Security Vulnerabilities - CVEs Published In July 2022
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVSS Score
8.5
EPSS Score
0.005
Published
2022-07-22
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
CVSS Score
4.1
EPSS Score
0.002
Published
2022-07-22
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-22
Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-22
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-07-22
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-07-22
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-07-22
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-07-22
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-07-22
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-22