Security Vulnerabilities - CVEs Published In June 2023
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-06-16
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.
CVSS Score
7.7
EPSS Score
0.0
Published
2023-06-16
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-06-16
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-16
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
CVSS Score
9.8
EPSS Score
0.912
Published
2023-06-16
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-16
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-16
A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-06-16
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
CVSS Score
7.5
EPSS Score
0.886
Published
2023-06-16
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-06-16