Security Vulnerabilities - CVEs Published In April 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-08
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-08
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-08
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-04-08
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-08
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-04-08
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-08
libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-08
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-08
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
CVSS Score
7.2
EPSS Score
0.247
Published
2022-04-08