CVE-2022-4298
published 2023-01-02CVE-2022-4298: The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.83%
76.2th percentile
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cedcommerce | wholesale_market | < 2.2.1 | 2.2.1 |
| juniper | junos_os | — | — |
| juniper | mx_series | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r9x2-m498-v92q: The Wholesale Market WordPress plugin before 2
ghsa_unreviewed·2023-01-03
CVE-2022-4298 [CRITICAL] CWE-22 GHSA-r9x2-m498-v92q: The Wholesale Market WordPress plugin before 2
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Juniper
CVE-2022-22249: An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series a
vendor_juniper·2022-10-18·CVSS 6.5
CVE-2022-22249 [MEDIUM] CWE-664 CVE-2022-22249: An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series a
CVE-2022-22249: An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can be between two local interfaces or between core/EVPN and local interface. The below error logs can be seen in PFE syslog when this issue happens: xss_event_handler(1071): EA[0:0]_PPE 46.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 46 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 1.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 1 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 2.xss
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-02
Published