Security Vulnerabilities - CVEs Published In August 2023
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-08-02
An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-08-02
The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-08-02
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-02
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.
[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-08-02
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-08-02
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-02
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
CVSS Score
2.5
EPSS Score
0.0
Published
2023-08-02
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-02
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-08-02