Dernières vulnérabilités du Dimanche 23 Juillet 2023

Dernières vulnérabilités du Dimanche 23 Juillet 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 23/07/2023 à 22:19:33

(0) Vulnérabilité(s) CRITICAL [9.0, 10.0]

(1) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-3842

Première publication le : 23-07-2023 04:15:09
Dernière modification le : 23-07-2023 04:15:09

Description :
A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3842
Source : cna@vuldb.com
Score CVSS : 7.8

Références :
https://vuldb.com/?ctiid.235193 | source : cna@vuldb.com
https://vuldb.com/?id.235193 | source : cna@vuldb.com

Vulnérabilité : CWE-428


(3) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-3850

Première publication le : 23-07-2023 10:15:09
Dernière modification le : 23-07-2023 10:15:09

Description :
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.

CVE ID : CVE-2023-3850
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.235201 | source : cna@vuldb.com
https://vuldb.com/?id.235201 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3841

Première publication le : 23-07-2023 03:15:10
Dernière modification le : 23-07-2023 03:15:10

Description :
A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3841
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://vuldb.com/?ctiid.235192 | source : cna@vuldb.com
https://vuldb.com/?id.235192 | source : cna@vuldb.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-3839

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3839
Source : cna@vuldb.com
Score CVSS : 4.1

Références :
https://github.com/TXPH/CVE/blob/main/sqli-report.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235190 | source : cna@vuldb.com
https://vuldb.com/?id.235190 | source : cna@vuldb.com

Vulnérabilité : CWE-89


(9) Vulnérabilité(s) LOW [0.1, 3.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-3840

Première publication le : 23-07-2023 03:15:09
Dernière modification le : 23-07-2023 03:15:09

Description :
A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. This affects an unknown part of the file /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. The manipulation of the argument user leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3840
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235191 | source : cna@vuldb.com
https://vuldb.com/?id.235191 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3843

Première publication le : 23-07-2023 05:15:08
Dernière modification le : 23-07-2023 05:15:08

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3843
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235194 | source : cna@vuldb.com
https://vuldb.com/?id.235194 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3844

Première publication le : 23-07-2023 06:15:09
Dernière modification le : 23-07-2023 06:15:09

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3844
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235195 | source : cna@vuldb.com
https://vuldb.com/?id.235195 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3845

Première publication le : 23-07-2023 06:15:09
Dernière modification le : 23-07-2023 06:15:09

Description :
A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3845
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235196 | source : cna@vuldb.com
https://vuldb.com/?id.235196 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3846

Première publication le : 23-07-2023 07:15:09
Dernière modification le : 23-07-2023 07:15:09

Description :
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3846
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235197 | source : cna@vuldb.com
https://vuldb.com/?id.235197 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3847

Première publication le : 23-07-2023 08:15:09
Dernière modification le : 23-07-2023 08:15:09

Description :
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3847
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235198 | source : cna@vuldb.com
https://vuldb.com/?id.235198 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3848

Première publication le : 23-07-2023 08:15:09
Dernière modification le : 23-07-2023 08:15:09

Description :
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3848
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235199 | source : cna@vuldb.com
https://vuldb.com/?id.235199 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3849

Première publication le : 23-07-2023 09:15:09
Dernière modification le : 23-07-2023 09:15:09

Description :
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-3849
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.235200 | source : cna@vuldb.com
https://vuldb.com/?id.235200 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3838

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/vote_edit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3838
Source : cna@vuldb.com
Score CVSS : 2.4

Références :
https://github.com/TXPH/CVE/blob/main/xss-report2.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235189 | source : cna@vuldb.com
https://vuldb.com/?id.235189 | source : cna@vuldb.com

Vulnérabilité : CWE-79


(2) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : redhat.com

Vulnérabilité ID : CVE-2023-2430

Première publication le : 23-07-2023 02:15:11
Dernière modification le : 23-07-2023 02:15:11

Description :
A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.

CVE ID : CVE-2023-2430
Source : secalert@redhat.com
Score CVSS : /

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8 | source : secalert@redhat.com

Vulnérabilité : CWE-413


Source : checkpoint.com

Vulnérabilité ID : CVE-2023-28133

Première publication le : 23-07-2023 10:15:09
Dernière modification le : 23-07-2023 12:15:09

Description :
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

CVE ID : CVE-2023-28133
Source : cve@checkpoint.com
Score CVSS : /

Références :
https://support.checkpoint.com/results/sk/sk181276 | source : cve@checkpoint.com

Vulnérabilité : CWE-732


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.