Security Vulnerabilities - CVEs Published In January 2023
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-01-04
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-01-04
The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."
CVSS Score
8.1
EPSS Score
0.005
Published
2023-01-04
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-01-04
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
CVSS Score
7.4
EPSS Score
0.003
Published
2023-01-04
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-01-04
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-01-04
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-04
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-01-04
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-04