Security Vulnerabilities - CVEs Published In October 2023
Grafana is an open-source platform for monitoring and observability.
In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.
However, the restriction can be bypassed used punycode encoding of the characters in the request address.
CVSS Score
6.6
EPSS Score
0.0
Published
2023-10-17
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-10-17
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 9.2.3, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-10-17
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-10-17
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.
CVSS Score
9.8
EPSS Score
0.106
Published
2023-10-17
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-17
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-10-17
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-10-17
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-17
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-10-17