Security Vulnerabilities - CVEs Published In March 2022
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-03-10
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-03-10
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-10
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-10
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
CVSS Score
9.8
EPSS Score
0.906
Published
2022-03-10
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-10
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.
CVSS Score
6.4
EPSS Score
0.002
Published
2022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-10