Security Vulnerabilities - CVEs Published In May 2022
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVSS Score
7.3
EPSS Score
0.004
Published
2022-05-02
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).
CVSS Score
6.1
EPSS Score
0.002
Published
2022-05-02
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-05-02
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVSS Score
7.8
EPSS Score
0.017
Published
2022-05-02
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVSS Score
6.1
EPSS Score
0.022
Published
2022-05-02
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
CVSS Score
7.5
EPSS Score
0.933
Published
2022-05-02
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-05-02
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-02
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.
CVSS Score
6.1
EPSS Score
0.027
Published
2022-05-02
All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype.
CVSS Score
7.7
EPSS Score
0.004
Published
2022-05-01