Security Vulnerabilities - CVEs Published In April 2023
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-04
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-04-04
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-04-04
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-04-04
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
CVSS Score
7.2
EPSS Score
0.008
Published
2023-04-04
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-04-04
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-04