Security Vulnerabilities - CVEs Published In February 2023
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.297
Published
2023-02-14
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.227
Published
2023-02-14
Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability
CVSS Score
7.5
EPSS Score
0.01
Published
2023-02-14
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.326
Published
2023-02-14
Microsoft SQL Server Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-14
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.146
Published
2023-02-14
Azure DevOps Server Cross-Site Scripting Vulnerability
CVSS Score
7.1
EPSS Score
0.015
Published
2023-02-14
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
CVSS Score
7.3
EPSS Score
0.001
Published
2023-02-14
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
5.4
EPSS Score
0.002
Published
2023-02-14
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
CVSS Score
9.1
EPSS Score
0.172
Published
2023-02-14