Security Vulnerabilities - CVEs Published In June 2023
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-22
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-22
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22
An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.
CVSS Score
8.6
EPSS Score
0.005
Published
2023-06-22
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`.
CVSS Score
8.0
EPSS Score
0.022
Published
2023-06-22
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22
An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22
An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-22