Security Vulnerabilities - CVEs Published In September 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-06
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-06
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-06
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-06
A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-06
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-06
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-06
ARDEREG ​Sistema SCADA Central versions 2.203 and prior
login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-06
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-09-05
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
4.6
EPSS Score
0.002
Published
2023-09-05