Security Vulnerabilities - CVEs Published In August 2022
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-08-03
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
CVSS Score
5.3
EPSS Score
0.012
Published
2022-08-03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.
CVSS Score
7.3
EPSS Score
0.181
Published
2022-08-03
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-08-03
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-03
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
CVSS Score
4.1
EPSS Score
0.0
Published
2022-08-03
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-08-03
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.
CVSS Score
9.8
EPSS Score
0.223
Published
2022-08-03
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.
CVSS Score
9.8
EPSS Score
0.063
Published
2022-08-03
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.
CVSS Score
9.8
EPSS Score
0.252
Published
2022-08-03