Security Vulnerabilities - CVEs Published In June 2023
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-09
An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-09
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-09
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-09
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-09
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-06-09
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-06-09
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.003
Published
2023-06-09
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-09
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.
CVSS Score
8.8
EPSS Score
0.038
Published
2023-06-09