Security Vulnerabilities - CVEs Published In August 2023
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-25
The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-25
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-25
A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-08-25
Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-25
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-08-25
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-25
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
CVSS Score
4.6
EPSS Score
0.01
Published
2023-08-25
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
CVSS Score
4.6
EPSS Score
0.873
Published
2023-08-25
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
CVSS Score
3.5
EPSS Score
0.003
Published
2023-08-25