Security Vulnerabilities - CVEs Published In July 2022
EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-07-12
An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-07-12
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
CVSS Score
5.6
EPSS Score
0.002
Published
2022-07-12
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-07-12
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-07-12
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-07-12
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-12
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
CVSS Score
7.8
EPSS Score
0.011
Published
2022-07-12
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-07-12
An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-07-12