Security Vulnerabilities - CVEs Published In July 2023
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-07-04
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
CVSS Score
6.1
EPSS Score
0.037
Published
2023-07-04
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
CVSS Score
9.8
EPSS Score
0.928
Published
2023-07-04
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-07-04
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-04
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-07-04
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-07-04
Memory corruption in Linux while calling system configuration APIs.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-07-04
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-07-04
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-07-04