Security Vulnerabilities - CVEs Published In January 2022
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-11
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-01-11
radare2 is vulnerable to Out-of-bounds Read
CVSS Score
9.6
EPSS Score
0.004
Published
2022-01-11
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-11
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-01-11
cscms v4.1 allows for SQL injection via the "js_del" function.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-11
cscms v4.1 allows for SQL injection via the "page_del" function.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-01-11
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
CVSS Score
2.5
EPSS Score
0.004
Published
2022-01-11
peertube is vulnerable to Improper Access Control
CVSS Score
5.3
EPSS Score
0.002
Published
2022-01-11
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-01-11