Security Vulnerabilities - CVEs Published In April 2023
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands.
CVSS Score
7.2
EPSS Score
0.006
Published
2023-04-14
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
CVSS Score
9.8
EPSS Score
0.022
Published
2023-04-14
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-13
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-13
Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-13
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
CVSS Score
7.7
EPSS Score
0.042
Published
2023-04-13
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-13
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-13
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-04-13
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-13