Security Vulnerabilities - CVEs Published In March 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-03-02
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-02
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
CVSS Score
7.2
EPSS Score
0.017
Published
2022-03-02
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
CVSS Score
5.3
EPSS Score
0.792
Published
2022-03-02
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
CVSS Score
9.8
EPSS Score
0.131
Published
2022-03-02
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
CVSS Score
9.8
EPSS Score
0.056
Published
2022-03-02
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-03-02
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-02
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
8.3
EPSS Score
0.927
Published
2022-03-02
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-03-02