Security Vulnerabilities - CVEs Published In June 2022
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVSS Score
7.8
EPSS Score
0.017
Published
2022-06-13
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVSS Score
7.8
EPSS Score
0.038
Published
2022-06-13
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
CVSS Score
7.8
EPSS Score
0.098
Published
2022-06-13
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.
CVSS Score
2.8
EPSS Score
0.001
Published
2022-06-13
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVSS Score
9.1
EPSS Score
0.013
Published
2022-06-13
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVSS Score
9.0
EPSS Score
0.011
Published
2022-06-13
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-06-13
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-06-13
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
CVSS Score
8.4
EPSS Score
0.005
Published
2022-06-13
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-06-13