Security Vulnerabilities - CVEs Published In November 2023
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-09
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin <= 1.55 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin <= 3.7 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-11-09
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-09