Security Vulnerabilities - CVEs Published In October 2023
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
CVSS Score
7.5
EPSS Score
0.808
Published
2023-10-14
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
CVSS Score
9.8
EPSS Score
0.066
Published
2023-10-14
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-14
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-14
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
CVSS Score
9.8
EPSS Score
0.937
Published
2023-10-14
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-10-14
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
7.7
EPSS Score
0.003
Published
2023-10-14
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-10-13
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.2
EPSS Score
0.002
Published
2023-10-13
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
CVSS Score
7.6
EPSS Score
0.001
Published
2023-10-13