Security Vulnerabilities - CVEs Published In September 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.
CVSS Score
8.1
EPSS Score
0.005
Published
2022-09-02
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-02
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-09-02
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-09-02
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto
CVSS Score
6.2
EPSS Score
0.001
Published
2022-09-02
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto
CVSS Score
8.4
EPSS Score
0.001
Published
2022-09-02
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto
CVSS Score
8.4
EPSS Score
0.001
Published
2022-09-02
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
CVSS Score
8.4
EPSS Score
0.001
Published
2022-09-02
Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVSS Score
7.3
EPSS Score
0.003
Published
2022-09-02
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVSS Score
7.3
EPSS Score
0.003
Published
2022-09-02