Security Vulnerabilities - CVEs Published In September 2022
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-09-02
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
CVSS Score
4.7
EPSS Score
0.003
Published
2022-09-02
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-02
Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-02
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-09-02
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-02
Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-09-02
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-09-02
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-02
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-02