Security Vulnerabilities - CVEs Published In August 2023
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-25
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
CVSS Score
6.1
EPSS Score
0.044
Published
2023-08-25
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-25
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.
CVSS Score
7.8
EPSS Score
0.003
Published
2023-08-25
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-25
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-25
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-08-25
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-25
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-25
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-25