Security Vulnerabilities - CVEs Published In April 2022
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
CVSS Score
9.8
EPSS Score
0.766
Published
2022-04-07
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-07
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-07
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-04-07
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-07
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-07
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-04-07
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
CVSS Score
7.5
EPSS Score
0.631
Published
2022-04-07
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
CVSS Score
9.1
EPSS Score
0.883
Published
2022-04-07
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
CVSS Score
8.1
EPSS Score
0.063
Published
2022-04-07