Security Vulnerabilities - CVEs Published In October 2023
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-10-29
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-10-29
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.
CVSS Score
7.4
EPSS Score
0.0
Published
2023-10-29
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-29
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-29
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-10-29
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-10-29
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-29
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.
CVSS Score
4.9
EPSS Score
0.0
Published
2023-10-29
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-28