Security Vulnerabilities - CVEs Published In May 2023
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-11
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-05-11
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-05-11
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-05-11
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-05-11
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-05-11
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-11
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-11
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-11