Security Vulnerabilities - CVEs Published In November 2023
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-11-02
A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-02
A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-02
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-11-02
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
4.8
EPSS Score
0.003
Published
2023-11-02
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-11-02
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-11-02
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
CVSS Score
8.3
EPSS Score
0.0
Published
2023-11-02
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02