Security Vulnerabilities - CVEs Published In September 2023
Memory Corruption in Core Platform while printing the response buffer in log.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-05
Information disclosure in Automotive multimedia due to buffer over-read.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-09-05
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-09-05
A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238637 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-09-05
ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-05
disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-05
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Score
4.4
EPSS Score
0.03
Published
2023-09-05
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-05
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-09-05
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-09-05