Security Vulnerabilities - CVEs Published In March 2022
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-03
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-03
Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-03-03
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-03-03
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
CVSS Score
3.8
EPSS Score
0.005
Published
2022-03-03
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-03
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-03-03
Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS Score
6.4
EPSS Score
0.0
Published
2022-03-03
CVE-2022-22706
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
Known exploited
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-03
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-03