Security Vulnerabilities - CVEs Published In January 2023
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-26
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
CVSS Score
5.7
EPSS Score
0.058
Published
2023-01-26
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
CVSS Score
7.8
EPSS Score
0.425
Published
2023-01-26
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-01-26
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-01-26
SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-01-26
A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-26
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS Score
9.3
EPSS Score
0.883
Published
2023-01-26
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-26
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-26