Security Vulnerabilities - CVEs Published In August 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-08-19
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
CVSS Score
7.6
EPSS Score
0.003
Published
2022-08-19
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.
CVSS Score
9.8
EPSS Score
0.125
Published
2022-08-19
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-19
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-19
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-08-19
Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-08-19
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.
CVSS Score
5.0
EPSS Score
0.002
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19