Security Vulnerabilities - CVEs Published In July 2023
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-07-12
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.
This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.
Cisco has not released and will not release software updates that address this vulnerability.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-07-12
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-07-12
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.
The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
CVSS Score
6.0
EPSS Score
0.0
Published
2023-07-12
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-12
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-12
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-07-12