Security Vulnerabilities - CVEs Published In August 2023
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-07
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-08-07
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-07
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-08-07
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
6.5
EPSS Score
0.005
Published
2023-08-07
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-07
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-07
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-07
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-07
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-07