Security Vulnerabilities - CVEs Published In September 2022
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-22
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-22
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-22
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-09-22
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-22
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2
CVSS Score
6.1
EPSS Score
0.002
Published
2022-09-22
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
7.5
EPSS Score
0.001
Published
2022-09-22
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-22
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-22