Security Vulnerabilities - CVEs Published In July 2022
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.
CVSS Score
3.0
EPSS Score
0.001
Published
2022-07-30
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.
CVSS Score
3.9
EPSS Score
0.001
Published
2022-07-30
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote).
CVSS Score
9.8
EPSS Score
0.001
Published
2022-07-30
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-07-30
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-07-30
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-30
Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-07-29
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-29
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
CVSS Score
8.8
EPSS Score
0.092
Published
2022-07-29
D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-07-29
Page 1