Security Vulnerabilities - CVEs Published In March 2022
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-03-29
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.051
Published
2022-03-29
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-29
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-29
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-03-29
NUUO v03.11.00 was discovered to contain access control issue.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-29
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.
CVSS Score
4.6
EPSS Score
0.001
Published
2022-03-29
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-29
A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-28
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-28