Security Vulnerabilities - CVEs Published In August 2022
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.
CVSS Score
9.8
EPSS Score
0.018
Published
2022-08-23
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-08-23
The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-08-23
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-23
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-08-22
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.
CVSS Score
4.5
EPSS Score
0.001
Published
2022-08-22
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-08-22
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-22
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-22
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-08-22