Security Vulnerabilities - CVEs Published In November 2022
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVSS Score
8.6
EPSS Score
0.0
Published
2022-11-07
Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-07
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVSS Score
2.2
EPSS Score
0.001
Published
2022-11-07
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVSS Score
2.2
EPSS Score
0.0
Published
2022-11-07
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-07
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-07
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-07
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVSS Score
2.2
EPSS Score
0.0
Published
2022-11-07
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-11-07
A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-11-07