Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-06-20
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-06-20
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0.
CVSS Score
7.1
EPSS Score
0.008
Published
2022-06-20
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.028
Published
2022-06-20
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.028
Published
2022-06-20
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVSS Score
6.6
EPSS Score
0.021
Published
2022-06-20
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0
CVSS Score
7.8
EPSS Score
0.007
Published
2022-06-20
There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0
CVSS Score
7.8
EPSS Score
0.007
Published
2022-06-20
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
CVSS Score
9.6
EPSS Score
0.612
Published
2022-06-20
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.005
Published
2022-06-20


Contact Us

Shodan ® - All rights reserved