Security Vulnerabilities - CVEs Published In April 2023
Information disclosure in modem due to improper check of IP type while processing DNS server query
CVSS Score
8.2
EPSS Score
0.001
Published
2023-04-13
Information disclosure in modem due to buffer over-read while processing packets from DNS server
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-13
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
CVSS Score
8.2
EPSS Score
0.001
Published
2023-04-13
Memory correction in modem due to buffer overwrite during coap connection
CVSS Score
9.8
EPSS Score
0.002
Published
2023-04-13
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-13
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-04-13
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
CVSS Score
6.5
EPSS Score
0.897
Published
2023-04-12
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
CVSS Score
7.5
EPSS Score
0.884
Published
2023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-12