Security Vulnerabilities - CVEs Published In June 2023
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-06-22
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-06-22
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-06-22
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-06-22
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
CVSS Score
6.1
EPSS Score
0.493
Published
2023-06-21
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.
CVSS Score
7.2
EPSS Score
0.056
Published
2023-06-21
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVSS Score
9.6
EPSS Score
0.0
Published
2023-06-21
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-21
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."
CVSS Score
7.5
EPSS Score
0.003
Published
2023-06-21
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-21