Security Vulnerabilities - CVEs Published In October 2022
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
CVSS Score
9.9
EPSS Score
0.745
Published
2022-10-17
A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.
CVSS Score
4.3
EPSS Score
0.0
Published
2022-10-17
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-17
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
CVSS Score
9.9
EPSS Score
0.936
Published
2022-10-17
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-10-17
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-17
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.
CVSS Score
9.8
EPSS Score
0.036
Published
2022-10-17
Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-10-17
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-10-17
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.
CVSS Score
8.0
EPSS Score
0.001
Published
2022-10-17