Security Vulnerabilities - CVEs Published In November 2022
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-22
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-22
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-22
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-11-22
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-22
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVSS Score
9.8
EPSS Score
0.053
Published
2022-11-22
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-11-22
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-11-22
D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-11-22
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-11-22