Security Vulnerabilities - CVEs Published In September 2022
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-30
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
CVSS Score
6.1
EPSS Score
0.013
Published
2022-09-30
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-30
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-09-30
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-09-30
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-30
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-09-30
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-30
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-30
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-09-30