Security Vulnerabilities - CVEs Published In December 2022
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-02
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score
5.9
EPSS Score
0.001
Published
2022-12-02
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score
9.8
EPSS Score
0.019
Published
2022-12-02
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score
5.9
EPSS Score
0.001
Published
2022-12-02
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-12-02
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-12-02
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-02
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
CVSS Score
9.8
EPSS Score
0.039
Published
2022-12-02
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally.
CVSS Score
2.0
EPSS Score
0.002
Published
2022-12-02
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-12-02