Security Vulnerabilities - CVEs Published In June 2023
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.
CVSS Score
9.8
EPSS Score
0.035
Published
2023-06-06
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
CVSS Score
7.8
EPSS Score
0.011
Published
2023-06-06
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-06-06
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-06-06
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-06
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-06
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-06-06
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-06-06
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.
CVSS Score
6.5
EPSS Score
0.011
Published
2023-06-06
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-06-06