Security Vulnerabilities - CVEs Published In October 2022
Windows TCP/IP Driver Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.05
Published
2022-10-11
Windows CryptoAPI Spoofing Vulnerability
CVSS Score
7.5
EPSS Score
0.19
Published
2022-10-11
Windows NTLM Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.051
Published
2022-10-11
Service Fabric Explorer Spoofing Vulnerability
CVSS Score
6.2
EPSS Score
0.018
Published
2022-10-11
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
CVSS Score
7.5
EPSS Score
0.036
Published
2022-10-11
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-10-11
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVSS Score
5.9
EPSS Score
0.01
Published
2022-10-11
A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-11
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-11
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.
CVSS Score
8.6
EPSS Score
0.002
Published
2022-10-11