CVE-2022-41566

The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 5.6.0 and below.

Source: CVE-2022-41566

CVE-2022-43578

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683.

Source: CVE-2022-43578

CVE-2022-41567

The BusinessConnect UI component of TIBCO Software Inc.’s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect: versions 7.3.0 and below.

Source: CVE-2022-41567

CVE-2022-43873

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

Source: CVE-2022-43873

CVE-2023-0960

A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.

Source: CVE-2023-0960

CVE-2022-43870

IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.

Source: CVE-2022-43870

CVE-2023-23040

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

Source: CVE-2023-23040

CVE-2023-23039

An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().

Source: CVE-2023-23039

CVE-2022-41216

Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.

Source: CVE-2022-41216

CVE-2023-23063

Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.

Source: CVE-2023-23063