Security Vulnerabilities - CVEs Published In November 2023
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-03
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-11-03
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-03
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-03
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2023-11-03
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-03
A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties.
CVSS Score
5.1
EPSS Score
0.019
Published
2023-11-03
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-03
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-03
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-11-03