Security Vulnerabilities - CVEs Published In June 2022
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-14
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-06-14
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-06-14
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-14
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-14
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-06-14
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-14
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-14