Security Vulnerabilities - CVEs Published In February 2023
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-15
Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-02-15
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
CVSS Score
7.5
EPSS Score
0.128
Published
2023-02-15
LexisNexis Firco Compliance Link 3.7 allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-15
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-02-14
CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.032
Published
2023-02-14
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-02-14
Visual Studio Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-14
Visual Studio Denial of Service Vulnerability
CVSS Score
5.6
EPSS Score
0.003
Published
2023-02-14
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
CVSS Score
8.0
EPSS Score
0.002
Published
2023-02-14