Security Vulnerabilities - CVEs Published In February 2023
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The identifier of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-09
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-02-09
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-09
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-02-09
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
CVSS Score
7.2
EPSS Score
0.005
Published
2023-02-09
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-02-09
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-02-09
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-09
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-09
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-02-09