Security Vulnerabilities - CVEs Published In May 2022
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-05-17
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-05-17
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-05-17
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVSS Score
7.5
EPSS Score
0.354
Published
2022-05-17
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-17
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-05-17
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-05-17
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-05-17
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-05-17
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
CVSS Score
7.5
EPSS Score
0.013
Published
2022-05-17