Security Vulnerabilities - CVEs Published In June 2022
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-06-30
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-30
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-30
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-30
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-30
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-06-30
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-30
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
CVSS Score
7.7
EPSS Score
0.0
Published
2022-06-30
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
CVSS Score
5.0
EPSS Score
0.0
Published
2022-06-30
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
CVSS Score
7.6
EPSS Score
0.006
Published
2022-06-30
Page 1