Security Vulnerabilities - CVEs Published In September 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-21
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-21
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-21
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-21
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-21
OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input.
CVSS Score
3.9
EPSS Score
0.0
Published
2023-09-21
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.
CVSS Score
5.7
EPSS Score
0.006
Published
2023-09-21
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.
The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.
For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-09-21
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-21
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-09-21