Security Vulnerabilities - CVEs Published In November 2023
SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.
CVSS Score
7.2
EPSS Score
0.021
Published
2023-11-30
In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-11-30
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-30
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-30
** UNSUPPORTED WHEN ASSIGNED **
The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.
This issue affects Apache Tiles from version 2 onwards.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.5
EPSS Score
0.012
Published
2023-11-30
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CVSS Score
9.1
EPSS Score
0.0
Published
2023-11-30
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-11-30
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
CVSS Score
9.8
EPSS Score
0.028
Published
2023-11-30
Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-30