Security Vulnerabilities - CVEs Published In May 2023
Windows iSCSI Target Service Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.003
Published
2023-05-09
Windows Backup Service Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-09
Windows Bluetooth Driver Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-09
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.
There are workarounds that address this vulnerability.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-05-09
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.
This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-05-09
Windows SMB Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.032
Published
2023-05-09
Windows Graphics Component Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.001
Published
2023-05-09
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-05-09
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-09
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-05-09