Security Vulnerabilities - CVEs Published In February 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-02-10
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-02-10
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.
CVSS Score
4.5
EPSS Score
0.004
Published
2023-02-10
Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-02-10
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-02-10
Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.
CVSS Score
9.1
EPSS Score
0.004
Published
2023-02-10
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS Score
8.6
EPSS Score
0.719
Published
2023-02-10
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-10
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-02-10
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-02-10