Security Vulnerabilities - CVEs Published In March 2022
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-03-22
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVSS Score
7.5
EPSS Score
0.007
Published
2022-03-22
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-03-22
GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-22
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-03-22
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-22
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-03-22
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-03-21
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVSS Score
9.8
EPSS Score
0.03
Published
2022-03-21
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVSS Score
9.8
EPSS Score
0.03
Published
2022-03-21