Security Vulnerabilities - CVEs Published In February 2023
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.
CVSS Score
9.6
EPSS Score
0.005
Published
2023-02-25
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.
CVSS Score
6.8
EPSS Score
0.003
Published
2023-02-25
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-25
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.
CVSS Score
5.7
EPSS Score
0.003
Published
2023-02-25
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-25
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from `BsonDocument` to POCO classes. When instances of an object are not the same of class, `BsonMapper` use a special field `_type` string info with full class name with assembly to be loaded and fit into your model. If your end-user can send to your app a plain JSON string, deserialization can load an unsafe object to fit into your model. This issue is patched in version 5.0.13 with some basic fixes to avoid this, but is not 100% guaranteed when using `Object` type. The next major version will contain an allow-list to select what kind of Assembly can be loaded. Workarounds are detailed in the vendor advisory.
CVSS Score
7.3
EPSS Score
0.004
Published
2023-02-24
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-24
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-24
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-24
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-02-24