Security Vulnerabilities - CVEs Published In June 2023
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
CVSS Score
8.8
EPSS Score
0.123
Published
2023-06-13
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
CVSS Score
5.4
EPSS Score
0.128
Published
2023-06-13
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-06-13
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-06-13
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-06-13
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.
Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-06-13
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-13
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-13
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-06-13
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
* Quebec prior to Patch 10 Hot Fix 8b
* Rome prior to Patch 10 Hot Fix 1
* San Diego prior to Patch 7
* Tokyo prior to Tokyo Patch 1; and
* Utah prior to Utah General Availability
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
CVSS Score
9.9
EPSS Score
0.002
Published
2023-06-13