Security Vulnerabilities - CVEs Published In August 2023
The controller responsible for setting the logging level does not include any authorization
checks to ensure the user is authenticated. This can be seen by noting that it extends
Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-30
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-08-30
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-08-30
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-30
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30