Security Vulnerabilities - CVEs Published In July 2023
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
CVSS Score
9.6
EPSS Score
0.003
Published
2023-07-11
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-11
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-07-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-11
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-07-11
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-07-11
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-07-11
CVE-2023-36884
Windows Search Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.931
Published
2023-07-11
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-07-11
Mono Authenticode Validation Spoofing Vulnerability
CVSS Score
5.3
EPSS Score
0.006
Published
2023-07-11