Security Vulnerabilities - CVEs Published In June 2022
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-06
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-06-06
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
CVSS Score
7.2
EPSS Score
0.011
Published
2022-06-06
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-06
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-06
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
CVSS Score
7.5
EPSS Score
0.674
Published
2022-06-06
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-06-06
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-06
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-06-06
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-06-06