Security Vulnerabilities - CVEs Published In November 2022
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-04
diplib v3.0.0 is vulnerable to Double Free.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-11-04
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-11-04
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVSS Score
7.0
EPSS Score
0.001
Published
2022-11-04
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVSS Score
7.0
EPSS Score
0.001
Published
2022-11-04
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVSS Score
7.0
EPSS Score
0.0
Published
2022-11-04
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVSS Score
7.6
EPSS Score
0.001
Published
2022-11-04
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVSS Score
7.0
EPSS Score
0.001
Published
2022-11-04
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVSS Score
7.0
EPSS Score
0.001
Published
2022-11-04
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-11-04