Security Vulnerabilities - CVEs Published In September 2022
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
CVSS Score
7.8
EPSS Score
0.019
Published
2022-09-23
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
CVSS Score
6.4
EPSS Score
0.001
Published
2022-09-23
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-09-23
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CVSS Score
3.7
EPSS Score
0.001
Published
2022-09-23
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-23