Security Vulnerabilities - CVEs Published In February 2023
Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.
CVSS Score
9.1
EPSS Score
0.0
Published
2023-02-15
Libpeconv – access violation, before commit b076013 (30/11/2022).
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-15
Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-15
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-02-15
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-02-15
Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-15
Media CP Media Control Panel latest version. Insufficiently protected credential change.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-15
Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-02-15
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.249
Published
2023-02-15
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-02-15