Security Vulnerabilities - CVEs Published In August 2023
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-08-14
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-14
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-08-14
Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-08-14
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-14
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.
CVSS Score
6.8
EPSS Score
0.004
Published
2023-08-14
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.
CVSS Score
6.5
EPSS Score
0.018
Published
2023-08-14
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-08-14
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.
CVSS Score
7.5
EPSS Score
0.021
Published
2023-08-14
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-14