Security Vulnerabilities - CVEs Published In March 2022
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-11
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-11
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-11
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-11
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
CVSS Score
4.3
EPSS Score
0.804
Published
2022-03-11
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-11
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-11
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-11
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-11
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-11