Security Vulnerabilities - CVEs Published In September 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-09-15
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
CVSS Score
8.7
EPSS Score
0.0
Published
2022-09-15
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-09-15
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-09-15
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-15
There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.
CVSS Score
9.8
EPSS Score
0.057
Published
2022-09-15
Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-15
The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-15
Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-15
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-15