Security Vulnerabilities - CVEs Published In March 2023
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-03-24
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-24
SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-24
Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-24
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-24
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-03-24
In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028518References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2023-03-24
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2023-03-24
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290396References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2023-03-24
In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857862References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2023-03-24