Security Vulnerabilities - CVEs Published In April 2022
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
CVSS Score
9.6
EPSS Score
0.004
Published
2022-04-13
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-04-13
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
CVSS Score
9.8
EPSS Score
0.043
Published
2022-04-13
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-04-13
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-13
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-13
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-13
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
CVSS Score
6.1
EPSS Score
0.006
Published
2022-04-13
Reflected cross site scripting (XSS)
CVSS Score
6.1
EPSS Score
0.007
Published
2022-04-13
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
CVSS Score
2.7
EPSS Score
0.002
Published
2022-04-13