Security Vulnerabilities - CVEs Published In July 2023
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials
CVSS Score
6.2
EPSS Score
0.0
Published
2023-07-30
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-30
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users may exfiltrate files from the server via an unspecified method.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-07-30
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -
A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-30
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
CVSS Score
8.8
EPSS Score
0.009
Published
2023-07-29
Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.005
Published
2023-07-29
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-29
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-29
Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-29
Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-07-29