Security Vulnerabilities - CVEs Published In May 2023
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-05-10
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-05-10
Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-05-10
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-05-10
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier
CVSS Score
8.6
EPSS Score
0.011
Published
2023-05-10
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-10
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-05-10
Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.
CVSS Score
6.5
EPSS Score
0.052
Published
2023-05-10
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-05-10