Security Vulnerabilities - CVEs Published In August 2022
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().
CVSS Score
7.5
EPSS Score
0.004
Published
2022-08-16
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-15
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-08-15
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-08-15
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-15
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-15
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-08-15
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-15
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-08-15
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
CVSS Score
6.1
EPSS Score
0.005
Published
2022-08-15