Security Vulnerabilities - CVEs Published In February 2023
Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-03
Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-03
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.
CVSS Score
9.1
EPSS Score
0.003
Published
2023-02-03
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-03
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.
CVSS Score
9.1
EPSS Score
0.014
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-02-03