Security Vulnerabilities - CVEs Published In June 2022
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.286
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-23
Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-23
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-23