Security Vulnerabilities - CVEs Published In September 2023
Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-09-05
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-09-05
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-05
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-05
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-05
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-09-05
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-09-05
TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.
CVSS Score
8.8
EPSS Score
0.022
Published
2023-09-05
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-05
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-09-05