Security Vulnerabilities - CVEs Published In September 2022
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
CVSS Score
9.8
EPSS Score
0.577
Published
2022-09-13
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-09-13
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-13
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-13
In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-13
a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13