Security Vulnerabilities - CVEs Published In October 2023
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
CVSS Score
8.0
EPSS Score
0.491
Published
2023-10-19
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-19
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-19
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-10-19
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-19
KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-19
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-19
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
9.6
EPSS Score
0.002
Published
2023-10-19
Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-10-19
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.
This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8814
CVSS Score
7.5
EPSS Score
0.0
Published
2023-10-19