Security Vulnerabilities - CVEs Published In March 2023
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-03-23
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module.
CVSS Score
8.6
EPSS Score
0.052
Published
2023-03-23
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-03-23
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.057
Published
2023-03-23
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
CVSS Score
9.8
EPSS Score
0.035
Published
2023-03-22
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
CVSS Score
6.7
EPSS Score
0.003
Published
2023-03-22
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-03-22
LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
CVSS Score
9.8
EPSS Score
0.023
Published
2023-03-22
The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-03-22
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.
CVSS Score
5.4
EPSS Score
0.218
Published
2023-03-22