:: Deepquest ::

Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.

https://kalasin.police.go.th notified by Mr.Clay

https://wiangkuk.nongkhai.police.go.th notified by 1877

OpenBSD version 7.2 suffers from an overflow vulnerability. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause an overflow in the next ip_srcroute() call.

ZwiiCMS version 12.2.04 suffers from an authenticated remote code execution vulnerability.

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022.

Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities.

Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities.

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.