Security Vulnerabilities - CVEs Published In May 2022
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-05-18
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-05-18
Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-18
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-05-18
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-05-18
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-05-18
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-05-18
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-18
Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.
CVSS Score
9.4
EPSS Score
0.003
Published
2022-05-18
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18