Security Vulnerabilities - CVEs Published In April 2023
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-04-10
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.
CVSS Score
6.3
EPSS Score
0.016
Published
2023-04-10
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-10
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-10
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-04-10
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]
https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
CVSS Score
9.1
EPSS Score
0.001
Published
2023-04-10
In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
CVSS Score
9.8
EPSS Score
0.048
Published
2023-04-10
In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserialization vulnerability, eventually leading to
remote code execution.
Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
CVSS Score
9.8
EPSS Score
0.048
Published
2023-04-10
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.
We recommend users upgrade the version of Linkis to version 1.3.2.
For versions
<=1.3.1, we suggest turning on the file path check switch in linkis.properties
`wds.linkis.workspace.filesystem.owner.check=true`
`wds.linkis.workspace.filesystem.path.check=true`
CVSS Score
9.8
EPSS Score
0.005
Published
2023-04-10
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-04-10