Security Vulnerabilities - CVEs Published In May 2023
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-02
The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.001
Published
2023-05-02
The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.253
Published
2023-05-02
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-05-02
Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-02
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-05-02
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-02
Memory corruption in HAB Memory management due to broad system privileges via physical address.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-05-02
Memory corruption in Graphics while importing a file.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-05-02
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-05-02