Security Vulnerabilities - CVEs Published In June 2023
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-16
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVSS Score
5.4
EPSS Score
0.005
Published
2023-06-16
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
CVSS Score
9.8
EPSS Score
0.169
Published
2023-06-16
L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-06-16
OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-06-16
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-16
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVSS Score
5.1
EPSS Score
0.001
Published
2023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2023-06-16
Microsoft SQL OLE DB Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.01
Published
2023-06-16