Security Vulnerabilities - CVEs Published In July 2023
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-13
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
CVSS Score
7.0
EPSS Score
0.379
Published
2023-07-13
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-07-13
A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-13
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13