Security Vulnerabilities - CVEs Published In June 2022
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-21
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-21
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-21
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-21
Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-21
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-21
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.
CVSS Score
8.2
EPSS Score
0.0
Published
2022-06-21
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-21
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-06-21
AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-06-21