Security Vulnerabilities - CVEs Published In October 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
CVSS Score
8.8
EPSS Score
0.046
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
CVSS Score
8.8
EPSS Score
0.106
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
CVSS Score
8.0
EPSS Score
0.096
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
CVSS Score
8.8
EPSS Score
0.02
Published
2023-10-19
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-10-19
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
CVSS Score
9.8
EPSS Score
0.682
Published
2023-10-19
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-19