Security Vulnerabilities - CVEs Published In April 2022
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-18
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-18
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
CVSS Score
8.1
EPSS Score
0.002
Published
2022-04-18
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
CVSS Score
10.0
EPSS Score
0.771
Published
2022-04-18
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-04-18
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-04-18
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-04-18
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-04-18