Security Vulnerabilities - CVEs Published In June 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-02
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-02
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
CVSS Score
8.6
EPSS Score
0.002
Published
2022-06-02
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-02
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
CVSS Score
5.7
EPSS Score
0.0
Published
2022-06-02
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-02
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-02
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-02
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-02