Security Vulnerabilities - CVEs Published In June 2023
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.
This issue affects Apache Accumulo: 2.1.0.
Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-21
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-06-21
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-06-21
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
CVSS Score
9.8
EPSS Score
0.185
Published
2023-06-20
Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-06-20
Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-06-20
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
CVSS Score
9.9
EPSS Score
0.302
Published
2023-06-20
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
CVSS Score
9.8
EPSS Score
0.941
Published
2023-06-20
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-20
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-06-20