Security Vulnerabilities - CVEs Published In November 2022
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-28
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-28
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-11-28
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-11-28
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-11-28
A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-11-28
A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-11-28
A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-11-28
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-28
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVSS Score
9.1
EPSS Score
0.001
Published
2022-11-27