Security Vulnerabilities - CVEs Published In June 2023
The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-03
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-03
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
CVSS Score
4.9
EPSS Score
0.001
Published
2023-06-02
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
CVSS Score
8.7
EPSS Score
0.001
Published
2023-06-02
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-06-02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.
CVSS Score
9.8
EPSS Score
0.245
Published
2023-06-02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-02