Security Vulnerabilities - CVEs Published In 2022
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-30
A vulnerability was found in ghostlander Phoenixcoin. It has been classified as problematic. Affected is the function CTxMemPool::accept of the file src/main.cpp. The manipulation leads to denial of service. Upgrading to version 0.6.6.1-pxc is able to address this issue. The name of the patch is 987dd68f71a7d8276cef3b6c3d578fd4845b5699. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217068.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-30
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-12-30
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-30
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.
CVSS Score
3.7
EPSS Score
0.0
Published
2022-12-30
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-30
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-30
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-12-30
A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-30
A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-12-30