Security Vulnerabilities - CVEs Published In March 2022
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-31
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-31
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-31
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-03-31
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-31
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.
CVSS Score
9.8
EPSS Score
0.026
Published
2022-03-31
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-31
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-03-31
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-31
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
CVSS Score
9.8
EPSS Score
0.127
Published
2022-03-31