Security Vulnerabilities - CVEs Published In March 2023
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.102
Published
2023-03-14
Microsoft OneDrive for Android Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.017
Published
2023-03-14
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2023-03-14
PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-03-14
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-03-14
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
5.4
EPSS Score
0.01
Published
2023-03-14
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVSS Score
8.2
EPSS Score
0.08
Published
2023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.108
Published
2023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.132
Published
2023-03-14
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS Score
8.1
EPSS Score
0.051
Published
2023-03-14