The Consensus Security Vulnerability Alert

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.CVE-2023-21674 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityCVSS Score: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C** KEV since 2023-01-10 **NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21674MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674CVE-2023-0014 - SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-0014NVD References:-https://launchpad.support.sap.com/#/notes/3089413-https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-0017 - An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-0017NVD References:-https://launchpad.support.sap.com/#/notes/3268093-https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2017-20166 - Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2017-20166NVD References:-https://github.com/advisories/GHSA-2xxx-fhc8-9qvq-https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250-https://github.com/elixir-ecto/ecto/pull/2125-https://groups.google.com/forum/#!topic/elixir-ecto/0m4NPfg_MMUCVE-2023-22903 - api/views/user.py in LibrePhotos before e19e539 has incorrect access control.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22903NVD References:https://github.com/LibrePhotos/librephotos/commit/e19e539356df77f6f59e7d1eea22d452b268e120CVE-2022-43514 - A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43514NVD References:https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdfCVE-2022-3792 - This issue affects: Terminal Operating System versions before 5.0.13CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-3792NVD References:-https://fordefence.com/cve-2022-3792-gullseye-terminal-operation-system/-https://omrylmz.com/cve-2022-3792-terminal-operation-system/-https://www.usom.gov.tr/bildirim/tr-22-0747-2CVE-2022-4422 - This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-4422NVD References:https://www.usom.gov.tr/bildirim/tr-22-0747CVE-2016-15017 - A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2016-15017NVD References:-https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac87…

CVE-2022-43513 this could allow Remote Code Execution.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43514NVD References:https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdfCVE-2022-3792 - This issue affects: Terminal Operating System versions before 5.0.13CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-3792NVD References:-https://fordefence.com/cve-2022-3792-gullseye-terminal-operation-system/-https://omrylmz.com/cve-2022-3792-terminal-operation-system/-https://www.usom.gov.tr/bildirim/tr-22-0747-2CVE-2022-4422 - This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-4422NVD References:https://www.usom.gov.tr/bildirim/tr-22-0747CVE-2016-15017 - A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2016-15017NVD References:-https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a-https://github.com/fabarea/media_upload/issues/6-https://github.com/fabarea/media_upload/releases/tag/0.9.0-https://vuldb.com/?ctiid.217786-https://vuldb.com/?id.217786CVE-2014-125073 - A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2014-125073NVD References:-https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72-https://vuldb.com/?ctiid.217790-https://vuldb.com/?id.217790CVE-2022-4337 - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-4337NVD References:-https://github.com/openvswitch/ovs/pull/405-https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html-https://www.debian.org/security/2023/dsa-5319-https://www.openwall.com/lists/oss-security/2022/12/21/4CVE-2022-4338 - An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-4338NVD References:-https://github.com/openvswitch/ovs/pull/405-https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html-https://www.debian.org/security/2023/dsa-5319-https://www.openwall.com/lists/oss-security/2022/12/21/4CVE-2021-3966 - usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.CVSS Score: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2021-3966NVD References:https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2mCVE-2022-47865 - Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.CVE-2022-47866 - Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.CVE-2022-47859 - Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.CVE-2022-47860 - Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.CVE-2022-47861 - Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.CVE-2022-47862 - Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.CVE-2022-47864 - Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47865NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47866NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47859NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47860NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47861NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47862NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47864NVD References:-https://github.com…

CVE-2022-47864 - Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47865NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47866NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47859NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47860NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47861NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47862NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47864NVD References:-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeOrder.php.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeBrand.php.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20changePassword.php.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeProduct.php.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeLead.php.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20ajax_represent.php%20.md-https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeCategories.php.md-https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.htmlCVE-2022-39184 - EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39184NVD References:https://www.gov.il/en/Departments/faq/cve_advisoriesCVE-2022-39185 - EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39185NVD References:https://www.gov.il/en/Departments/faq/cve_advisoriesCVE-2023-22600 - InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.CVE-2023-22601 - InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.CVSS Score: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22600NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22601NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03CVE-2022-41778 - Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-41778NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07CVE-2023-22495 - Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22495NVD References:-https://github.com/MAIF/izanami/releases/tag/v1.11.0-https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792cCVE-2022-43462 - Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions.CVSS Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43462NVD References:https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cveCVE-2023-22727 - CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user req…

CVE-2023-22601 - InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.

CVSS Score: 10.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22600

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22601

NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

CVE-2022-41778 - Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-41778

NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07

CVE-2023-22495 - Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22495

NVD References:

-https://github.com/MAIF/izanami/releases/tag/v1.11.0

-https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792c

CVE-2022-43462 - Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions.

CVSS Score: 9.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43462

NVD References:https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability?_s_id=cve

CVE-2023-22727 - CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22727

NVD References:

-https://bakery.cakephp.org/2023/01/06/cakephp_4211_4311_4410_released.html

-https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239

-https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp

CVE-2023-22731 - Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.

CVSS Score: 9.9

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22731

NVD References:

-https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

-https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1

-https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w

CVE-2022-23521 - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-23521

NVD References:

-https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76

-https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89

CVE-2022-41903 - Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-41903

NVD References:

-https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst

-https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem

-https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76

-https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq

CVE-2022-46732 - Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-46732

NVD References:

-https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01

-https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01

CVE-2023-21890 - Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core).  Supported versions that are affected are 7.1.0 and  8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server.  Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Score: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21890

NVD References:https://www.oracle.com/security-alerts/cpujan2023.html

CVE-2022-41989 - Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.

CVE-2022-43483 - Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

CVE-2022-47911 - Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

CVE-2022-45444 - Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.

CVSS Scores: 9.0 - 10.0

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H, 3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-41989

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43483

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47911

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-45444

NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01

CVE-2022-45444 - Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.

CVSS Scores: 9.0 - 10.0

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H, 3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-41989

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-43483

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47911

NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-45444

NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01