Security Vulnerabilities - CVEs Published In October 2022
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-29
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS Score
7.5
EPSS Score
0.03
Published
2022-10-29
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-10-29
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
CVSS Score
2.7
EPSS Score
0.001
Published
2022-10-28
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-28
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-28
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-28
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-28
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-10-28
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-10-28