Security Vulnerabilities - CVEs Published In August 2022
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
CVSS Score
4.6
EPSS Score
0.003
Published
2022-08-25
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-25
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-25
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
6.4
EPSS Score
0.0
Published
2022-08-25
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-08-25