Security Vulnerabilities - CVEs Published In September 2022
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-09-27
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-09-27
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
CVSS Score
1.8
EPSS Score
0.002
Published
2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-27
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-09-27
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.
CVSS Score
9.0
EPSS Score
0.017
Published
2022-09-27
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-26