Security Vulnerabilities - CVEs Published In March 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-03-25
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-25
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-25
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-25
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-25
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-25
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-25
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
CVSS Score
8.8
EPSS Score
0.543
Published
2022-03-25
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-03-25
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-25