Security Vulnerabilities - CVEs Published In February 2023
Lack of verification in B&R APROL
Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-08
Insufficient check of preconditions could lead
to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-08
Insufficient validation of input parameters when
changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer
overflow. This may lead to Denial-of-Service conditions or execution of
arbitrary code.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-08
B&R APROL versions < R 4.2-07 doesn’t process correctly specially
formatted data packages sent to port 55502/tcp, which may allow a network based
attacker to cause an application Denial-of-Service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-08
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-08
Missing authentication when creating and
managing the B&R APROL database in versions < R 4.2-07
allows reading and changing the system configuration.
CVSS Score
9.4
EPSS Score
0.001
Published
2023-02-08
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-02-08
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-02-08
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-02-08
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-02-08