Security Vulnerabilities - CVEs Published In October 2022
The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-11
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.
CVSS Score
7.6
EPSS Score
0.002
Published
2022-10-11
Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-10-11
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-10-11
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-10-11
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-11
There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-11
There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-11
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929
CVSS Score
5.5
EPSS Score
0.001
Published
2022-10-11
In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920
CVSS Score
5.5
EPSS Score
0.001
Published
2022-10-11