Security Vulnerabilities - CVEs Published In January 2023
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-10
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-10
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-01-10
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-01-10
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-01-10
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
CVSS Score
7.5
EPSS Score
0.004
Published
2023-01-10
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-01-10
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-01-10
api/views/user.py in LibrePhotos before e19e539 has incorrect access control.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-01-10
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.
CVSS Score
9.9
EPSS Score
0.008
Published
2023-01-10