Security Vulnerabilities - CVEs Published In December 2022
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).
CVSS Score
9.8
EPSS Score
0.032
Published
2022-12-07
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-12-07
A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.
CVSS Score
8.8
EPSS Score
0.024
Published
2022-12-07
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-12-07
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-12-07
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-12-07
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-12-07
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-07
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
CVSS Score
9.8
EPSS Score
0.013
Published
2022-12-07
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-12-07