Security Vulnerabilities - CVEs Published In September 2023
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-09-01
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
CVSS Score
9.8
EPSS Score
0.029
Published
2023-09-01
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-01
Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-09-01
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-09-01
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-09-01
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-01
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-09-01
Installer RCE on settings file write in MyBB before 1.8.22.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-01
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-01