Security Vulnerabilities - CVEs Published In August 2022
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-08-19
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-08-19
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-19
A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-08-19
A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-19
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
CVSS Score
8.8
EPSS Score
0.09
Published
2022-08-19
MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.
CVSS Score
8.1
EPSS Score
0.0
Published
2022-08-19
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-19
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-19
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.
CVSS Score
3.9
EPSS Score
0.0
Published
2022-08-19