Security Vulnerabilities - CVEs Published In August 2023
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-08-29
Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-08-29
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
CVSS Score
9.4
EPSS Score
0.001
Published
2023-08-29
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-29
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-29
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-08-29
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-08-29
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-08-29
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-08-29
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23,
before 09-66-17,
before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W
, before 09-66-/Q
; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-08-29