Security Vulnerabilities - CVEs Published In April 2022
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.
CVSS Score
5.0
EPSS Score
0.001
Published
2022-04-27
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.
CVSS Score
5.0
EPSS Score
0.002
Published
2022-04-27
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
CVSS Score
4.6
EPSS Score
0.001
Published
2022-04-27
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.
CVSS Score
5.6
EPSS Score
0.002
Published
2022-04-27
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-04-27
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVSS Score
3.9
EPSS Score
0.001
Published
2022-04-27
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-04-27
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-27
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-27
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-27