Security Vulnerabilities - CVEs Published In October 2023
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.
CVSS Score
2.7
EPSS Score
0.0
Published
2023-10-31
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-10-31
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-31
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-31
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-10-31
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-31
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
CVSS Score
8.8
EPSS Score
0.356
Published
2023-10-31
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-10-31
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-10-31
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-10-31
Page 1