Security Vulnerabilities - CVEs Published In June 2022
Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.016
Published
2022-06-14
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-06-14
Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-06-14
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-06-14
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVSS Score
7.3
EPSS Score
0.004
Published
2022-06-14
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
CVSS Score
9.8
EPSS Score
0.08
Published
2022-06-14
Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-14
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVSS Score
9.8
EPSS Score
0.177
Published
2022-06-14
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-14
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-13