Security Vulnerabilities - CVEs Published In September 2023
Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-27
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-27
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-09-27
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
7.1
EPSS Score
0.005
Published
2023-09-27
Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-09-27
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-09-27
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
CVSS Score
7.6
EPSS Score
0.001
Published
2023-09-27
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-27
Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-27
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
3.1
EPSS Score
0.002
Published
2023-09-27