Dernières vulnérabilités du Jeudi 6 Juillet 2023

Dernières vulnérabilités du Jeudi 6 Juillet 2023
{{titre}}

Dernière mise à jour efféctuée le 06/07/2023 à 23:58:03

(3) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Vulnérabilité ID : CVE-2023-36460

Première publication le : 06-07-2023 19:15:10
Dernière modification le : 06-07-2023 19:15:10

Description :
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

CVE ID : CVE-2023-36460
Source : security-advisories@github.com
Score CVSS : 9.9

Références :
https://github.com/mastodon/mastodon/commit/dc8f1fbd976ae544720a4e07120d9a91b2722440 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v3.5.9 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.0.5 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.1.3 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-23902

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-23902
Source : talos-cna@cisco.com
Score CVSS : 9.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1697 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-36459

Première publication le : 06-07-2023 19:15:10
Dernière modification le : 06-07-2023 19:15:10

Description :
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

CVE ID : CVE-2023-36459
Source : security-advisories@github.com
Score CVSS : 9.3

Références :
https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v3.5.9 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.0.5 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.1.3 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp | source : security-advisories@github.com

Vulnérabilité : CWE-79


(83) Vulnérabilité(s) HIGH [7.0, 8.9]

Vulnérabilité ID : CVE-2023-22299

Première publication le : 06-07-2023 15:15:10
Dernière modification le : 06-07-2023 18:15:10

Description :
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-22299
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-22653

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 18:15:10

Description :
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An attacker can send an HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-22653
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1714 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-24018

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 18:15:10

Description :
A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-24018
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-24519

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.

CVE ID : CVE-2023-24519
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-24520

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.

CVE ID : CVE-2023-24520
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-24582

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 15:16:32

Description :
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet.

CVE ID : CVE-2023-24582
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1710 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-24583

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 15:16:32

Description :
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet.

CVE ID : CVE-2023-24583
Source : talos-cna@cisco.com
Score CVSS : 8.8

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1710 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-30655

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30655
Source : mobile.security@samsung.com
Score CVSS : 8.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30656

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

CVE ID : CVE-2023-30656
Source : mobile.security@samsung.com
Score CVSS : 8.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30658

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30658
Source : mobile.security@samsung.com
Score CVSS : 8.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30664

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30664
Source : mobile.security@samsung.com
Score CVSS : 8.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-24496

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.

CVE ID : CVE-2023-24496
Source : talos-cna@cisco.com
Score CVSS : 8.3

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 | source : talos-cna@cisco.com

Vulnérabilité : CWE-80


Vulnérabilité ID : CVE-2023-24497

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 15:16:32

Description :
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database

CVE ID : CVE-2023-24497
Source : talos-cna@cisco.com
Score CVSS : 8.3

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 | source : talos-cna@cisco.com

Vulnérabilité : CWE-80


Vulnérabilité ID : CVE-2023-36456

Première publication le : 06-07-2023 19:15:10
Dernière modification le : 06-07-2023 19:15:10

Description :
authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used. This poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to. Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.

CVE ID : CVE-2023-36456
Source : security-advisories@github.com
Score CVSS : 8.3

Références :
https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff | source : security-advisories@github.com
https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a | source : security-advisories@github.com
https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv | source : security-advisories@github.com
https://goauthentik.io/docs/releases/2023.4#fixed-in-202343 | source : security-advisories@github.com
https://goauthentik.io/docs/releases/2023.5#fixed-in-202355 | source : security-advisories@github.com

Vulnérabilité : CWE-436


Vulnérabilité ID : CVE-2023-23571

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-23571
Source : talos-cna@cisco.com
Score CVSS : 8.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696 | source : talos-cna@cisco.com

Vulnérabilité : CWE-126


Vulnérabilité ID : CVE-2023-37260

Première publication le : 06-07-2023 16:15:10
Dernière modification le : 06-07-2023 17:44:04

Description :
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string.

CVE ID : CVE-2023-37260
Source : security-advisories@github.com
Score CVSS : 8.2

Références :
https://github.com/thephpleague/oauth2-server/pull/1353 | source : security-advisories@github.com
https://github.com/thephpleague/oauth2-server/releases/tag/8.5.3 | source : security-advisories@github.com
https://github.com/thephpleague/oauth2-server/security/advisories/GHSA-wj7q-gjg8-3cpm | source : security-advisories@github.com

Vulnérabilité : CWE-209


Vulnérabilité ID : CVE-2023-22371

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:38

Description :
An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE ID : CVE-2023-22371
Source : talos-cna@cisco.com
Score CVSS : 8.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1703 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-3531

Première publication le : 06-07-2023 20:15:09
Dernière modification le : 06-07-2023 20:15:09

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

CVE ID : CVE-2023-3531
Source : security@huntr.dev
Score CVSS : 8.1

Références :
https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d | source : security@huntr.dev
https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-30644

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30644
Source : mobile.security@samsung.com
Score CVSS : 7.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30645

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30645
Source : mobile.security@samsung.com
Score CVSS : 7.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30646

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30646
Source : mobile.security@samsung.com
Score CVSS : 7.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30647

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30647
Source : mobile.security@samsung.com
Score CVSS : 7.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30649

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30649
Source : mobile.security@samsung.com
Score CVSS : 7.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30643

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.

CVE ID : CVE-2023-30643
Source : mobile.security@samsung.com
Score CVSS : 7.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-306


Vulnérabilité ID : CVE-2023-23907

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-23907
Source : talos-cna@cisco.com
Score CVSS : 7.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1702 | source : talos-cna@cisco.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-24019

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

CVE ID : CVE-2023-24019
Source : talos-cna@cisco.com
Score CVSS : 7.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1718 | source : talos-cna@cisco.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-36461

Première publication le : 06-07-2023 19:15:10
Dernière modification le : 06-07-2023 19:15:10

Description :
Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

CVE ID : CVE-2023-36461
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v3.5.9 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.0.5 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.1.3 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc | source : security-advisories@github.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-30195

Première publication le : 06-07-2023 20:15:09
Dernière modification le : 06-07-2023 20:15:09

Description :
In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json.

CVE ID : CVE-2023-30195
Source : cve@mitre.org
Score CVSS : 7.5

Références :
https://friends-of-presta.github.io/security-advisories/modules/2023/06/22/lgdetailedorder.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-22319

Première publication le : 06-07-2023 15:15:10
Dernière modification le : 06-07-2023 15:16:38

Description :
A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.

CVE ID : CVE-2023-22319
Source : talos-cna@cisco.com
Score CVSS : 7.3

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701 | source : talos-cna@cisco.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-22844

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-22844
Source : talos-cna@cisco.com
Score CVSS : 7.3

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700 | source : talos-cna@cisco.com

Vulnérabilité : CWE-321


Vulnérabilité ID : CVE-2023-26137

Première publication le : 06-07-2023 05:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

CVE ID : CVE-2023-26137
Source : report@snyk.io
Score CVSS : 7.2

Références :
https://gist.github.com/dellalibera/666d67165830ded052a1ede2d2c0b02a | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665554 | source : report@snyk.io


Vulnérabilité ID : CVE-2023-22306

Première publication le : 06-07-2023 15:15:10
Dernière modification le : 06-07-2023 15:16:38

Description :
An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-22306
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-22365

Première publication le : 06-07-2023 15:15:10
Dernière modification le : 06-07-2023 15:16:38

Description :
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-22365
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1711 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-22659

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-22659
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1699 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-23550

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-23550
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1694 | source : talos-cna@cisco.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-24595

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-24595
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1713 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-25081

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.

CVE ID : CVE-2023-25081
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25082

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.

CVE ID : CVE-2023-25082
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25083

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.

CVE ID : CVE-2023-25083
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25084

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:11

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables.

CVE ID : CVE-2023-25084
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25085

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.

CVE ID : CVE-2023-25085
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25086

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.

CVE ID : CVE-2023-25086
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25087

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.

CVE ID : CVE-2023-25087
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25088

Première publication le : 06-07-2023 15:15:12
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.

CVE ID : CVE-2023-25088
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25089

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.

CVE ID : CVE-2023-25089
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25090

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.

CVE ID : CVE-2023-25090
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25091

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:12

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.

CVE ID : CVE-2023-25091
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25092

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.

CVE ID : CVE-2023-25092
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25093

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..

CVE ID : CVE-2023-25093
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25094

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.

CVE ID : CVE-2023-25094
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25095

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.

CVE ID : CVE-2023-25095
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25096

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.

CVE ID : CVE-2023-25096
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25097

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.

CVE ID : CVE-2023-25097
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25098

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:13

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.

CVE ID : CVE-2023-25098
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25099

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.

CVE ID : CVE-2023-25099
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25100

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable.

CVE ID : CVE-2023-25100
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25101

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.

CVE ID : CVE-2023-25101
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25102

Première publication le : 06-07-2023 15:15:13
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.

CVE ID : CVE-2023-25102
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25103

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.

CVE ID : CVE-2023-25103
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25104

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.

CVE ID : CVE-2023-25104
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25105

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.

CVE ID : CVE-2023-25105
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25106

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:14

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.

CVE ID : CVE-2023-25106
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25107

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.

CVE ID : CVE-2023-25107
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25108

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.

CVE ID : CVE-2023-25108
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25109

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.

CVE ID : CVE-2023-25109
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25110

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.

CVE ID : CVE-2023-25110
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25111

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.

CVE ID : CVE-2023-25111
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25112

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.

CVE ID : CVE-2023-25112
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25113

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:15

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.

CVE ID : CVE-2023-25113
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25114

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.

CVE ID : CVE-2023-25114
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25115

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.

CVE ID : CVE-2023-25115
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25116

Première publication le : 06-07-2023 15:15:14
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.

CVE ID : CVE-2023-25116
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25117

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.

CVE ID : CVE-2023-25117
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25118

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.

CVE ID : CVE-2023-25118
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25119

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.

CVE ID : CVE-2023-25119
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25120

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:16

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable.

CVE ID : CVE-2023-25120
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25121

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.

CVE ID : CVE-2023-25121
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25122

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.

CVE ID : CVE-2023-25122
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25123

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.

CVE ID : CVE-2023-25123
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25124

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.

CVE ID : CVE-2023-25124
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 | source : talos-cna@cisco.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2023-25582

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.

CVE ID : CVE-2023-25582
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-25583

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 18:15:17

Description :
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.

CVE ID : CVE-2023-25583
Source : talos-cna@cisco.com
Score CVSS : 7.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723 | source : talos-cna@cisco.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-36823

Première publication le : 06-07-2023 16:15:10
Dernière modification le : 06-07-2023 17:44:04

Description :
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.

CVE ID : CVE-2023-36823
Source : security-advisories@github.com
Score CVSS : 7.1

Références :
https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 | source : security-advisories@github.com
https://github.com/rgrove/sanitize/releases/tag/v6.0.2 | source : security-advisories@github.com
https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 | source : security-advisories@github.com

Vulnérabilité : CWE-79


(41) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Vulnérabilité ID : CVE-2023-30672

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.

CVE ID : CVE-2023-30672
Source : mobile.security@samsung.com
Score CVSS : 6.8

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-30650

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE ID : CVE-2023-30650
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30651

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE ID : CVE-2023-30651
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30652

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE ID : CVE-2023-30652
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30653

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE ID : CVE-2023-30653
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30668

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

CVE ID : CVE-2023-30668
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30669

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

CVE ID : CVE-2023-30669
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30670

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

CVE ID : CVE-2023-30670
Source : mobile.security@samsung.com
Score CVSS : 6.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-30674

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.

CVE ID : CVE-2023-30674
Source : mobile.security@samsung.com
Score CVSS : 6.5

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-1275


Vulnérabilité ID : CVE-2023-23547

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-23547
Source : talos-cna@cisco.com
Score CVSS : 6.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1695 | source : talos-cna@cisco.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-30671

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.

CVE ID : CVE-2023-30671
Source : mobile.security@samsung.com
Score CVSS : 6.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-36830

Première publication le : 06-07-2023 16:15:10
Dernière modification le : 06-07-2023 17:44:04

Description :
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.

CVE ID : CVE-2023-36830
Source : security-advisories@github.com
Score CVSS : 6.3

Références :
https://github.com/sqlfluff/sqlfluff/releases/tag/2.1.2 | source : security-advisories@github.com
https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx | source : security-advisories@github.com

Vulnérabilité : CWE-74


Vulnérabilité ID : CVE-2023-3528

Première publication le : 06-07-2023 18:15:17
Dernière modification le : 06-07-2023 18:15:17

Description :
A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.

CVE ID : CVE-2023-3528
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.233252 | source : cna@vuldb.com
https://vuldb.com/?id.233252 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-30642

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.

CVE ID : CVE-2023-30642
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-30657

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30657
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30659

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30659
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30660

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

CVE ID : CVE-2023-30660
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-30661

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

CVE ID : CVE-2023-30661
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-30662

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

CVE ID : CVE-2023-30662
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-30675

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

CVE ID : CVE-2023-30675
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-30677

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

CVE ID : CVE-2023-30677
Source : mobile.security@samsung.com
Score CVSS : 6.1

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-3523

Première publication le : 06-07-2023 10:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE ID : CVE-2023-3523
Source : security@huntr.dev
Score CVSS : 6.1

Références :
https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96 | source : security@huntr.dev
https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac | source : security@huntr.dev

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-35934

Première publication le : 06-07-2023 20:15:09
Dernière modification le : 06-07-2023 20:15:09

Description :
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.

CVE ID : CVE-2023-35934
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-35937

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.

CVE ID : CVE-2023-35937
Source : security-advisories@github.com
Score CVSS : 6.0

Références :
https://github.com/metersphere/metersphere/security/advisories/GHSA-7xj3-qrx5-524r | source : security-advisories@github.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-30673

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.

CVE ID : CVE-2023-30673
Source : mobile.security@samsung.com
Score CVSS : 5.5

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-354


Vulnérabilité ID : CVE-2023-3521

Première publication le : 06-07-2023 02:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.

CVE ID : CVE-2023-3521
Source : security@huntr.dev
Score CVSS : 5.4

Références :
https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52 | source : security@huntr.dev
https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26138

Première publication le : 06-07-2023 05:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.

CVE ID : CVE-2023-26138
Source : report@snyk.io
Score CVSS : 5.4

Références :
https://gist.github.com/dellalibera/d2abd809f32ec6c61be1f41d80edf61b | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665555 | source : report@snyk.io


Vulnérabilité ID : CVE-2023-35948

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.

CVE ID : CVE-2023-35948
Source : security-advisories@github.com
Score CVSS : 5.4

Références :
https://github.com/novuhq/novu/pull/3510 | source : security-advisories@github.com
https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79 | source : security-advisories@github.com

Vulnérabilité : CWE-601


Vulnérabilité ID : CVE-2023-36462

Première publication le : 06-07-2023 20:15:09
Dernière modification le : 06-07-2023 20:15:09

Description :
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

CVE ID : CVE-2023-36462
Source : security-advisories@github.com
Score CVSS : 5.4

Références :
https://github.com/mastodon/mastodon/commit/610731b03dfcadd887078cb0399f4e514aa1931c | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v3.5.9 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.0.5 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/releases/tag/v4.1.3 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-55j9-c3mp-6fcq | source : security-advisories@github.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30663

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

CVE ID : CVE-2023-30663
Source : mobile.security@samsung.com
Score CVSS : 5.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30666

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

CVE ID : CVE-2023-30666
Source : mobile.security@samsung.com
Score CVSS : 5.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-3529

Première publication le : 06-07-2023 19:15:11
Dernière modification le : 06-07-2023 20:15:09

Description :
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3529
Source : cna@vuldb.com
Score CVSS : 5.3

Références :
https://vuldb.com/?ctiid.233253 | source : cna@vuldb.com
https://vuldb.com/?id.233253 | source : cna@vuldb.com

Vulnérabilité : CWE-203


Vulnérabilité ID : CVE-2023-30667

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.

CVE ID : CVE-2023-30667
Source : mobile.security@samsung.com
Score CVSS : 5.1

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30678

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.

CVE ID : CVE-2023-30678
Source : mobile.security@samsung.com
Score CVSS : 5.1

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-30676

Première publication le : 06-07-2023 03:15:12
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.

CVE ID : CVE-2023-30676
Source : mobile.security@samsung.com
Score CVSS : 4.6

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30665

Première publication le : 06-07-2023 03:15:11
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.

CVE ID : CVE-2023-30665
Source : mobile.security@samsung.com
Score CVSS : 4.4

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-3520

Première publication le : 06-07-2023 01:15:08
Dernière modification le : 06-07-2023 11:55:38

Description :
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CVE ID : CVE-2023-3520
Source : security@huntr.dev
Score CVSS : 4.3

Références :
https://github.com/it-novum/openitcockpit/commit/6c717f3c352e55257fc3fef2c5dec111f7d2ee6b | source : security@huntr.dev
https://huntr.dev/bounties/f3b277bb-91db-419e-bcc4-fe0b055d2551 | source : security@huntr.dev

Vulnérabilité : CWE-614


Vulnérabilité ID : CVE-2023-30640

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.

CVE ID : CVE-2023-30640
Source : mobile.security@samsung.com
Score CVSS : 4.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30641

Première publication le : 06-07-2023 03:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner&#39;s google account data.

CVE ID : CVE-2023-30641
Source : mobile.security@samsung.com
Score CVSS : 4.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-1298

Première publication le : 06-07-2023 18:15:10
Dernière modification le : 06-07-2023 18:15:10

Description :
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.

CVE ID : CVE-2023-1298
Source : psirt@servicenow.com
Score CVSS : 4.3

Références :
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230 | source : psirt@servicenow.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-23546

Première publication le : 06-07-2023 15:15:11
Dernière modification le : 06-07-2023 15:16:32

Description :
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE ID : CVE-2023-23546
Source : talos-cna@cisco.com
Score CVSS : 4.2

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1705 | source : talos-cna@cisco.com

Vulnérabilité : CWE-295


(1) Vulnérabilité(s) LOW [0.1, 3.9]

Vulnérabilité ID : CVE-2023-30648

Première publication le : 06-07-2023 03:15:10
Dernière modification le : 06-07-2023 11:55:38

Description :
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

CVE ID : CVE-2023-30648
Source : mobile.security@samsung.com
Score CVSS : 3.3

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07 | source : mobile.security@samsung.com

Vulnérabilité : CWE-787


(63) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Vulnérabilité ID : CVE-2022-46080

Première publication le : 06-07-2023 02:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.

CVE ID : CVE-2022-46080
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/yerodin/CVE-2022-46080 | source : cve@mitre.org
https://nexxtsolutions.com | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-24256

Première publication le : 06-07-2023 02:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.

CVE ID : CVE-2023-24256
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hhj4ck/JailBreakEC6/blob/main/BugReport.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-27225

Première publication le : 06-07-2023 02:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.

CVE ID : CVE-2023-27225
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@ridheshgohil1092/my-first-cve-2023-27225-f232650f6cde | source : cve@mitre.org
https://packetstormsecurity.com | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29656

Première publication le : 06-07-2023 02:15:09
Dernière modification le : 06-07-2023 11:55:38

Description :
An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.

CVE ID : CVE-2023-29656
Source : cve@mitre.org
Score CVSS : /

Références :
https://darktrace.com | source : cve@mitre.org
https://ramihub.github.io/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-46892

Première publication le : 06-07-2023 13:15:09
Dernière modification le : 06-07-2023 14:27:22

Description :
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2021-46892
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-701


Vulnérabilité ID : CVE-2021-46894

Première publication le : 06-07-2023 13:15:09
Dernière modification le : 06-07-2023 14:27:22

Description :
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVE ID : CVE-2021-46894
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2022-48507

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2022-48507
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-294


Vulnérabilité ID : CVE-2022-48508

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

CVE ID : CVE-2022-48508
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-264


Vulnérabilité ID : CVE-2022-48509

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.

CVE ID : CVE-2022-48509
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-476


Vulnérabilité ID : CVE-2022-48510

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.

CVE ID : CVE-2022-48510
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2022-48511

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.

CVE ID : CVE-2022-48511
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-843


Vulnérabilité ID : CVE-2022-48512

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CVE ID : CVE-2022-48512
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2022-48513

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE ID : CVE-2022-48513
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-290


Vulnérabilité ID : CVE-2022-48514

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2022-48514
Source : psirt@huawei.com
Score CVSS : /

Références :
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2022-48515

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2022-48515
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2022-48516

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.

CVE ID : CVE-2022-48516
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2022-48517

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.

CVE ID : CVE-2022-48517
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-701


Vulnérabilité ID : CVE-2022-48518

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVE ID : CVE-2022-48518
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-701


Vulnérabilité ID : CVE-2022-48519

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:22

Description :
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2022-48519
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2022-48520

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2022-48520
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-1691

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-1691
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-248


Vulnérabilité ID : CVE-2023-1695

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-1695
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-755


Vulnérabilité ID : CVE-2023-34164

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.

CVE ID : CVE-2023-34164
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-476


Vulnérabilité ID : CVE-2023-37238

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.

CVE ID : CVE-2023-37238
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-275


Vulnérabilité ID : CVE-2023-37239

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVE ID : CVE-2023-37239
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-37240

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE ID : CVE-2023-37240
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-37241

Première publication le : 06-07-2023 13:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

CVE ID : CVE-2023-37241
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-37242

Première publication le : 06-07-2023 13:15:11
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

CVE ID : CVE-2023-37242
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-639


Vulnérabilité ID : CVE-2023-37245

Première publication le : 06-07-2023 13:15:11
Dernière modification le : 06-07-2023 14:27:16

Description :
Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

CVE ID : CVE-2023-37245
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-3456

Première publication le : 06-07-2023 13:15:11
Dernière modification le : 06-07-2023 14:27:16

Description :
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-3456
Source : psirt@huawei.com
Score CVSS : /

Références :
https://consumer.huawei.com/en/support/bulletin/2023/7/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | source : psirt@huawei.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2020-21861

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.

CVE ID : CVE-2020-21861
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitee.com/annyshow/DuxCMS2.1/issues/I182Y4 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-21862

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.

CVE ID : CVE-2020-21862
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitee.com/annyshow/DuxCMS2.1/issues/I182Z5 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-22336

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.

CVE ID : CVE-2020-22336
Source : cve@mitre.org
Score CVSS : /

Références :
https://sourceforge.net/p/pdfcrack/bugs/12/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-46896

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.

CVE ID : CVE-2021-46896
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/PX4/PX4-Autopilot/issues/18369 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36188

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.

CVE ID : CVE-2023-36188
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hwchase17/langchain/issues/5872 | source : cve@mitre.org
https://github.com/hwchase17/langchain/pull/6003 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36189

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

CVE ID : CVE-2023-36189
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hwchase17/langchain/issues/5923 | source : cve@mitre.org
https://github.com/hwchase17/langchain/pull/6051 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36968

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter.

CVE ID : CVE-2023-36968
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/haxxorsid/food-ordering-system | source : cve@mitre.org
https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-0-authenticated-sql-injection/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36995

Première publication le : 06-07-2023 14:15:10
Dernière modification le : 06-07-2023 14:27:16

Description :
TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.

CVE ID : CVE-2023-36995
Source : cve@mitre.org
Score CVSS : /

Références :
https://bramdoessecurity.com/travianz-hacked/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30322

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30322
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81 | source : cve@mitre.org
https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30323

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.

CVE ID : CVE-2023-30323
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60 | source : cve@mitre.org
https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30325

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.

CVE ID : CVE-2023-30325
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60 | source : cve@mitre.org
https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30326

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30326
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12 | source : cve@mitre.org
https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36969

Première publication le : 06-07-2023 15:15:15
Dernière modification le : 06-07-2023 15:16:18

Description :
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.

CVE ID : CVE-2023-36969
Source : cve@mitre.org
Score CVSS : /

Références :
https://okankurtulus.com.tr/2023/06/26/cms-made-simple-v2-2-17-file-upload-remote-code-execution-rce-authenticated/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36970

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.

CVE ID : CVE-2023-36970
Source : cve@mitre.org
Score CVSS : /

Références :
https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37122

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.

CVE ID : CVE-2023-37122
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/bagesoft/bagecms/issues/6 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37124

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37124
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/seacms-com/seacms/issues/24 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37125

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37125
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/seacms-com/seacms/issues/25 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37131

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.

CVE ID : CVE-2023-37131
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/ken678/yzncms/issues/2 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37132

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37132
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/weng-xianhu/eyoucms/issues/45 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37133

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37133
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/weng-xianhu/eyoucms/issues/46 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37134

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37134
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/weng-xianhu/eyoucms/issues/47 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37135

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37135
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/weng-xianhu/eyoucms/issues/48 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37136

Première publication le : 06-07-2023 15:15:16
Dernière modification le : 06-07-2023 15:16:18

Description :
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-37136
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/weng-xianhu/eyoucms/issues/49 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29381

Première publication le : 06-07-2023 16:15:09
Dernière modification le : 06-07-2023 17:44:04

Description :
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

CVE ID : CVE-2023-29381
Source : cve@mitre.org
Score CVSS : /

Références :
https://wiki.zimbra.com/wiki/Security_Center | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29382

Première publication le : 06-07-2023 16:15:09
Dernière modification le : 06-07-2023 17:44:04

Description :
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE ID : CVE-2023-29382
Source : cve@mitre.org
Score CVSS : /

Références :
https://wiki.zimbra.com/wiki/Security_Center | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30319

Première publication le : 06-07-2023 16:15:09
Dernière modification le : 06-07-2023 17:44:04

Description :
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30319
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40 | source : cve@mitre.org
https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30320

Première publication le : 06-07-2023 16:15:09
Dernière modification le : 06-07-2023 17:44:04

Description :
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30320
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81 | source : cve@mitre.org
https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30321

Première publication le : 06-07-2023 16:15:09
Dernière modification le : 06-07-2023 17:44:04

Description :
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

CVE ID : CVE-2023-30321
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 | source : cve@mitre.org
https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-34192

Première publication le : 06-07-2023 16:15:10
Dernière modification le : 06-07-2023 17:44:04

Description :
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

CVE ID : CVE-2023-34192
Source : cve@mitre.org
Score CVSS : /

Références :
https://wiki.zimbra.com/wiki/Security_Center | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-34193

Première publication le : 06-07-2023 16:15:10
Dernière modification le : 06-07-2023 17:44:04

Description :
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

CVE ID : CVE-2023-34193
Source : cve@mitre.org
Score CVSS : /

Références :
https://wiki.zimbra.com/wiki/Security_Center | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy | source : cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37453

Première publication le : 06-07-2023 17:15:14
Dernière modification le : 06-07-2023 17:44:04

Description :
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

CVE ID : CVE-2023-37453
Source : cve@mitre.org
Score CVSS : /

Références :
https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca@google.com/T/ | source : cve@mitre.org
https://lore.kernel.org/all/000000000000e56434059580f86e@google.com/T/ | source : cve@mitre.org
https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37454

Première publication le : 06-07-2023 17:15:14
Dernière modification le : 06-07-2023 17:44:04

Description :
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c.

CVE ID : CVE-2023-37454
Source : cve@mitre.org
Score CVSS : /

Références :
https://lore.kernel.org/all/00000000000056e02f05dfb6e11a@google.com/T/ | source : cve@mitre.org
https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55 | source : cve@mitre.org
https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57 | source : cve@mitre.org
https://syzkaller.appspot.com/bug?extid=61564e5023b7229ec85d | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29824

Première publication le : 06-07-2023 21:15:09
Dernière modification le : 06-07-2023 21:15:09

Description :
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.

CVE ID : CVE-2023-29824
Source : cve@mitre.org
Score CVSS : /

Références :
http://www.square16.org/achievement/cve-2023-29824/ | source : cve@mitre.org
https://github.com/scipy/scipy/issues/14713 | source : cve@mitre.org
https://github.com/scipy/scipy/pull/15013 | source : cve@mitre.org


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.