Security Vulnerabilities - CVEs Published In June 2023
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-30
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-06-30
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-30
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-06-30
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-06-30
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-06-30
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
CVSS Score
4.8
EPSS Score
0.0
Published
2023-06-30