Security Vulnerabilities - CVEs Published In May 2022
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVSS Score
6.8
EPSS Score
0.002
Published
2022-05-25
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-05-25
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-05-25
Docker Desktop 4.3.0 has Incorrect Access Control.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-05-25
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-05-25
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-05-25
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-25
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-05-25
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
CVSS Score
4.7
EPSS Score
0.003
Published
2022-05-25
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-05-25