Security Vulnerabilities - CVEs Published In October 2023
In multiple functions of protocolembmsadapter.cpp, there is a possible out
of bounds read due to a missing bounds check. This could lead to remote
information disclosure with no additional execution privileges needed. User
interaction is not needed for exploitation.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-18
In Init of protocolnetadapter.cpp, there is a possible out of bounds read
due to a missing bounds check. This could lead to remote information
disclosure with no additional execution privileges needed. User interaction
is not needed for exploitation.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-18
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-18
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-10-18
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-18
WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-18
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system.
This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-18
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-10-18
In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-18
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-18