CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41628
https://notcve.org/view.php?id=CVE-2023-41628
An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. Un problema en O-RAN Software Community E2 G-Release permite a los atacantes provocar una denegación de servicio (DoS) iniciando incorrectamente el procedimiento de mensajería entre los componentes "E2Node" y "E2Term". • https://jira.o-ran-sc.org/browse/RIC-1002 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40997
https://notcve.org/view.php?id=CVE-2023-40997
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. • https://jira.o-ran-sc.org/browse/RIC-991 https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40998
https://notcve.org/view.php?id=CVE-2023-40998
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. • https://jira.o-ran-sc.org/browse/RIC-989 https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24497
https://notcve.org/view.php?id=CVE-2023-24497
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25428 – Soft-o Free Password Manager 1.1.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2023-25428
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. Soft-o Free Password Manager version 1.1.20 suffers from a dll hijacking vulnerability. • https://packetstormsecurity.com/files/172259/Soft-o-Free-Password-Manager-1.1.20-DLL-Hijacking.html https://www.soft-o.com/products/free-password-manager.html • CWE-427: Uncontrolled Search Path Element •