Security Vulnerabilities - CVEs Published In April 2022
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.942
Published
2022-04-05
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-05
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVSS Score
4.6
EPSS Score
0.0
Published
2022-04-05
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVSS Score
7.3
EPSS Score
0.0
Published
2022-04-05
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
CVSS Score
8.4
EPSS Score
0.0
Published
2022-04-05
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-05
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVSS Score
5.7
EPSS Score
0.0
Published
2022-04-05
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-05
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-05
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.
CVSS Score
9.8
EPSS Score
0.082
Published
2022-04-05