Security Vulnerabilities - CVEs Published In October 2022
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-21
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-21
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-21
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-21
The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-10-21
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-21
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
CVSS Score
7.2
EPSS Score
0.009
Published
2022-10-21
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.
CVSS Score
3.5
EPSS Score
0.0
Published
2022-10-21
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-21
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-21