Security Vulnerabilities - CVEs Published In March 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
CVSS Score
7.5
EPSS Score
0.628
Published
2022-03-17
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-03-17
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.204
Published
2022-03-17
CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Known exploited
CVSS Score
9.8
EPSS Score
0.847
Published
2022-03-17
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-17
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.
CVSS Score
9.8
EPSS Score
0.045
Published
2022-03-17
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-03-17
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-17
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-17