Security Vulnerabilities - CVEs Published In June 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-06-07
Before importing a project into Vuforia, a user could modify the
“resourceDirectory” attribute in the appConfig.json file to be a
different path.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-07
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-06-07
FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to
a path traversal, which could allow an attacker to remotely read files
on the system running the affected software.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-06-07
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are
vulnerable to heap-based buffer overflow, which could allow an attacker
to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-06-07
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are
vulnerable to stack-based buffer overflow, which could allow an attacker
to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-06-07
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-06-07
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-06-07
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-07
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-06-07