Security Vulnerabilities - CVEs Published In May 2022
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-13
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)
CVSS Score
4.0
EPSS Score
0.002
Published
2022-05-13
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Score
8.1
EPSS Score
0.012
Published
2022-05-13
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-05-13
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-05-13
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-13
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-05-13
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-05-13
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-13
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-05-13