Security Vulnerabilities - CVEs Published In November 2022
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-29
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-11-29
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
CVSS Score
8.8
EPSS Score
0.032
Published
2022-11-29
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-29
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-29
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-29
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-29
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-11-29
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-29
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-11-29