Security Vulnerabilities - CVEs Published In May 2022
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-05-18
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVSS Score
9.8
EPSS Score
0.069
Published
2022-05-18
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
CVSS Score
3.3
EPSS Score
0.005
Published
2022-05-18
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
CVSS Score
3.3
EPSS Score
0.005
Published
2022-05-18
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-05-18
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-05-18
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-05-18
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
CVSS Score
8.0
EPSS Score
0.006
Published
2022-05-18
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-05-18
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-18