WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
>> ARCHIVE: 2022-11
Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.
BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.
Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.
Apple Security Advisory 2022-11-09-1 – iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2022-11-09-2 – macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.
Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability.
libxml2 suffers from a double-free vulnerability when parsing default attributes.
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
Node-saml and its partner project passport-saml are vulnerable to an authentication bypass due to lax parsing of SAML responses.