Security Vulnerabilities - CVEs Published In March 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-17
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-17
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions
CVSS Score
9.8
EPSS Score
0.016
Published
2022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-03-17
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-16