Security Vulnerabilities - CVEs Published In April 2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
CVSS Score
4.0
EPSS Score
0.002
Published
2022-04-29
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.
CVSS Score
9.3
EPSS Score
0.001
Published
2022-04-29
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-29
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-29
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.
CVSS Score
8.8
EPSS Score
0.037
Published
2022-04-29
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-29
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-29
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-04-29
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-29
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-29