Security Vulnerabilities - CVEs Published In September 2022
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-09-04
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-03
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-02
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-02
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.
CVSS Score
9.8
EPSS Score
0.707
Published
2022-09-02
PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-02
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).
CVSS Score
8.3
EPSS Score
0.006
Published
2022-09-02
An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-02
A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-02
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.
CVSS Score
9.8
EPSS Score
0.068
Published
2022-09-02