Security Vulnerabilities - CVEs Published In June 2023
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.
CVSS Score
9.4
EPSS Score
0.0
Published
2023-06-12
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.
CVSS Score
9.4
EPSS Score
0.001
Published
2023-06-12
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.
CVSS Score
9.4
EPSS Score
0.0
Published
2023-06-12
TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-12
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-12
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-12
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-12
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-12
The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-12
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-12