Security Vulnerabilities - CVEs Published In July 2022
TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.
CVSS Score
9.8
EPSS Score
0.101
Published
2022-07-28
PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-28
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-07-28
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-07-28
SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.
CVSS Score
5.5
EPSS Score
0.008
Published
2022-07-28
Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-07-28
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-07-28
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
CVSS Score
8.0
EPSS Score
0.186
Published
2022-07-28
SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28