Security Vulnerabilities - CVEs Published In March 2022
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-30
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-30
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CVSS Score
7.8
EPSS Score
0.011
Published
2022-03-30
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-03-30
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-30
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-03-30
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
CVSS Score
8.5
EPSS Score
0.023
Published
2022-03-30
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-30
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-30
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-30