Security Vulnerabilities - CVEs Published In April 2023
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-11
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-11
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
CVSS Score
6.1
EPSS Score
0.004
Published
2023-04-11
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
6.1
EPSS Score
0.004
Published
2023-04-11
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
CVSS Score
9.1
EPSS Score
0.004
Published
2023-04-11
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2023-04-11
Windows DNS Server Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.002
Published
2023-04-11
Windows DNS Server Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.002
Published
2023-04-11
Windows DNS Server Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.002
Published
2023-04-11
Windows DNS Server Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.002
Published
2023-04-11