Security Vulnerabilities - CVEs Published In February 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-09
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-09
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-02-09
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-09
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0
CVSS Score
6.8
EPSS Score
0.001
Published
2023-02-09
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
CVSS Score
8.8
EPSS Score
0.015
Published
2023-02-09
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-02-09
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-02-09
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-02-09
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-09