Security Vulnerabilities - CVEs Published In June 2023
Landscape allowed URLs which caused open redirection.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-06
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-06
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-06
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-06
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
CVSS Score
9.8
EPSS Score
0.052
Published
2023-06-06
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-06
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
CVSS Score
9.8
EPSS Score
0.303
Published
2023-06-06
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
CVSS Score
8.8
EPSS Score
0.053
Published
2023-06-06
In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-06
In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-06-06