Security Vulnerabilities - CVEs Published In June 2023
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-09
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-06-09
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.
CVSS Score
3.7
EPSS Score
0.002
Published
2023-06-09
A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-09
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-06-09
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-09
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-09
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-09
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-09
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-09