Security Vulnerabilities - CVEs Published In December 2022
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
CVSS Score
9.8
EPSS Score
0.141
Published
2022-12-06
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-12-06
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-12-06
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.005
Published
2022-12-06
A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-12-06
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-06
In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-06