Vuldb Updates

A vulnerability was found in SilverStripe Framework 3.1.13/4.8.1/4.10.1 and classified as problematic. Affected by this issue is some unknown functionality of the component HTMLEditor. The manipulation leads to HTML injection. This vulnerability is handled as CVE-2022-37430. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SilverStripe Assets. It has been rated as problematic. This issue affects some unknown processing of the component GPX File Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-38147. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Insyde Kernel up to 5.5 and classified as critical. This issue affects some unknown processing of the component MebxConfiguration Driver. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-36337. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in Maarch RM 2.8.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2022-37772. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Optilink OP-XT71000N. This affects an unknown part of the file /routing.asp of the component New Route Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2020-23587. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Optilink OP-XT71000N. This vulnerability affects unknown code of the file /rmtacc.asp. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2020-23588. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in oretnom23 Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /avms/index.php. The manipulation leads to sql injection. This vulnerability was named CVE-2022-44139. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. It has been rated as critical. Affected by this issue is the function UploadFirmwareFile. The manipulation of the argument FileName leads to command injection. This vulnerability is handled as CVE-2022-44249. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This affects the function setOpModeCfg. The manipulation of the argument Hostname leads to command injection. This vulnerability is uniquely identified as CVE-2022-44250. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setUssd. The manipulation of the argument ussd leads to command injection. This vulnerability was named CVE-2022-44251. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This issue affects the function setUploadSetting. The manipulation of the argument FileName leads to command injection. The identification of this vulnerability is CVE-2022-44252. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Adobe Flash Player up to 11.2.202.540/19.0.0.213/19.0.0.226. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2015-8046. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Huawei UTPS 1.0/UTPS-V200R003B015D15SP00C983. This affects an unknown part of the component UTPS Service Query Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2016-8769. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in eMedia simpleRedak up to 2.47.23.05. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/cb/format_642.php. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-33761. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in eMedia simpleRedak up to 2.47.23.05. This affects an unknown part of the file /scheduler/index.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-33763. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2017-20185. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in DokuWiki and classified as problematic. Affected by this issue is some unknown functionality of the component RSS Title Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-34408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ScratchLogin Extension up to 1.1 on MediaWiki. It has been classified as problematic. This affects an unknown part of the component Verification Failure Message Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-42985. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Elsight Halo. This issue affects some unknown processing of the file /api/v1/nics/wifi/wlan0/ping of the component POST Request Handler. The manipulation of the argument DESTINATION leads to privilege escalation. The identification of this vulnerability is CVE-2022-36784. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-823G 1.02B03 and classified as critical. This issue affects some unknown processing of the file /HNAP1 of the component HNAP API. The manipulation leads to command injection. The identification of this vulnerability is CVE-2022-44808. The attack can only be done within the local network. There is no exploit available.