Security Vulnerabilities - CVEs Published In March 2023
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-03-29
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-29
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-03-29
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-03-29
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-03-29
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-03-29
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-03-29
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-29
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-29
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-29