Security Vulnerabilities - CVEs Published In April 2022
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-22
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-22
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-04-22
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-22
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-22
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-22
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
CVSS Score
7.2
EPSS Score
0.006
Published
2022-04-22
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
CVSS Score
7.3
EPSS Score
0.017
Published
2022-04-22
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-22
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS Score
9.8
EPSS Score
0.045
Published
2022-04-22