Security Vulnerabilities - CVEs Published In May 2022
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-05-13
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-13
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
CVSS Score
7.9
EPSS Score
0.001
Published
2022-05-13
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-05-13
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-13
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.
CVSS Score
9.1
EPSS Score
0.097
Published
2022-05-13
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.04
Published
2022-05-13
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
CVSS Score
6.8
EPSS Score
0.004
Published
2022-05-13
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-13