Security Vulnerabilities - CVEs Published In March 2022
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-03-30
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-03-30
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.012
Published
2022-03-30
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
CVSS Score
6.1
EPSS Score
0.012
Published
2022-03-30
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-30
In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-30
In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-30
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-30
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-30