Security Vulnerabilities - CVEs Published In September 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-09-15
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-15
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-15
When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.
However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.
CVSS Score
7.5
EPSS Score
0.178
Published
2023-09-15
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-09-15
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-15