Security Vulnerabilities - CVEs Published In August 2023
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-03
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-03
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-08-03
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-08-03
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.171
Published
2023-08-03
A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.171
Published
2023-08-03
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-08-03
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-03
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
CVSS Score
4.1
EPSS Score
0.001
Published
2023-08-03
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-08-03