Security Vulnerabilities - CVEs Published In January 2023
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-01-12
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-12
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions
CVSS Score
6.2
EPSS Score
0.0
Published
2023-01-12
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-01-12
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-12
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-01-12
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-12
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-01-12
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-12
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-01-12