Security Vulnerabilities - CVEs Published In July 2022
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
CVSS Score
8.2
EPSS Score
0.001
Published
2022-07-02
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVSS Score
7.5
EPSS Score
0.035
Published
2022-07-02
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVSS Score
6.5
EPSS Score
0.024
Published
2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-07-01
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVSS Score
9.8
EPSS Score
0.354
Published
2022-07-01