Security Vulnerabilities - CVEs Published In April 2023
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption for a scheduled job.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-20
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-04-20
A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-04-20
A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-20
Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-04-20
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-19
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-19
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-19