CVE-2023-33198

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-941
View all →

Vulnerability Description

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.

Related Vulnerabilities

CVE-2019-18242

HIGH
CVSS:7.5(High)

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fa...

CWE-9412019

CVE-2022-4847

HIGH
CVSS:8.3(High)

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9412022

CVE-2024-34947

CRITICAL
CVSS:9.4(Critical)

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.

CWE-9412024

CVE-2024-34947

CRITICAL
CVSS:9.4(Critical)

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.

CWE-9412024

CVE-2022-4847

HIGH
CVSS:8.3(High)

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CWE-9412022

CVE-2019-18242

HIGH
CVSS:7.5(High)

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fa...

CWE-9412019