Security Vulnerabilities - CVEs Published In March 2023
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-16
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-03-16
Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.
CVSS Score
9.6
EPSS Score
0.013
Published
2023-03-16
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.
CVSS Score
9.1
EPSS Score
0.005
Published
2023-03-16
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-16
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.
CVSS Score
5.3
EPSS Score
0.01
Published
2023-03-16
A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.003
Published
2023-03-16
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.
CVSS Score
4.7
EPSS Score
0.006
Published
2023-03-16
Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-03-16
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-16