Security Vulnerabilities - CVEs Published In April 2022
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
CVSS Score
7.7
EPSS Score
0.0
Published
2022-04-30
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-04-30
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-04-30
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-04-30
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-30
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-30
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-29
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-04-29
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-29
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-04-29
Page 1