Security Vulnerabilities - CVEs Published In May 2022
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
CVSS Score
7.5
EPSS Score
0.308
Published
2022-05-09
CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Known exploited
CVSS Score
7.5
EPSS Score
0.928
Published
2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems.
CVSS Score
9.1
EPSS Score
0.009
Published
2022-05-09
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-05-08
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
CVSS Score
6.1
EPSS Score
0.005
Published
2022-05-08
ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.
CVSS Score
8.1
EPSS Score
0.005
Published
2022-05-08
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVSS Score
7.3
EPSS Score
0.001
Published
2022-05-07
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
CVSS Score
5.3
EPSS Score
0.004
Published
2022-05-07