Security Vulnerabilities - CVEs Published In March 2023
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-03-01
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-01
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-01
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-03-01
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-03-01
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-01
In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-01
In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-01
A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-03-01
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.
CVSS Score
9.3
EPSS Score
0.031
Published
2023-03-01