Security Vulnerabilities - CVEs Published In November 2023
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-11-17
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-17
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-11-17
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).
CVSS Score
7.8
EPSS Score
0.0
Published
2023-11-17
Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-17
Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c
CVSS Score
8.1
EPSS Score
0.001
Published
2023-11-17
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.
CVSS Score
4.3
EPSS Score
0.013
Published
2023-11-17
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-17
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVSS Score
9.8
EPSS Score
0.619
Published
2023-11-17
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVSS Score
9.8
EPSS Score
0.32
Published
2023-11-17