Security Vulnerabilities - CVEs Published In February 2023
lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-02-01
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-01
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-02-01
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-01
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-02-01
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-01
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-01
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.
CVSS Score
7.9
EPSS Score
0.001
Published
2023-02-01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
CVSS Score
8.1
EPSS Score
0.003
Published
2023-02-01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
CVSS Score
8.7
EPSS Score
0.002
Published
2023-02-01