Security Vulnerabilities - CVEs Published In March 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-03-01
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVSS Score
4.6
EPSS Score
0.002
Published
2022-03-01
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
CVSS Score
5.3
EPSS Score
0.2
Published
2022-03-01
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
CVSS Score
7.3
EPSS Score
0.005
Published
2022-03-01
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
CVSS Score
9.8
EPSS Score
0.628
Published
2022-03-01
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-01
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-01
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.
CVSS Score
9.8
EPSS Score
0.04
Published
2022-03-01
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
CVSS Score
9.1
EPSS Score
0.007
Published
2022-03-01
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.
CVSS Score
8.8
EPSS Score
0.029
Published
2022-03-01