Security Vulnerabilities - CVEs Published In January 2023
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-26
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-26
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-26
In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-01-26
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-01-26
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-26
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-26
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-01-26
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-26
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-01-26