Security Vulnerabilities - CVEs Published In June 2022
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-06-11
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-06-11
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-11
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.
CVSS Score
5.9
EPSS Score
0.0
Published
2022-06-11
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-10
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-10
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-10
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.
CVSS Score
7.2
EPSS Score
0.025
Published
2022-06-10
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-10
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVSS Score
8.1
EPSS Score
0.886
Published
2022-06-10