Security Vulnerabilities - CVEs Published In May 2022
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.
CVSS Score
8.6
EPSS Score
0.008
Published
2022-05-05
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
7.0
EPSS Score
0.007
Published
2022-05-05
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.
CVSS Score
8.6
EPSS Score
0.001
Published
2022-05-05
RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-05-05
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
CVSS Score
5.3
EPSS Score
0.003
Published
2022-05-05
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.
CVSS Score
6.6
EPSS Score
0.002
Published
2022-05-05
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.
CVSS Score
2.0
EPSS Score
0.001
Published
2022-05-05