Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-09-19
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-09-19
Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-09-19
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
CVSS Score
9.3
EPSS Score
0.005
Published
2022-09-19
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-09-19
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-09-19
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-09-19
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
CVSS Score
4.4
EPSS Score
0.004
Published
2022-09-19
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-09-19
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-09-19


Contact Us

Shodan ® - All rights reserved