Security Vulnerabilities - CVEs Published In March 2022
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-03-11
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-03-11
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-03-11
The public API error causes for the attacker to be able to bypass API access control.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-11
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
CVSS Score
7.8
EPSS Score
0.009
Published
2022-03-11
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-03-11
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-03-11
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-11
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.
CVSS Score
7.8
EPSS Score
0.012
Published
2022-03-11
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
7.2
EPSS Score
0.046
Published
2022-03-11