Security Vulnerabilities - CVEs Published In March 2022
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-25
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.056
Published
2022-03-25
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.022
Published
2022-03-25
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
CVSS Score
4.5
EPSS Score
0.001
Published
2022-03-24
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-24
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-03-24
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
CVSS Score
9.8
EPSS Score
0.104
Published
2022-03-24
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-24
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-24
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-24