Security Vulnerabilities - CVEs Published In February 2023
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
CVSS Score
8.8
EPSS Score
0.686
Published
2023-02-17
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-02-17
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-02-17
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-02-17
Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-02-17
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-02-17
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-17
Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-17
TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-16
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-02-16