Security Vulnerabilities - CVEs Published In January 2023
Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-27
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-27
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-27
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-27
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-01-27
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.
CVSS Score
4.2
EPSS Score
0.004
Published
2023-01-27
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-01-27
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-01-27
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-01-27
Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-01-27