Security Vulnerabilities - CVEs Published In July 2023
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.
CVSS Score
10.0
EPSS Score
0.003
Published
2023-07-24
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-24
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVSS Score
5.5
EPSS Score
0.059
Published
2023-07-24
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.
Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+
CVSS Score
9.8
EPSS Score
0.0
Published
2023-07-24
A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-24
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-24
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-07-24
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-07-24
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-07-24
A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted
programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.
This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-07-24