Security Vulnerabilities - CVEs Published In June 2022
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-06-02
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-02
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-06-02
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-02
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-02
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-02
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-06-02
Use After Free in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-02
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-02
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.011
Published
2022-06-02