Security Vulnerabilities - CVEs Published In February 2023
In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-02-01
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-02-01
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-02-01
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.
CVSS Score
3.9
EPSS Score
0.0
Published
2023-02-01
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
CVSS Score
6.1
EPSS Score
0.162
Published
2023-02-01
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
CVSS Score
6.1
EPSS Score
0.162
Published
2023-02-01
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
CVSS Score
6.1
EPSS Score
0.162
Published
2023-02-01
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
CVSS Score
6.1
EPSS Score
0.855
Published
2023-02-01
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
CVSS Score
6.1
EPSS Score
0.06
Published
2023-02-01
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
CVSS Score
9.8
EPSS Score
0.605
Published
2023-02-01