Security Vulnerabilities - CVEs Published In August 2022
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-23
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-23
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
CVSS Score
6.1
EPSS Score
0.02
Published
2022-08-23
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
CVSS Score
6.1
EPSS Score
0.49
Published
2022-08-23
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
CVSS Score
7.3
EPSS Score
0.011
Published
2022-08-23
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-08-23
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-08-23
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
CVSS Score
6.5
EPSS Score
0.018
Published
2022-08-23
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
CVSS Score
5.4
EPSS Score
0.07
Published
2022-08-23
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-08-23