Security Vulnerabilities - CVEs Published In August 2023
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-07
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-07
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
CVSS Score
7.2
EPSS Score
0.027
Published
2023-08-07
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-07
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-07
In Gitea through 1.17.1, repo cloning can occur in the migration function.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-08-07
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
CVSS Score
7.8
EPSS Score
0.005
Published
2023-08-07
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-07
Pega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default credentials
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-07
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves
the reported vulnerabilities in the product versions under maintenance.
An attacker who successfully exploited one or more of these vulnerabilities could cause the product to
stop or make the product inaccessible.
Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:
Freelance controllers AC 700F:
from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;
Freelance controllers AC 900F:
through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.
CVSS Score
8.6
EPSS Score
0.002
Published
2023-08-07