Security Vulnerabilities - CVEs Published In February 2023
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-02-27
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-27
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
CVSS Score
7.2
EPSS Score
0.336
Published
2023-02-27
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-26
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-02-26
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-02-26
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-02-26
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
CVSS Score
9.8
EPSS Score
0.609
Published
2023-02-26
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-02-26
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-02-26