Security Vulnerabilities - CVEs Published In August 2023
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
CVSS Score
7.5
EPSS Score
0.008
Published
2023-08-14
Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)
CVSS Score
4.8
EPSS Score
0.001
Published
2023-08-14
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-08-14
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
CVSS Score
8.3
EPSS Score
0.003
Published
2023-08-14
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-14
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-14
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-14
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-08-14
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-14
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-14