Security Vulnerabilities - CVEs Published In 2022
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-19
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-19
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
CVSS Score
6.4
EPSS Score
0.0
Published
2022-12-19
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-19
Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-12-19
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-12-19
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-12-19
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-12-19
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
CVSS Score
9.8
EPSS Score
0.401
Published
2022-12-19
Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-12-19