Security Vulnerabilities - CVEs Published In November 2023
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-01
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-01
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVSS Score
4.4
EPSS Score
0.001
Published
2023-11-01
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-11-01
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
CVSS Score
6.5
EPSS Score
0.006
Published
2023-11-01
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVSS Score
7.5
EPSS Score
0.328
Published
2023-11-01
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing
information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,
backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-11-01
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can
exploit this vulnerability by uploading a crafted ZIP archive via the
network to McFeeder’s service endpoint.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-11-01
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote procedure call (RPC) of the InspectSetup
service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
CVSS Score
2.7
EPSS Score
0.004
Published
2023-11-01
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be
abused for enumerating the local file system structure.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-11-01