Security Vulnerabilities - CVEs Published In June 2023
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-28
An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-28
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
CVSS Score
9.8
EPSS Score
0.009
Published
2023-06-28
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-28
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-28
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-28
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-28
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash
and utilize it to create new sessions. The hash is also a poorly salted MD5
hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such
as Alerton
ACM.] Out of an abundance of caution, this CVE ID is being assigned to
better serve our customers and ensure all who are still running this product understand
that the product is end of life and should be removed or upgraded.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-06-28
A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-06-28
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-28