Security Vulnerabilities - CVEs Published In May 2023
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-05-10
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-05-10
An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
CVSS Score
8.6
EPSS Score
0.0
Published
2023-05-10
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-05-10
Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-10
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-10
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-10
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-10
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-05-10
The n8n package 0.218.0 for Node.js allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.037
Published
2023-05-10