Security Vulnerabilities - CVEs Published In July 2023
"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.
CVSS Score
9.8
EPSS Score
0.017
Published
2023-07-05
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-05
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-05
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-07-05
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-07-05
Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-07-05
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-05
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-07-05
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-07-05
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-07-05