Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-06-26
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-26
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-06-26


Contact Us

Shodan ® - All rights reserved