Security Vulnerabilities - CVEs Published In August 2022
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-28
Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-28
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
CVSS Score
7.5
EPSS Score
0.687
Published
2022-08-27
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-27
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-27
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-27
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-08-27
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-08-27
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-08-27
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-08-27