Security Vulnerabilities - CVEs Published In May 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-22
Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-05-22
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-22
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-05-22
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-05-22
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
An old session can be used by an attacker even after the user has been deleted or the password has been changed.
Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-22
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-22
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.
When users change their password to a simple password (with any character or
symbol), attackers can easily guess the user's password and access the account.
Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-22
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-22
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-22