Security Vulnerabilities - CVEs Published In February 2023
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-24
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-23
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-23
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-02-23
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
CVSS Score
8.8
EPSS Score
0.017
Published
2023-02-23
pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.
CVSS Score
9.8
EPSS Score
0.267
Published
2023-02-23
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.)
CVSS Score
6.1
EPSS Score
0.002
Published
2023-02-23
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).
CVSS Score
6.1
EPSS Score
0.004
Published
2023-02-23
The affected products are vulnerable to an integer
overflow or wraparound, which could allow an attacker to crash the server and remotely
execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-23
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-23