23131 (Critical)
Citrix has released security update to resolve buffer overflow vulnerability in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway, formerly known as NetScaler Gateway platforms.
CVE ID: CVE-2019-0140 (High)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Canon laser printers and small office multifunctional printers. The updates are available.
CVE ID: CVE-2021-20877 (Medium)
Drupal has released security update to address a Cross Site Scripting (XSS) vulnerability in jQuery UI 1.13.0.
CVE ID: CVE-2021-41182 (Medium), CVE-2021-41183 (Medium), CVE-2016-7103, CVE-2010-5312
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities has been discovered in several Huawei Products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2021-40042 (Medium), CVE-2021-40033 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20649 (Critical), CVE-2022-20648 (Medium), CVE-2022-20685 (High), CVE-2022-20655 (High), CVE-2022-20654 (High)
Google has released security update for Chrome Beta 98 (98.0.4758.63) for Android and iOS, extended stable channel 96.0.4664.174 for Windows and Mac and stable channel 97.0.4692.99 for Windows, Mac and Linux.
CVE ID: CVE-2022-0289 (Critical), CVE-2022-0290 to CVE-2022-0298 (High), CVE-2022-0300 to CVE-2022-0306 (High), CVE-2022-0307 to CVE-2022-0311 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-42392 (Critical), CVE-2021-43818 (High), CVE-2021-44832 (Medium), CVE-2021-4044 (Medium), CVE-2021-42550 (Medium), CVE-2021-45105 (Medium)
F5 Networks has released security updates to address multiple vulnerabilities in MySQL Server component of Oracle MySQL. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2017-3308 (High), CVE-2017-3456 (Medium), CVE-2017-3464 (Medium), CVE-2020-2780 (Medium)
An improper input validation vulnerability has been discovered in Serv-U. The affected versions are Serv-U 15.2.5 & previous versions. The updates are available.
CVE ID: CVE-2021-35247 (Medium)
An overwrite & persistent password reset poisoning vulnerabilities have been discovered in Umbraco CMS configuration element "UmbracoApplicationUrl". The updates are available.
CVE ID: CVE-2022-22691 (Medium), CVE-2022-22690 (High)
Oracle has released its critical patch update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21391 (Critical), CVE-2022-21390 (Critical), CVE-2022-21389 (Critical), CVE-2022-21306 (Critical), CVE-2022-21276 (Critical), CVE-2022-21275 (Critical), CVE-2021-35683 (Critical), CVE-2021-35587 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in VMware Workstation and Horizon Client for Windows. Successful exploitation may trigger a DoS condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. The updates are available.
CVE ID: CVE-2022-22938 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in various WordPress plugins. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0233 (Medium), CVE-2022-0232 (Medium)
Multiple vulnerabilities such as command injection and privilege escalation have been discovered in McAfee Agent (MA) for Windows. It is recommended to install or update to McAfee Agent 5.7.5 release.
CVE ID: CVE-2021-31854 (High), CVE-2022-0166 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An Authentication Bypass vulnerability has been discovered in ManageEngine Desktop Central and Desktop Central MSP. This vulnerability can allow an attacker to read unauthorized data or write an arbitrary zip file on the server.
CVE ID: CVE-2021-44757 (Critical)
Ivanti has updated its Log4j advisory with security updates for multiple products to address the vulnerability. An unauthenticated attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2021-44228 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45046 (Critical), CVE-2021-44228 (Critical), CVE-2021-45105 (Medium), CVE-2021-22096 (Medium)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-23094, CVE-2022-0217
It has been discovered that NUUO NVRmini2 (Network Video Recorder) through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVE ID: CVE-2022-23227
Dell has released security updates for AMD Graphics Driver Vulnerabilities for Windows 10 that may be exploited by malicious users to compromise the affected systems.
Multiple vulnerabilities such as Unauthenticated Sensitive Data Disclosure, and Stored Cross-Site Scripting have been discovered in various WordPress plugins. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0236 (High), CVE-2021-4074 (Medium), CVE-2022-0210 (Medium)
F5 Networks has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2021-3506, CVE-2021-28660, CVE-2021-28952, CVE-2017-3309, CVE-2017-3453, CVE-2019-2974
It has been discovered that in doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write vulnerability due to an incorrect bounds check. This can lead to remote escalation of privilege with no additional execution privileges needed.
CVE ID: CVE-2021-39623 (Critical)
Juniper Networks has released security updates to resolve multiple vulnerabilities in Juniper Networks products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical), CVE-2021-31385 (High), CVE-2021-4104 (High), CVE-2021-42550 (Medium)
Multiple vulnerabilities have been discovered in NetApp Products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-44548 (Critical), CVE-2021-38931 (Medium), CVE-2021-29678 (High), CVE-2021-38926 (Medium), CVE-2021-39002 (High), CVE-2021-44733 (High), CVE-2021-45469 (High), CVE-2021-4008 (High), CVE-2021-4009 (High), CVE-2021-4010 (High), CVE-2021-4011 (High)
Microsoft has released security updates to resolve elevation of privilege vulnerability in Win32k affecting multiple Windows products.
CVE ID: CVE-2022-21882 (High)
It has been discovered that Mattermost Focalboard is vulnerable to Insufficient Session Expiration vulnerability. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser's local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.
CVE ID: CVE-2022-22122 (Critical)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- e-mesh Energy Management System. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-8174 (High), CVE-2020-8265 (High), CVE-2020-11080 (High), CVE-2021-22883 (High)
A release of illegal memory vulnerability has been discovered in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved that allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted.
CVE ID: CVE-2022-22177 (Medium)
Multiple vulnerabilities have been discovered in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated adjacent attacker can execute code or can cause LLDP database corruption on the affected device.
CVE ID: CVE-2021-34779 (High), CVE-2021-34780 (High), CVE-2021-34775 (Medium), CVE-2021-34776 (Medium), CVE-2021-34777 (Medium), CVE-2021-34778 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
It has been discovered that Password Manager MIRUPASS PW10/PW20 contains a missing encryption vulnerability. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2022-0183 (Medium)
It has been discovered that Label printers TEPRA PRO SR5900P/SR-R7900P contains an insufficiently protected credentials vulnerability. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2022-0184 (Medium)
Multiple vulnerabilities have been discovered in Citrix Hypervisor, which can allow privileged code in a guest VM to cause the host to crash or become unresponsive. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-28704, CVE-2021-28705, CVE-2021-28714, CVE-2021-28715
It has been discovered that systemd-tmpfiles employed uncontrolled recursion when removing deeply nested directory hierarchies. A local attacker can exploit this to cause systemd-tmpfiles to crash or have other unspecified impacts.
CVE ID: CVE-2021-3997
Multiple vulnerabilities such as NULL Pointer Dereference, Integer Underflow, Out-of-Bounds Read, and Memory Leak have been discovered in Moxa's Equipment- VPort 06EC-2V Series IP Cameras and VPort 461A Series Video Servers. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Apple has released security update to address a Denial of Service vulnerability in iOS 15.2.1 and iPadOS 15.2.1. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2022-22588
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MELSEC-F Series, and MELSEC iQ-R, Q and L Series. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-20613 (High), CVE-2021-20612 (High), CVE-2020-5652 (High)
F5 Networks has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2018-3620 (Medium), CVE-2020-14550 (Medium), CVE-2020-2574 (Medium), CVE-2020-2752 (Medium), CVE-2020-2922 (Low), CVE-2021-2007 (Low), CVE-2021-2011 (Medium)
QNAP NAS has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-38682, CVE-2021-38689, CVE-2021-38690, CVE-2021-38691, CVE-2021-38692, CVE-2021-38677, CVE-2021-38678
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-43818, CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088
It has been discovered that Jimoty App for Android uses a hard-coded API key for an external service. Jimoty for Android versions prior to 3.7.42 are affected.
CVE ID: CVE-2022-0131 (Medium)
Multiple vulnerabilities such as Cross-site request forgery, Reflected cross-site scripting, and Stored cross-site scripting have been discovered in WordPress Plugin "Quiz And Survey Master". The affected versions are Quiz And Survey Master versions prior to 7.3.7.
CVE ID: CVE-2022-0180 (Medium), CVE-2022-0181 (Medium), CVE-2022-0182 (Medium)
Juniper Networks has released security updates to resolve multiple vulnerabilities in Juniper Networks Junos OS. An attacker can exploit these vulnerabilities to take control of an affected system.
SUSE has released security updates to resolve several vulnerabilities in multiple products.
CVE ID: CVE-2021-44224, CVE-2021-44790, CVE-2021-3572, CVE-2021-45942, CVE-2021-4126, CVE-2021-44538
It has been discovered that lxml, a Python binding for the libxml2 and libxslt libraries, does not properly sanitize its input, which can lead to cross-site scripting. It is recommended to upgrade the lxml packages.
CVE ID: CVE-2021-43818
Multiple vulnerabilities have been discovered in various Palo Alto Networks products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0015 (High), CVE-2022-0014 (Medium), CVE-2022-0013 (Medium), CVE-2022-0012 (Medium)
Google has released Chrome Beta 98 (98.0.4758.54) for Android, Chrome Beta 98 (98.0.4758.51) for iOS, and Chrome version 98.0.4758.55 for Mac and 98.0.4758.54 for Windows and Linux. This versions addresses vulnerabilities that an attacker can exploit to take control of an affected system.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20658 (Critical), CVE-2022-20652 (Medium), CVE-2022-20663 (Medium), CVE-2022-20626 (Medium), CVE-2022-20656 (Medium), CVE-2022-20657 (Medium), CVE-2022-20660 (Medium), CVE-2022-20631 (Medium), CVE-2022-20632 (Medium), CVE-2022-20635 (Medium), CVE-2022-20636 (Medium), CVE-2022-20651 (Medium)
A Remote Code Execution (RCE) vulnerability has been discovered in in KCodes NetUSB component, integrated into millions of end-user router devices such as Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.
CVE ID: CVE-2021-45608
Multiple vulnerabilities have been resolved in GitLab updated versions 14.6.2, 14.5.3, and 14.4.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Node.js has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-44531 (Medium), CVE-2021-44532 (Medium), CVE-2021-44533 (Medium), CVE-2022-21824(Low)
An Elevation of Privilege vulnerability has been discovered in Microsoft Windows Active Directory Domain Services Successful exploitation of this vulnerability may allow a remote attacker to gain elevated privileges on the targeted system.
CVE ID: CVE-2022-21857
Multiple vulnerabilities such as Use of Hard-coded Credentials, and Buffer Copy without Checking Size of Input have been discovered in Schneider Electric's Equipment- Easergy P5. An attacker can exploit these vulnerabilities to cause disclosure of the device credentials, denial of service, device reboot, or at attacker gaining full control of the relay.
CVE ID: CVE-2022-22722 (High), CVE-2022-22723 (High)
Multiple vulnerabilities have been discovered in several products of Siemens. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45033 (Critical), CVE-2021-45034 (Medium), CVE-2021-45460 (Low), CVE-2021-41769 (Medium), CVE-2021-31346 (High), CVE-2021-31885 (High), CVE-2021-31889 (High), CVE-2021-31890 (High), CVE-2021-31345 (High), CVE-2021-31344 (Medium)
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21969 (Critical), CVE-2022-21907 (Critical), CVE-2022-21901 (Critical), CVE-2022-21855 (Critical), CVE-2022-21849 (Critical)
Citrix has released a security update to address a Local privilege Escalation vulnerability in Workspace App for Linux. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2022-21825
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
An improper handling of syntactically invalid structure vulnerability has been discovered in Johnson Controls' Equipment- VideoEdge. Running a vulnerability scanner against VideoEdge NVRs can cause some functions to stop.
CVE ID: CVE-2021-36199 (Medium)
Multiple vulnerabilities have been discovered in Wordpress, a web blogging tool. These vulnerabilities allow remote attackers to perform SQL injection, run unchecked SQL queries, bypass hardening, or perform Cross-Site Scripting (XSS) attacks. It is recommended to upgrade the wordpress packages.
CVE ID: CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, CVE-2022-21664
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected device.
Multiple vulnerabilities have been discovered in Schneider Electric's Modicon M340 controller and Communication Modules. It is recommended to apply the mitigations immediately to reduce the risk of exploit.
CVE ID: CVE-2022-22724 (High), CVE-2020-7534 (Medium)
It has been discovered that all versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow a directory to be created in an area of the server file system not exported under the share definition.
CVE ID: CVE-2021-43566
RedHat has released security updates to address multiple vulnerabilities in Red Hat OpenShift Container Platform. An attacker can exploit these vulnerabilities to take control of an affected device.
Cisco has released security updates to address Apache Log4j vulnerabilities in multiple Cisco products.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
Huawei has released security updates to address multiple vulnerabilities in OpenSSL affecting several Huawei products. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105, CVE-2016-2109, CVE-2016-2176, CVE-2016-0800
Google has released Beta channel update 98.0.4758.46 (Platform version: 14388.24.0) for most Chrome OS devices, and Chrome Beta channel update 98.0.4758.48 for Windows, Mac and Linux.
It has been discovered that vulnerabilities in Samba versions affect multiple NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-43566 (Low), CVE-2021-20316 (Medium)
It has been discovered that ClamAV version 0.102, an anti-virus toolkit, has reached its end-of-life. ClamAV has been updated to version 0.103 to be able to receive virus signature updates. It is recommended to upgrade the clamav packages.
Multiple vulnerabilities have been discovered in vim, an enhanced vi text editor. It is recommended to upgrade the vim packages.
CVE ID: CVE-2017-17087, CVE-2019-20807, CVE-2021-3778, CVE-2021-3796
It has been discovered that Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag.
CVE ID: CVE-2022-22115 (Critical)
It has been discovered that Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The "search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts.
CVE ID: CVE-2022-22114 (Critical)
It has been discovered that various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Depending on the chipset and device, an attacker within Z-Wave radio range can deny service, cause devices to crash, deplete batteries, intercept, observe, and replay traffic, and control vulnerable devices.
CVE ID: CVE-2020-9057, CVE-2020-9058, CVE-2020-9059, CVE-2020-9060, CVE-2020-9061, CVE-2020-10137
Debian has released security update to address multiple vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter.
CVE ID: CVE-2021-45944 (Medium), CVE-2021-45949 (Medium)
Debian has released security update to address a vulnerability in roundcube, a skinnable AJAX based webmail solution for IMAP servers which may allow an attacker to perform Cross-Site Scripting (XSS) attacks.
CVE ID: CVE-2021-46144
Red Hat has released security update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon to resolve multiple vulnerabilities.
CVE ID: CVE-2021-3807 (High), CVE-2021-3918 (Critical), CVE-2021-22959 (Medium), CVE-2021-22960 (Medium), CVE-2021-37701(High), CVE-2021-37712 (High)
QNAP has released security update to resolve a vulnerability in NAS running QVPN Service which allows an attacker to run arbitrary code in the system. The affected products are QVPN Service 3.0.760 and later.
A reflected Cross-Site Scripting (XSS) vulnerability has been resolved in QTS, QuTS hero and QuTScloud TFTP server which allows remote attacker to inject malicious code.
CVE ID: CVE-2021-38674 (Medium)
A stack-based buffer overflow vulnerability has been discovered in the SonicOS SessionID HTTP response header. This vulnerability affects SonicOS Gen 6 and Gen 7 firmware versions.
CVE ID: CVE-2021-20048 (Medium)
A vulnerability has been discovered in the H2 database console. This vulnerability has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading).
CVE ID: CVE-2021-42392 (Critical)
It has been discovered that kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
CVE ID: CVE-2021-25743 (Low)
Multiple vulnerabilities have been discovered in IDEC's Equipment- PLCs (Programmable Logic Controllers). Successful exploitation of these vulnerabilities can allow an attacker to upload, alter, and/or download the PLC user program.
CVE ID: CVE-2021-37400 (High), CVE-2021-37401 (High), CVE-2021-20826 (High), CVE-2021-20827 (High)
An uncontrolled resource consumption vulnerability has been discovered in Fernhill Software's Equipment- Fernhill SCADA Server. Successful exploitation of this vulnerability can cause a Denial-of-Service(DoS) condition. The affected products are Fernhill SCADA Server Version 3.77 and earlier on all supported platforms (Windows, Linux, macOS).
CVE ID: CVE-2022-21155 (High)
A stack-based buffer overflow vulnerability has been discovered in Omron's Equipment- CX-One. Successful exploitation of this vulnerability can allow arbitrary code execution. The affected products are CX-One: Versions 4.60 and prior.
CVE ID: CVE-2022-21137 (High)
An improper access control vulnerability has been discovered in Philips' Equipment- Engage Software. Successful exploitation of this vulnerability can allow improper viewing of business contact information. The affected products are Engage Software Versions 6.2.1 and prior.
CVE ID: CVE-2021-23173 (Low)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Debian has released security update to address a vulnerability in Sphinxsearch- a fast standalone full-text SQL search engine which can allow arbitrary files to be read by abusing a configuration option.
CVE ID: CVE-2020-29050
A SQL injection vulnerability has been discovered in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). It is recommended to update the software.
CVE ID: CVE-2020-3339 (Medium)
A vulnerability has been discovered in the web-based management interface of Cisco Common Services Platform Collector (CSPC) which can allow an authenticated, remote attacker to access sensitive data on an affected system. It is recommended to update the software.
CVE ID: CVE-2021-34774 (Medium)
Microsoft has released the latest Microsoft Edge Stable Channel (Version 97.0.1072.55) which incorporates the latest security updates of the Chromium project to resolve multiple vulnerabilities.
Google has released update for Chrome Beta 98 (98.0.4758.34) for both Android & iOS and stable channel 97.0.4692.77 (Platform version: 14324.62.0) for most Chrome OS devices.
It has been discovered that forge is vulnerable to URL Redirection to Untrusted Site. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2022-0122 (Medium)
Multiple vulnerabilities have been discovered in Moxa's EDR-G903, EDR-G902 and EDR-810 Series Secure Routers . Moxa has developed appropriate solutions to address these vulnerabilities.
Multiple DNSpooq vulnerabilities have been discovered in dnsmasq which affects Moxa's AWK-3131A/4131A/1137C/1131A series products. Moxa has developed appropriate solutions to address these vulnerabilities.
CVE ID: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687
Dell has released security updates to address multiple vulnerabilities in several products which can be exploited by malicious users to compromise the affected system.
It has been discovered that WordPress Plugin "Advanced Custom Fields" contains multiple missing authorisation vulnerabilities. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-20865 (Medium), CVE-2021-20866 (Medium), CVE-2021-20867 (Medium)
It has been discovered that in libexpat aka Expat, a crafted XML file can cause integer overflow on m_groupSize in function doProlog.
CVE ID: CVE-2021-46143
A vulnerability has been discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution vulnerability can occur because the SMI handler lacks a CommBuffer check.
CVE ID: CVE-2021-41842
A null pointer dereference vulnerability has been discovered in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service (DoS).
CVE ID: CVE-2021-45831
Multiple vulnerabilities have been discovered in Daybyday CRM. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22111 (High), CVE-2022-22110 (High), CVE-2022-22109 (Medium), CVE-2022-22108 (Medium), CVE-2022-22107 (Medium)
ReHat has released Red Hat OpenShift Container 4.8.25 to resolve multiple vulnerabilities and add enhancements.
CVE ID: CVE-2021-39240 (High), CVE-2021-39241 (Medium), CVE-2021-39242 (High), CVE-2021-39246 (Medium)
Red Hat has released security update for Red Hat Single Sign-On 7.5 container images for IBM P/Z which fixes incorrect authorization allowing unprivileged users to create other users.
CVE ID: CVE-2021-3712 (High), CVE-2021-4133, CVE-2021-42574 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system.
Siemens has released a list of products affected from Apache Log4j vulnerabilities. The workarounds & mitigations are also available.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
It has been discovered that WordPress Plugin "Advanced Custom Fields" contains multiple missing authorisation vulnerabilities. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-20865 (Medium), CVE-2021-20866 (Medium), CVE-2021-20867 (Medium)
Intel has released security update to patch Apache Log4j vulnerabilities in multiple Intel Products.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
NETGEAR has released security updates to address multiple vulnerabilities in wireless access points. A remote attacker can exploit these vulnerabilities to take control of an affected system.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 05 Jan 2022 or later address all of these issues.
Debian has released security update for Apache HTTP server to resolve several vulnerabilities. A malicious actor can take advantage of these vulnerabilities to cause Denial of Service (DoS) or Server Side Request forgery (SSRF) attack.
CVE ID: CVE-2021-44224 (High), CVE-2021-44790 (Critical)
Django has released security update to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45452, CVE-2021-45116, CVE-2021-45115
A XSS vulnerability has been discovered in Latte, an open source template engine for PHP. This vulnerability has been resolved in the versions 2.8.8, 2.9.6 and 2.10.8.
CVE ID: CVE-2022-21648 (High)
A SQL injection vulnerability has been discovered in CodeIgniter. This vulnerability has been resolved in the versions 4.1.6 or later.
CVE ID: CVE-2022-21647 (High)
Multiple vulnerabilities have been discovered in Thunderbird, which can result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures. It is recommended to upgrade thunderbird packages.
A heap-overflow vulnerability has been discovered in several VMware products. The affected products are VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation.
CVE ID: CVE-2021-22045 (High)
Multiple vulnerabilities have been discovered in multiple IBM products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in linux kernel versions prior to 4.17 that affects multiple NetApp Products. Successful exploitation of this vulnerability can lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
CVE ID: CVE-2018-25020 (High)
A vulnerability has been discovered in OpenSSL version 3.0.0 that affects multiple NetApp Products. Successful exploitation of this vulnerability can lead to Denial of Service (DoS).
CVE ID: CVE-2021-4044 (Medium)
Microsoft has released an emergency out-of-band update for several window severs to address issue that might prevent user from using Remote Desktop to reach the server and also slows performance.
Debian has released security update for Salt Regression that addresses multiple vulnerabilities.
CVE ID: CVE-2020-16846 (Critical), CVE-2021-3197 (Critical), CVE-2020-28243 (High) , CVE-2021-25282 (Critical), CVE-2021-25284 (Medium)
An information exposure vulnerability has been discovered in Opmantek Open-AudIT 4.2.0 which allows an authenticated attacker to read file outside of the restricted directory.
CVE ID: CVE-2021-44674
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Shockwall system that results in arbitrary code execution for controlling the system or disrupting service.
CVE ID: CVE-2021-45917
It has been discovered that ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow vulnerability due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
CVE ID: CVE-2021-44158
MediaTek has released security update to address multiple vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Wi-Fi and TV chipsets.
It has been discovered that ENC DataVault 7.1.1W uses an inappropriate encryption algorithm such that an attacker even though does not know the secret key can make ciphertext modifications that are reflected in modified plaintext.
CVE ID: CVE-2021-36751
It has been discovered that Expat version before 2.4.3- a stream-oriented XML 1.0 parser library contains a realloc misbehavior vulnerability.
CVE ID: CVE-2021-45960
It has been discovered that Microsoft Exchange Server 2016 and Exchange Server 2019 have problem related to a date check failure with the change of the new year 2022 which causes the malware engine to crash or resulting in messages being stuck in transport queues.
