Security Vulnerabilities - CVEs Published In January 2023
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
CVSS Score
5.9
EPSS Score
0.004
Published
2023-01-31
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
CVSS Score
7.6
EPSS Score
0.006
Published
2023-01-31
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.
CVSS Score
6.1
EPSS Score
0.01
Published
2023-01-31
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-31
AMI Megarac Weak password hashes for
Redfish & API
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-31
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-31
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-31
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause access to manipulate and read specific files in the IGSS project report directory,
potentially leading to a denial-of-service condition when an attacker sends specific messages.
Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVSS Score
8.6
EPSS Score
0.001
Published
2023-01-30
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVSS Score
9.8
EPSS Score
0.044
Published
2023-01-30
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxureâ„¢ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
CVSS Score
8.0
EPSS Score
0.0
Published
2023-01-30