Security Vulnerabilities - CVEs Published In June 2023
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-06-19
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-19
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-06-19
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-19
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-19
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-06-19
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-19
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-19
Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.
CVSS Score
8.7
EPSS Score
0.001
Published
2023-06-19
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-19