Security Vulnerabilities - CVEs Published In July 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-07-10
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-07-10
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-10
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-07-10
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3.
Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
CVSS Score
3.3
EPSS Score
0.0
Published
2023-07-10
Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated
remote attacker to retrieve sensitive information about the device via HTTP requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-10
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4
could allow a remote attacker to brute-force user credentials.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-07-10
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login
attempt.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-07-10
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-07-10