Security Vulnerabilities - CVEs Published In October 2023
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-10-30
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-30
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.
CVSS Score
8.4
EPSS Score
0.008
Published
2023-10-30
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-10-30
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-30
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-30
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-10-30
In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-10-30
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-30
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-10-30