Dernières vulnérabilités du Jeudi 20 Juillet 2023

Dernières vulnérabilités du Jeudi 20 Juillet 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 20/07/2023 à 07:21:15

(1) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : cert.org.tw

Vulnérabilité ID : CVE-2023-37289

Première publication le : 20-07-2023 03:15:10
Dernière modification le : 20-07-2023 03:15:10

Description :
It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker to exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.

CVE ID : CVE-2023-37289
Source : twcert@cert.org.tw
Score CVSS : 9.8

Références :
https://www.twcert.org.tw/tw/cp-132-7225-cef32-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-434


(2) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : ubuntu.com

Vulnérabilité ID : CVE-2022-28733

Première publication le : 20-07-2023 01:15:10
Dernière modification le : 20-07-2023 01:15:10

Description :
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

CVE ID : CVE-2022-28733
Source : security@ubuntu.com
Score CVSS : 8.1

Références :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/06/07/5 | source : security@ubuntu.com

Vulnérabilité : CWE-191


Vulnérabilité ID : CVE-2022-28734

Première publication le : 20-07-2023 01:15:10
Dernière modification le : 20-07-2023 01:15:10

Description :
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

CVE ID : CVE-2022-28734
Source : security@ubuntu.com
Score CVSS : 8.1

Références :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/06/07/5 | source : security@ubuntu.com


(5) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : ubuntu.com

Vulnérabilité ID : CVE-2022-28735

Première publication le : 20-07-2023 01:15:10
Dernière modification le : 20-07-2023 01:15:10

Description :
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

CVE ID : CVE-2022-28735
Source : security@ubuntu.com
Score CVSS : 6.7

Références :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/06/07/5 | source : security@ubuntu.com


Vulnérabilité ID : CVE-2022-28737

Première publication le : 20-07-2023 01:15:10
Dernière modification le : 20-07-2023 01:15:10

Description :
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.

CVE ID : CVE-2022-28737
Source : security@ubuntu.com
Score CVSS : 6.5

Références :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/06/07/5 | source : security@ubuntu.com


Vulnérabilité ID : CVE-2022-28736

Première publication le : 20-07-2023 01:15:10
Dernière modification le : 20-07-2023 01:15:10

Description :
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.

CVE ID : CVE-2022-28736
Source : security@ubuntu.com
Score CVSS : 6.4

Références :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/06/07/5 | source : security@ubuntu.com


Source : hashicorp.com

Vulnérabilité ID : CVE-2023-3300

Première publication le : 20-07-2023 00:15:10
Dernière modification le : 20-07-2023 00:15:10

Description :
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

CVE ID : CVE-2023-3300
Source : security@hashicorp.com
Score CVSS : 5.3

Références :
https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 | source : security@hashicorp.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-3072

Première publication le : 20-07-2023 00:15:10
Dernière modification le : 20-07-2023 00:15:10

Description :
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

CVE ID : CVE-2023-3072
Source : security@hashicorp.com
Score CVSS : 4.1

Références :
https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270 | source : security@hashicorp.com

Vulnérabilité : CWE-862


(1) Vulnérabilité(s) LOW [0.1, 3.9]

Source : hashicorp.com

Vulnérabilité ID : CVE-2023-3299

Première publication le : 20-07-2023 00:15:10
Dernière modification le : 20-07-2023 00:15:10

Description :
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

CVE ID : CVE-2023-3299
Source : security@hashicorp.com
Score CVSS : 3.4

Références :
https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271 | source : security@hashicorp.com

Vulnérabilité : CWE-668


(1) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-38408

Première publication le : 20-07-2023 03:15:10
Dernière modification le : 20-07-2023 04:15:11

Description :
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

CVE ID : CVE-2023-38408
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent | source : cve@mitre.org
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 | source : cve@mitre.org
https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d | source : cve@mitre.org
https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca | source : cve@mitre.org
https://news.ycombinator.com/item?id=36790196 | source : cve@mitre.org
https://security.gentoo.org/glsa/202307-01 | source : cve@mitre.org
https://www.openssh.com/security.html | source : cve@mitre.org
https://www.openssh.com/txt/release-9.3p2 | source : cve@mitre.org
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt | source : cve@mitre.org


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.