Security Vulnerabilities - CVEs Published In June 2022
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-09
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
CVSS Score
6.1
EPSS Score
0.041
Published
2022-06-09
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version.
CVSS Score
9.1
EPSS Score
0.009
Published
2022-06-09
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-09
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-09
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-06-09
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.926
Published
2022-06-09
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.659
Published
2022-06-09
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-06-09
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-06-08