Security Vulnerabilities - CVEs Published In November 2022
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-09
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-09
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-09
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-09
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-09
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-09
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-11-09
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-11-09
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-11-09
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-09