Security Vulnerabilities - CVEs Published In August 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-03
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.
CVSS Score
8.8
EPSS Score
0.024
Published
2023-08-03
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-08-03
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-08-03
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.
CVSS Score
4.2
EPSS Score
0.001
Published
2023-08-03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.
CVSS Score
7.4
EPSS Score
0.181
Published
2023-08-03
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-03
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-08-03
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-03