Security Vulnerabilities - CVEs Published In May 2022
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-03
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
CVSS Score
8.8
EPSS Score
0.395
Published
2022-05-03
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-03
OMPL v1.5.2 contains a memory leak in VFRRT.cpp
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-03
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-03
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.
CVSS Score
6.8
EPSS Score
0.006
Published
2022-05-03
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-05-03
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.
CVSS Score
8.6
EPSS Score
0.006
Published
2022-05-03
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-05-03
A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device.
CVSS Score
4.0
EPSS Score
0.003
Published
2022-05-03