Security Vulnerabilities - CVEs Published In May 2023
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-26
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-26
A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-26
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-26
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-05-26
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-26
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-26
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
CVSS Score
6.8
EPSS Score
0.004
Published
2023-05-26
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-26
Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-26