Security Vulnerabilities - CVEs Published In September 2023
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-09-08
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-09-08
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-08
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-08
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-08
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-08
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-09-08
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-09-08
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-08
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-09-08