Security Vulnerabilities - CVEs Published In November 2023
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-09
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-11-09
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226
CVSS Score
8.0
EPSS Score
0.014
Published
2023-11-09
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-11-09
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-11-09