Security Vulnerabilities - CVEs Published In June 2022
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-02
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-06-02
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
CVSS Score
8.1
EPSS Score
0.009
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-02
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-06-02