Security Vulnerabilities - CVEs Published In May 2023
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-09
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-05-09
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
CVSS Score
5.9
EPSS Score
0.005
Published
2023-05-09
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
CVSS Score
7.5
EPSS Score
0.284
Published
2023-05-09
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
CVSS Score
7.2
EPSS Score
0.881
Published
2023-05-09
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-09
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-09
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-09
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-09
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-05-09