CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxureâ„¢ Control Expert (All Versions), EcoStruxureâ„¢ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions)

Source: CVE-2022-45789

CVE-2022-25979

Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.

Source: CVE-2022-25979

CVE-2022-25881

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Source: CVE-2022-25881

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports.setup’ function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

Source: CVE-2022-21129

CVE-2022-4898

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS

Source: CVE-2022-4898

CVE-2022-4041

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

Source: CVE-2022-4041

CVE-2022-4441

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.

Source: CVE-2022-4441

CVE-2022-44897

A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.

Source: CVE-2022-44897

CVE-2022-30421

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.

Source: CVE-2022-30421

CVE-2022-40258

AMI Megarac Weak password hashes for Redfish & API

Source: CVE-2022-40258