Security Vulnerabilities - CVEs Published In March 2023
HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-27
HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-03-27
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-27
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-03-27
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-27
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-03-27
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-27
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-03-27
In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-27
A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-26