Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
An integer overflow in WhatsApp could result in remote code execution in an established video call.
CVSS Score
9.8
EPSS Score
0.083
Published
2022-09-22
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-22
Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-22
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-09-22
User input included in error response, which could be used in a phishing attack.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-09-22
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-22
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.
CVSS Score
7.0
EPSS Score
0.012
Published
2022-09-22
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
CVSS Score
6.0
EPSS Score
0.0
Published
2022-09-22
Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.
CVSS Score
7.6
EPSS Score
0.001
Published
2022-09-22
ICEcoder v8.1 allows attackers to execute a directory traversal.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-09-22


Contact Us

Shodan ® - All rights reserved