Security Vulnerabilities - CVEs Published In April 2022
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().
CVSS Score
10.0
EPSS Score
0.003
Published
2022-04-18
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().
CVSS Score
10.0
EPSS Score
0.003
Published
2022-04-18
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-18
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-18
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-04-18
An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-04-18
Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-18
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVSS Score
8.8
EPSS Score
0.042
Published
2022-04-18
CVE-2022-28810
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
Known exploited
CVSS Score
6.8
EPSS Score
0.916
Published
2022-04-18
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-18