Security Vulnerabilities - CVEs Published In November 2023
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-11-03
An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-02
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-02
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.
CVSS Score
9.8
EPSS Score
0.116
Published
2023-11-02
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-02
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-02
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
CVSS Score
9.8
EPSS Score
0.022
Published
2023-11-02
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-02
An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-02
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-02