Security Vulnerabilities - CVEs Published In November 2023
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-28
Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-11-28
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVSS Score
5.9
EPSS Score
0.006
Published
2023-11-28
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-11-28
A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-28
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-11-28
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-28
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-28
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-11-28
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* org.springframework.boot:spring-boot-actuator is on the classpath
CVSS Score
5.3
EPSS Score
0.003
Published
2023-11-28