Security Vulnerabilities - CVEs Published In November 2022
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-11-23
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-23
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-11-23
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
CVSS Score
7.2
EPSS Score
0.801
Published
2022-11-23
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.
CVSS Score
5.4
EPSS Score
0.016
Published
2022-11-23
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-23
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
CVSS Score
4.8
EPSS Score
0.434
Published
2022-11-23
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.
CVSS Score
9.8
EPSS Score
0.509
Published
2022-11-23