Security Vulnerabilities - CVEs Published In June 2023
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-02
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-02
A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-02
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-06-02
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-06-02
mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-02
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-06-02
A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-02
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-06-02
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-06-02