Security Vulnerabilities - CVEs Published In September 2022
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVSS Score
9.4
EPSS Score
0.001
Published
2022-09-21
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-21
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
CVSS Score
6.1
EPSS Score
0.018
Published
2022-09-21
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVSS Score
5.5
EPSS Score
0.004
Published
2022-09-21
md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input
CVSS Score
9.8
EPSS Score
0.079
Published
2022-09-21
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-21
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-21
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-21
SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-21
SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-21