Security Vulnerabilities - CVEs Published In October 2022
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-10-12
A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-10-12
Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-12
iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVSS Score
8.8
EPSS Score
0.042
Published
2022-10-12
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
CVSS Score
9.6
EPSS Score
0.002
Published
2022-10-12
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).
CVSS Score
8.8
EPSS Score
0.0
Published
2022-10-12
mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-10-12
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-12
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-12
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-12