Security Vulnerabilities - CVEs Published In May 2022
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-24
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.32
Published
2022-05-24
A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-05-24
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-05-24
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-24
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-05-24
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-05-24