Security Vulnerabilities - CVEs Published In July 2023
In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-07-12
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability
exists that could cause user privilege escalation if a local user sends specific string input to a
local function call.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-07-12
In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-07-12
In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-07-12
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-07-12
There is insufficient restrictions of called script functions in Apache Jena
versions 4.8.0 and earlier. It allows a
remote user to execute javascript via a SPARQL query.
This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-07-12
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when an admin user on DCE tampers with backups which
are then manually restored.
CVSS Score
6.8
EPSS Score
0.017
Published
2023-07-12
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause loss of confidentiality when replacing a project file on the local filesystem and after
manual restart of the server.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-07-12