Security Vulnerabilities - CVEs Published In June 2023
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
CVSS Score
7.5
EPSS Score
0.872
Published
2023-06-30
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.
CVSS Score
9.8
EPSS Score
0.834
Published
2023-06-30
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-30
com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-06-30
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
CVSS Score
6.5
EPSS Score
0.108
Published
2023-06-30
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-30
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-06-30
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-06-30
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-06-30
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.
This issue affects My Cloud OS 5 devices: before 5.26.300.
CVSS Score
6.2
EPSS Score
0.003
Published
2023-06-30
Page 1