Security Vulnerabilities - CVEs Published In January 2023
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-23
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
CVSS Score
4.0
EPSS Score
0.003
Published
2023-01-22
Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.
CVSS Score
7.3
EPSS Score
0.031
Published
2023-01-22
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-01-22
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
CVSS Score
5.5
EPSS Score
0.409
Published
2023-01-22
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-22
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
CVSS Score
6.1
EPSS Score
0.555
Published
2023-01-22
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-22
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-01-21
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-21