Security Vulnerabilities - CVEs Published In June 2023
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-06-29
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
CVSS Score
5.3
EPSS Score
0.03
Published
2023-06-29
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
CVSS Score
9.8
EPSS Score
0.745
Published
2023-06-29
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-29
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
6.3
EPSS Score
0.004
Published
2023-06-29
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability
CVSS Score
4.8
EPSS Score
0.001
Published
2023-06-29
The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
4.4
EPSS Score
0.002
Published
2023-06-29
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.
CVSS Score
7.9
EPSS Score
0.002
Published
2023-06-29
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.007
Published
2023-06-29
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
3.1
EPSS Score
0.014
Published
2023-06-29