Security Vulnerabilities - CVEs Published In May 2022
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-05-26
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
CVSS Score
5.8
EPSS Score
0.001
Published
2022-05-26
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-26
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
CVSS Score
7.7
EPSS Score
0.004
Published
2022-05-26
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-05-26
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-26
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-05-26
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVSS Score
9.6
EPSS Score
0.602
Published
2022-05-26