Security Vulnerabilities - CVEs Published In March 2022
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.096
Published
2022-03-15
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.138
Published
2022-03-15
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-03-15
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-03-15
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-15
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
CVSS Score
7.8
EPSS Score
0.376
Published
2022-03-15
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
CVSS Score
7.8
EPSS Score
0.688
Published
2022-03-15
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
CVSS Score
9.8
EPSS Score
0.893
Published
2022-03-15
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
CVSS Score
9.8
EPSS Score
0.724
Published
2022-03-15
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.
CVSS Score
5.4
EPSS Score
0.085
Published
2022-03-15