Security Vulnerabilities - CVEs Published In May 2023
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-31
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
CVSS Score
6.0
EPSS Score
0.002
Published
2023-05-31
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-05-31
Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-31
SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-31
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-05-31
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.
CVSS Score
7.4
EPSS Score
0.0
Published
2023-05-31
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-31
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-31
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-31