Security Vulnerabilities - CVEs Published In August 2023
Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-08-16
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
CVSS Score
7.3
EPSS Score
0.004
Published
2023-08-16
Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-16
In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-16
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-16
Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-08-16
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.063
Published
2023-08-16
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-16
The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.111
Published
2023-08-16
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-16