Security Vulnerabilities - CVEs Published In February 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-02-11
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-02-11
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-11
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-11
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-11
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-02-10
Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.
CVSS Score
3.9
EPSS Score
0.0
Published
2023-02-10
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
CVSS Score
1.9
EPSS Score
0.0
Published
2023-02-10
Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-10
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
CVSS Score
6.1
EPSS Score
0.08
Published
2023-02-10