Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-08-23
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-08-23
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-08-23
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-08-23
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
CVSS Score
6.1
EPSS Score
0.014
Published
2022-08-23
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-08-23
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS Score
9.1
EPSS Score
0.01
Published
2022-08-23
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-08-23
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
CVSS Score
7.2
EPSS Score
0.02
Published
2022-08-23
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
CVSS Score
9.8
EPSS Score
0.674
Published
2022-08-23


Contact Us

Shodan ® - All rights reserved