Security Vulnerabilities - CVEs Published In July 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-07-13
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-13
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-13
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.
CVSS Score
9.1
EPSS Score
0.003
Published
2023-07-13
A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-07-13
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-13
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.
See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-07-13
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13