CVE-2022-47208 - The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device withou... read CVE-2022-47208
Published: December 16, 2022; 3:15:08 PM -0500

V3.1: 8.8 HIGH

CVE-2022-46400 - The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
Published: December 19, 2022; 6:15:10 PM -0500

V3.1: 5.4 MEDIUM

CVE-2022-46401 - The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
Published: December 19, 2022; 6:15:11 PM -0500

V3.1: 5.4 MEDIUM

CVE-2022-46402 - The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.
Published: December 19, 2022; 6:15:11 PM -0500

V3.1: 6.5 MEDIUM

CVE-2022-46403 - The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
Published: December 19, 2022; 6:15:11 PM -0500

V3.1: 8.6 HIGH

CVE-2022-47512 - Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
Published: December 19, 2022; 11:15:11 AM -0500

V3.1: 5.5 MEDIUM

CVE-2022-40435 - Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module.
Published: December 19, 2022; 12:15:10 PM -0500

V3.1: 4.8 MEDIUM

CVE-2022-44108 - pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc.
Published: December 19, 2022; 6:15:10 PM -0500

V3.1: 9.8 CRITICAL

CVE-2022-44109 - pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).
Published: December 19, 2022; 6:15:10 PM -0500

V3.1: 9.8 CRITICAL

CVE-2022-3752 - An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If... read CVE-2022-3752
Published: December 19, 2022; 6:15:10 PM -0500

V3.1: 7.5 HIGH

CVE-2022-23543 - Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube lin... read CVE-2022-23543
Published: December 19, 2022; 5:15:10 PM -0500

V3.1: 5.4 MEDIUM

CVE-2022-23536 - Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously cr... read CVE-2022-23536
Published: December 19, 2022; 5:15:10 PM -0500

V3.1: 6.5 MEDIUM

CVE-2022-47551 - Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with ... read CVE-2022-47551
Published: December 19, 2022; 7:15:10 PM -0500

V3.1: 6.5 MEDIUM

CVE-2022-40434 - Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.
Published: December 19, 2022; 5:15:11 PM -0500

V3.1: 9.8 CRITICAL

CVE-2022-44940 - Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.
Published: December 19, 2022; 5:15:11 PM -0500

V3.1: 9.1 CRITICAL

CVE-2021-4258 - ** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive informatio... read CVE-2021-4258
Published: December 19, 2022; 9:15:10 AM -0500

V3.1: 7.5 HIGH

CVE-2020-36619 - A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address thi... read CVE-2020-36619
Published: December 19, 2022; 9:15:10 AM -0500

V3.1: 9.8 CRITICAL

CVE-2022-43466 - Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533... read CVE-2022-43466
Published: December 18, 2022; 10:15:10 PM -0500

V3.1: 6.8 MEDIUM

CVE-2022-43443 - Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DH... read CVE-2022-43443
Published: December 18, 2022; 10:15:10 PM -0500

V3.1: 8.8 HIGH

CVE-2021-4259 - A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator i... read CVE-2021-4259
Published: December 19, 2022; 9:15:10 AM -0500

V3.1: 9.8 CRITICAL