Security Vulnerabilities - CVEs Published In September 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
CVSS Score
7.8
EPSS Score
0.028
Published
2023-09-14
A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.
CVSS Score
2.0
EPSS Score
0.002
Published
2023-09-14
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-14
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-14
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVSS Score
7.5
EPSS Score
0.048
Published
2023-09-14
A remote authentication bypass issue exists in some
OneView APIs.
CVSS Score
9.8
EPSS Score
0.05
Published
2023-09-14
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-09-14
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-09-14
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-09-14
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-14