Security Vulnerabilities - CVEs Published In May 2022
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-04
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVSS Score
9.8
EPSS Score
0.053
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
CVSS Score
8.8
EPSS Score
0.263
Published
2022-05-04
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..
CVSS Score
8.8
EPSS Score
0.025
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose.
CVSS Score
8.8
EPSS Score
0.025
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.
CVSS Score
8.8
EPSS Score
0.025
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose.
CVSS Score
8.8
EPSS Score
0.025
Published
2022-05-04
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.
CVSS Score
9.8
EPSS Score
0.028
Published
2022-05-04
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-05-03