Security Vulnerabilities - CVEs Published In June 2023
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-13
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-13
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-13
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-13
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-13
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-06-13
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-13
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-13
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-13
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVSS Score
7.5
EPSS Score
0.726
Published
2023-06-13