Security Vulnerabilities - CVEs Published In October 2022
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-17
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-17
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-17
devhub 0.102.0 was discovered to contain a broken session control.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-10-17
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-17
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-10-17
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-10-17
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-10-17
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
CVSS Score
3.5
EPSS Score
0.004
Published
2022-10-17
A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-17