Security Vulnerabilities - CVEs Published In July 2023
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
CVSS Score
10.0
EPSS Score
0.003
Published
2023-07-07
IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-07-07
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-07-07
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-07
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-07
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
CVSS Score
10.0
EPSS Score
0.001
Published
2023-07-07
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-07
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07