Security Vulnerabilities - CVEs Published In September 2022
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
CVSS Score
6.5
EPSS Score
0.009
Published
2022-09-01
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-09-01
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-01
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
CVSS Score
9.9
EPSS Score
0.002
Published
2022-09-01
Page 220