Security Vulnerabilities - CVEs Published In February 2023
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-02-15
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-02-15
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.
CVSS Score
2.7
EPSS Score
0.0
Published
2023-02-15
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-15
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-15
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-02-15
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
CVSS Score
7.5
EPSS Score
0.008
Published
2023-02-15
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-15
SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, 4.0.2, and 4.4.x in api.go, allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-02-15
SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-02-15