Security Vulnerabilities - CVEs Published In March 2022
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-03-24
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
CVSS Score
8.2
EPSS Score
0.003
Published
2022-03-24
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-03-24
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
CVSS Score
9.8
EPSS Score
0.041
Published
2022-03-24
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
CVSS Score
9.8
EPSS Score
0.161
Published
2022-03-24