Security Vulnerabilities - CVEs Published In January 2023
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVSS Score
7.4
EPSS Score
0.008
Published
2023-01-26
All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-26
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
CVSS Score
3.7
EPSS Score
0.0
Published
2023-01-26
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.
CVSS Score
7.4
EPSS Score
0.002
Published
2023-01-26
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204
CVSS Score
5.5
EPSS Score
0.008
Published
2023-01-26
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
CVSS Score
7.5
EPSS Score
0.011
Published
2023-01-26
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
CVSS Score
7.4
EPSS Score
0.002
Published
2023-01-26
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26