Security Vulnerabilities - CVEs Published In January 2023
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
CVSS Score
9.3
EPSS Score
0.001
Published
2023-01-09
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-01-09
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-01-09
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
CVSS Score
7.4
EPSS Score
0.019
Published
2023-01-09
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-01-09
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-01-09
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-01-09
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-01-09
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability.
CVSS Score
2.6
EPSS Score
0.004
Published
2023-01-08
A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.004
Published
2023-01-08