Security Vulnerabilities - CVEs Published In September 2023
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-27
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-27
CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrity or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
*
21.2 versions prior to 21.2R3-S8;
* 21.4
versions prior to
21.4R3-S6;
* 22.1
versions prior to
22.1R3-S5;
* 22.2
versions prior to
22.2R3-S3;
* 22.3
versions prior to
22.3R3-S2;
* 22.4 versions prior to 22,4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S2, 23.2R2.
Known exploited
CVSS Score
5.3
EPSS Score
0.105
Published
2023-09-27
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-09-27
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-09-27
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-27
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-09-27
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-27
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-27
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-09-27