Security Vulnerabilities - CVEs Published In July 2022
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-22
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-22
The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-07-22
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-22
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-07-22
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-07-22
The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-07-22
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-07-22
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-22
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-07-22