Dernières vulnérabilités du Lundi 11 Septembre 2023 + weekend

Dernières vulnérabilités du Lundi 11 Septembre 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 11/09/2023 à 23:58:01

(2) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : hq.dhs.gov

Vulnérabilité ID : CVE-2023-40150

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
?The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0

CVE ID : CVE-2023-40150
Source : ics-cert@hq.dhs.gov
Score CVSS : 9.8

Références :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-248-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-749


Vulnérabilité ID : CVE-2023-41256

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

CVE ID : CVE-2023-41256
Source : ics-cert@hq.dhs.gov
Score CVSS : 9.1

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-288


(19) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : hq.dhs.gov

Vulnérabilité ID : CVE-2023-36497

Première publication le : 11-09-2023 20:15:09
Dernière modification le : 11-09-2023 20:15:09

Description :
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.

CVE ID : CVE-2023-36497
Source : ics-cert@hq.dhs.gov
Score CVSS : 8.8

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-284


Source : us.ibm.com

Vulnérabilité ID : CVE-2022-33164

Première publication le : 08-09-2023 20:15:14
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.

CVE ID : CVE-2022-33164
Source : psirt@us.ibm.com
Score CVSS : 8.7

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228579 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031021 | source : psirt@us.ibm.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38736

Première publication le : 08-09-2023 19:15:43
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.

CVE ID : CVE-2023-38736
Source : psirt@us.ibm.com
Score CVSS : 7.5

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/262542 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030703 | source : psirt@us.ibm.com


Vulnérabilité ID : CVE-2023-30995

Première publication le : 08-09-2023 21:15:45
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.

CVE ID : CVE-2023-30995
Source : psirt@us.ibm.com
Score CVSS : 7.5

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254268 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4897

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

CVE ID : CVE-2023-4897
Source : security@huntr.dev
Score CVSS : 8.7

Références :
https://github.com/mintplex-labs/anything-llm/commit/3c88aec034934bcbad30c5ef1cab62cbbdb98e64 | source : security@huntr.dev
https://huntr.dev/bounties/0631af48-84a3-4019-85db-f0f8b12cb0ab | source : security@huntr.dev

Vulnérabilité : CWE-23


Vulnérabilité ID : CVE-2023-4876

Première publication le : 10-09-2023 01:15:08
Dernière modification le : 10-09-2023 19:45:57

Description :
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

CVE ID : CVE-2023-4876
Source : security@huntr.dev
Score CVSS : 7.9

Références :
https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8 | source : security@huntr.dev
https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a | source : security@huntr.dev

Vulnérabilité : CWE-200


Source : nbu.gov.sk

Vulnérabilité ID : CVE-2023-3612

Première publication le : 11-09-2023 10:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

CVE ID : CVE-2023-3612
Source : incident@nbu.gov.sk
Score CVSS : 8.2

Références :
https://www.sk-cert.sk/sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10 | source : incident@nbu.gov.sk

Vulnérabilité : CWE-749


Source : mitre.org

Vulnérabilité ID : CVE-2022-23382

Première publication le : 11-09-2023 15:15:52
Dernière modification le : 11-09-2023 18:02:20

Description :
Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network.

CVE ID : CVE-2022-23382
Source : cve@mitre.org
Score CVSS : 8.1

Références :
http://lackylab.pl/articles/CVE-2022-23382.html | source : cve@mitre.org


Source : adobe.com

Vulnérabilité ID : CVE-2019-16470

Première publication le : 11-09-2023 14:15:07
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2019-16470
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html | source : psirt@adobe.com

Vulnérabilité : CWE-121


Vulnérabilité ID : CVE-2019-16471

Première publication le : 11-09-2023 14:15:07
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2019-16471
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2022-28831

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28831
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/indesign/apsb22-23.html | source : psirt@adobe.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2022-28832

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28832
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/indesign/apsb22-23.html | source : psirt@adobe.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2022-28833

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28833
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/indesign/apsb22-23.html | source : psirt@adobe.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2022-28834

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28834
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/incopy/apsb22-28.html | source : psirt@adobe.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2022-28835

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28835
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/incopy/apsb22-28.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2022-28836

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-28836
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/incopy/apsb22-28.html | source : psirt@adobe.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2022-34224

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-34224
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2022-34227

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-34227
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4844

Première publication le : 08-09-2023 22:15:12
Dernière modification le : 11-09-2023 16:40:46

Description :
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability.

CVE ID : CVE-2023-4844
Source : cna@vuldb.com
Score CVSS : 7.5

Références :
https://github.com/Meizhi-hua/cve/blob/main/Simple-Membership-System%20club_edit_query.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.239253 | source : cna@vuldb.com
https://vuldb.com/?id.239253 | source : cna@vuldb.com

Vulnérabilité : CWE-89

Produit vulnérable : cpe:2.3:a:simple_membership_system_project:simple_membership_system:1.0:*:*:*:*:*:*:*


(46) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : hitachienergy.com

Vulnérabilité ID : CVE-2023-4816

Première publication le : 11-09-2023 08:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.

CVE ID : CVE-2023-4816
Source : cybersecurity@hitachienergy.com
Score CVSS : 6.9

Références :
https://images.go.hitachienergy.com/Web/ABBEnterpriseSoftware/%7B70b3d323-4866-42e1-8a75-58996729c1d4%7D_8DBD000172-VU-2023-23_Asset_Suite_Tagout_vulnerability_Rev1.pdf | source : cybersecurity@hitachienergy.com

Vulnérabilité : CWE-287


Source : hq.dhs.gov

Vulnérabilité ID : CVE-2023-38256

Première publication le : 11-09-2023 20:15:09
Dernière modification le : 11-09-2023 20:15:09

Description :
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.

CVE ID : CVE-2023-38256
Source : ics-cert@hq.dhs.gov
Score CVSS : 6.8

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-39227

Première publication le : 11-09-2023 20:15:09
Dernière modification le : 11-09-2023 20:15:09

Description :
?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.

CVE ID : CVE-2023-39227
Source : ics-cert@hq.dhs.gov
Score CVSS : 6.1

Références :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-248-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-256


Source : redhat.com

Vulnérabilité ID : CVE-2022-1415

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

CVE ID : CVE-2022-1415
Source : secalert@redhat.com
Score CVSS : 6.8

Références :
https://access.redhat.com/errata/RHSA-2022:6813 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-1415 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | source : secalert@redhat.com


Vulnérabilité ID : CVE-2023-4881

Première publication le : 11-09-2023 17:15:07
Dernière modification le : 11-09-2023 18:02:20

Description :
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.

CVE ID : CVE-2023-4881
Source : secalert@redhat.com
Score CVSS : 6.1

Références :
https://access.redhat.com/security/cve/CVE-2023-4881 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2238312 | source : secalert@redhat.com


Source : qnapsecurity.com.tw

Vulnérabilité ID : CVE-2022-27599

Première publication le : 08-09-2023 02:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

CVE ID : CVE-2022-27599
Source : security@qnapsecurity.com.tw
Score CVSS : 6.7

Références :
https://www.qnap.com/en/security-advisory/qsa-23-08 | source : security@qnapsecurity.com.tw

Vulnérabilité : CWE-532


Source : github.com

Vulnérabilité ID : CVE-2023-41336

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.

CVE ID : CVE-2023-41336
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml | source : security-advisories@github.com
https://github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c | source : security-advisories@github.com
https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x | source : security-advisories@github.com
https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax | source : security-advisories@github.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-40032

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

CVE ID : CVE-2023-40032
Source : security-advisories@github.com
Score CVSS : 5.5

Références :
https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b | source : security-advisories@github.com
https://github.com/libvips/libvips/pull/3604 | source : security-advisories@github.com
https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584 | source : security-advisories@github.com

Vulnérabilité : CWE-476


Vulnérabilité ID : CVE-2023-41338

Première publication le : 08-09-2023 19:15:43
Dernière modification le : 10-09-2023 19:45:57

Description :
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.

CVE ID : CVE-2023-41338
Source : security-advisories@github.com
Score CVSS : 5.3

Références :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For | source : security-advisories@github.com
https://docs.gofiber.io/api/ctx#isfromlocal | source : security-advisories@github.com
https://github.com/gofiber/fiber/commit/b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dc | source : security-advisories@github.com
https://github.com/gofiber/fiber/security/advisories/GHSA-3q5p-3558-364f | source : security-advisories@github.com

Vulnérabilité : CWE-670


Vulnérabilité ID : CVE-2023-41318

Première publication le : 08-09-2023 20:15:14
Dernière modification le : 10-09-2023 19:45:57

Description :
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.

CVE ID : CVE-2023-41318
Source : security-advisories@github.com
Score CVSS : 4.1

Références :
https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script | source : security-advisories@github.com
https://github.com/turt2live/matrix-media-repo/commit/77ec2354e8f46d5ef149d1dcaf25f51c04149137 | source : security-advisories@github.com
https://github.com/turt2live/matrix-media-repo/commit/bf8abdd7a5371118e280c65a8e0ec2b2e9bdaf59 | source : security-advisories@github.com
https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-5crw-6j7v-xc72 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4838

Première publication le : 09-09-2023 02:15:46
Dernière modification le : 10-09-2023 19:45:57

Description :
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4838
Source : security@wordfence.com
Score CVSS : 6.4

Références :
https://plugins.trac.wordpress.org/changeset/2963794 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : hashicorp.com

Vulnérabilité ID : CVE-2023-4782

Première publication le : 08-09-2023 18:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

CVE ID : CVE-2023-4782
Source : security@hashicorp.com
Score CVSS : 6.3

Références :
https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082 | source : security@hashicorp.com

Vulnérabilité : CWE-22


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4845

Première publication le : 09-09-2023 07:15:50
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4845
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/BigBaos/MemShipVul/blob/main/Simple-Membership-System%20account_edit_query.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.239254 | source : cna@vuldb.com
https://vuldb.com/?id.239254 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4846

Première publication le : 09-09-2023 08:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.

CVE ID : CVE-2023-4846
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Swpan2018/Vulhub/blob/main/Simple-Membership-System%20delete_member.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.239255 | source : cna@vuldb.com
https://vuldb.com/?id.239255 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4848

Première publication le : 09-09-2023 10:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.

CVE ID : CVE-2023-4848
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239257 | source : cna@vuldb.com
https://vuldb.com/?id.239257 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4849

Première publication le : 09-09-2023 11:15:14
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239258 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4849
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/TinkAnet/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239258 | source : cna@vuldb.com
https://vuldb.com/?id.239258 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4850

Première publication le : 09-09-2023 12:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.

CVE ID : CVE-2023-4850
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/RCEraser/cve/blob/main/sql_inject_2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239259 | source : cna@vuldb.com
https://vuldb.com/?id.239259 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4851

Première publication le : 09-09-2023 12:15:08
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.

CVE ID : CVE-2023-4851
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/liuqiba12345678/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239260 | source : cna@vuldb.com
https://vuldb.com/?id.239260 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4852

Première publication le : 09-09-2023 13:15:21
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.

CVE ID : CVE-2023-4852
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/r1pte/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239261 | source : cna@vuldb.com
https://vuldb.com/?id.239261 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4866

Première publication le : 10-09-2023 00:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239351.

CVE ID : CVE-2023-4866
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://blog.csdn.net/weixin_43864034/article/details/132697070 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239351 | source : cna@vuldb.com
https://vuldb.com/?id.239351 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4867

Première publication le : 10-09-2023 01:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352.

CVE ID : CVE-2023-4867
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/fortunate888/cve/blob/main/sql_inject_1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239352 | source : cna@vuldb.com
https://vuldb.com/?id.239352 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4871

Première publication le : 10-09-2023 03:15:16
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356.

CVE ID : CVE-2023-4871
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://skypoc.wordpress.com/2023/09/05/vuln1/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239356 | source : cna@vuldb.com
https://vuldb.com/?id.239356 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4872

Première publication le : 10-09-2023 03:15:17
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.

CVE ID : CVE-2023-4872
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://skypoc.wordpress.com/2023/09/05/vuln1/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239357 | source : cna@vuldb.com
https://vuldb.com/?id.239357 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4873

Première publication le : 10-09-2023 03:15:18
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4873
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/cugerQDHJ/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239358 | source : cna@vuldb.com
https://vuldb.com/?id.239358 | source : cna@vuldb.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-4865

Première publication le : 09-09-2023 23:15:40
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4865
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://skypoc.wordpress.com/2023/09/05/sourcecodester-take-note-app-v1-0-has-multiple-vulnerabilities/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239350 | source : cna@vuldb.com
https://vuldb.com/?id.239350 | source : cna@vuldb.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-4868

Première publication le : 10-09-2023 01:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.

CVE ID : CVE-2023-4868
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://skypoc.wordpress.com/2023/09/05/vuln1/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239353 | source : cna@vuldb.com
https://vuldb.com/?id.239353 | source : cna@vuldb.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-4869

Première publication le : 10-09-2023 01:15:08
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4869
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://skypoc.wordpress.com/2023/09/05/vuln1/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239354 | source : cna@vuldb.com
https://vuldb.com/?id.239354 | source : cna@vuldb.com

Vulnérabilité : CWE-352


Source : sap.com

Vulnérabilité ID : CVE-2023-40306

Première publication le : 08-09-2023 22:15:11
Dernière modification le : 10-09-2023 19:45:57

Description :
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.

CVE ID : CVE-2023-40306
Source : cna@sap.com
Score CVSS : 6.1

Références :
https://me.sap.com/notes/3156972 | source : cna@sap.com

Vulnérabilité : CWE-601


Source : mitre.org

Vulnérabilité ID : CVE-2023-37368

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.

CVE ID : CVE-2023-37368
Source : cve@mitre.org
Score CVSS : 5.9

Références :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37367

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.

CVE ID : CVE-2023-37367
Source : cve@mitre.org
Score CVSS : 5.3

Références :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Source : us.ibm.com

Vulnérabilité ID : CVE-2022-22405

Première publication le : 08-09-2023 21:15:44
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.

CVE ID : CVE-2022-22405
Source : psirt@us.ibm.com
Score CVSS : 5.9

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/222576 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com

Vulnérabilité : CWE-311


Vulnérabilité ID : CVE-2022-22401

Première publication le : 08-09-2023 22:15:09
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.

CVE ID : CVE-2022-22401
Source : psirt@us.ibm.com
Score CVSS : 5.9

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/222567 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com


Vulnérabilité ID : CVE-2023-24965

Première publication le : 08-09-2023 21:15:44
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.

CVE ID : CVE-2023-24965
Source : psirt@us.ibm.com
Score CVSS : 5.8

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/246713 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com


Vulnérabilité ID : CVE-2023-32332

Première publication le : 08-09-2023 20:15:14
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.

CVE ID : CVE-2023-32332
Source : psirt@us.ibm.com
Score CVSS : 5.4

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030367 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030926 | source : psirt@us.ibm.com


Vulnérabilité ID : CVE-2022-22402

Première publication le : 08-09-2023 22:15:09
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.

CVE ID : CVE-2022-22402
Source : psirt@us.ibm.com
Score CVSS : 5.4

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/222571 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2022-22409

Première publication le : 08-09-2023 22:15:09
Dernière modification le : 10-09-2023 19:45:57

Description :
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.

CVE ID : CVE-2022-22409
Source : psirt@us.ibm.com
Score CVSS : 5.3

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/222592 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com

Vulnérabilité : CWE-200


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4877

Première publication le : 10-09-2023 01:15:08
Dernière modification le : 10-09-2023 19:45:57

Description :
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

CVE ID : CVE-2023-4877
Source : security@huntr.dev
Score CVSS : 5.5

Références :
https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7 | source : security@huntr.dev
https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84 | source : security@huntr.dev

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-4878

Première publication le : 10-09-2023 18:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE ID : CVE-2023-4878
Source : security@huntr.dev
Score CVSS : 4.3

Références :
https://github.com/instantsoft/icms2/commit/d0aeeaf5979fbdbf80dc3a3227d6c58442ab7487 | source : security@huntr.dev
https://huntr.dev/bounties/655c4f77-04b2-4220-bfaf-a4d99fe86703 | source : security@huntr.dev

Vulnérabilité : CWE-918


Source : adobe.com

Vulnérabilité ID : CVE-2019-7819

Première publication le : 11-09-2023 14:15:08
Dernière modification le : 11-09-2023 14:26:36

Description :
Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2019-7819
Source : psirt@adobe.com
Score CVSS : 5.5

Références :
https://helpx.adobe.com/security/products/acrobat/apsb19-17.html | source : psirt@adobe.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2022-34238

Première publication le : 11-09-2023 14:15:09
Dernière modification le : 11-09-2023 14:26:36

Description :
Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2022-34238
Source : psirt@adobe.com
Score CVSS : 5.5

Références :
https://helpx.adobe.com/security/products/acrobat/apsb22-32.html | source : psirt@adobe.com

Vulnérabilité : CWE-125


Source : vmware.com

Vulnérabilité ID : CVE-2023-34041

Première publication le : 08-09-2023 08:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

CVE ID : CVE-2023-34041
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/ | source : security@vmware.com


Source : emc.com

Vulnérabilité ID : CVE-2023-32470

Première publication le : 08-09-2023 06:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

CVE ID : CVE-2023-32470
Source : security_alert@emc.com
Score CVSS : 5.0

Références :
https://www.dell.com/support/kbdoc/en-us/000216243/dsa-2023-224 | source : security_alert@emc.com

Vulnérabilité : CWE-1386


Source : gitlab.com

Vulnérabilité ID : CVE-2023-4630

Première publication le : 11-09-2023 14:15:09
Dernière modification le : 11-09-2023 14:26:36

Description :
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.

CVE ID : CVE-2023-4630
Source : cve@gitlab.com
Score CVSS : 5.0

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/415117 | source : cve@gitlab.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-4874

Première publication le : 09-09-2023 15:15:34
Dernière modification le : 11-09-2023 04:15:10

Description :
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12

CVE ID : CVE-2023-4874
Source : cve@gitlab.com
Score CVSS : 4.3

Références :
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch | source : cve@gitlab.com
https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch | source : cve@gitlab.com
https://www.debian.org/security/2023/dsa-5494 | source : cve@gitlab.com

Vulnérabilité : CWE-475


Source : pega.com

Vulnérabilité ID : CVE-2023-4843

Première publication le : 08-09-2023 17:15:30
Dernière modification le : 08-09-2023 17:36:26

Description :
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

CVE ID : CVE-2023-4843
Source : security@pega.com
Score CVSS : 4.3

Références :
https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? | source : security@pega.com

Vulnérabilité : CWE-74


Source : hcl.com

Vulnérabilité ID : CVE-2023-28010

Première publication le : 08-09-2023 18:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.

CVE ID : CVE-2023-28010
Source : psirt@hcl.com
Score CVSS : 4.0

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107388 | source : psirt@hcl.com


(8) Vulnérabilité(s) LOW [0.1, 3.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-4847

Première publication le : 09-09-2023 08:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.

CVE ID : CVE-2023-4847
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239256 | source : cna@vuldb.com
https://vuldb.com/?id.239256 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4864

Première publication le : 09-09-2023 21:15:43
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.

CVE ID : CVE-2023-4864
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://skypoc.wordpress.com/2023/09/05/sourcecodester-take-note-app-v1-0-has-multiple-vulnerabilities/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239349 | source : cna@vuldb.com
https://vuldb.com/?id.239349 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4870

Première publication le : 10-09-2023 02:15:12
Dernière modification le : 10-09-2023 19:45:57

Description :
A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355.

CVE ID : CVE-2023-4870
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://skypoc.wordpress.com/2023/09/05/vuln1/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.239355 | source : cna@vuldb.com
https://vuldb.com/?id.239355 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4879

Première publication le : 10-09-2023 18:15:08
Dernière modification le : 10-09-2023 19:45:57

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.

CVE ID : CVE-2023-4879
Source : security@huntr.dev
Score CVSS : 3.5

Références :
https://github.com/instantsoft/icms2/commit/d0aeeaf5979fbdbf80dc3a3227d6c58442ab7487 | source : security@huntr.dev
https://huntr.dev/bounties/7df6b167-3c39-4563-9b8a-33613e25cf27 | source : security@huntr.dev

Vulnérabilité : CWE-79


Source : qualys.com

Vulnérabilité ID : CVE-2023-4777

Première publication le : 08-09-2023 09:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.

CVE ID : CVE-2023-4777
Source : bugreport@qualys.com
Score CVSS : 3.1

Références :
https://www.qualys.com/security-advisories/ | source : bugreport@qualys.com

Vulnérabilité : CWE-732


Source : gitlab.com

Vulnérabilité ID : CVE-2023-4875

Première publication le : 09-09-2023 15:15:35
Dernière modification le : 11-09-2023 04:15:11

Description :
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

CVE ID : CVE-2023-4875
Source : cve@gitlab.com
Score CVSS : 2.2

Références :
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch | source : cve@gitlab.com
https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch | source : cve@gitlab.com
https://www.debian.org/security/2023/dsa-5494 | source : cve@gitlab.com

Vulnérabilité : CWE-475


Source : mitre.org

Vulnérabilité ID : CVE-2023-37377

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.

CVE ID : CVE-2023-37377
Source : cve@mitre.org
Score CVSS : 2.0

Références :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40353

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.

CVE ID : CVE-2023-40353
Source : cve@mitre.org
Score CVSS : 2.0

Références :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


(113) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2021-33834

Première publication le : 08-09-2023 02:15:07
Dernière modification le : 08-09-2023 12:58:44

Description :
An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.

CVE ID : CVE-2021-33834
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.insyde.com/security-pledge | source : cve@mitre.org
https://www.insyde.com/security-pledge/SA-2021004 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-45811

Première publication le : 08-09-2023 02:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

CVE ID : CVE-2021-45811
Source : cve@mitre.org
Score CVSS : /

Références :
http://enhancesoft.com | source : cve@mitre.org
http://osticket.com | source : cve@mitre.org
https://members.backbox.org/osticket-sql-injection/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36184

Première publication le : 08-09-2023 02:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.

CVE ID : CVE-2023-36184
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b | source : cve@mitre.org
https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963 | source : cve@mitre.org
https://github.com/move-language/move/issues/1059 | source : cve@mitre.org
https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40271

Première publication le : 08-09-2023 02:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.

CVE ID : CVE-2023-40271
Source : cve@mitre.org
Score CVSS : /

Références :
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst | source : cve@mitre.org
https://tf-m-user-guide.trustedfirmware.org/releases/index.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-27715

Première publication le : 08-09-2023 03:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.

CVE ID : CVE-2021-27715
Source : cve@mitre.org
Score CVSS : /

Références :
http://mofi.com | source : cve@mitre.org
https://www.nagarro.com/services/security/mofi-cve-security-advisory | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37759

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

CVE ID : CVE-2023-37759
Source : cve@mitre.org
Score CVSS : /

Références :
https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 | source : cve@mitre.org
https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html | source : cve@mitre.org
https://tregix.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39620

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.

CVE ID : CVE-2023-39620
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40953

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-40953
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/ChubbyZ/e1e5c1858c389334dcf581a19c741308 | source : cve@mitre.org
https://www.icmsdev.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41594

Première publication le : 08-09-2023 03:15:08
Dernière modification le : 08-09-2023 12:58:39

Description :
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

CVE ID : CVE-2023-41594
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594 | source : cve@mitre.org
https://portswigger.net/web-security/sql-injection | source : cve@mitre.org
https://www.acunetix.com/vulnerabilities/web/sql-injection/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41615

Première publication le : 08-09-2023 03:15:09
Dernière modification le : 08-09-2023 12:58:39

Description :
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.

CVE ID : CVE-2023-41615
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@guravtushar231/sql-injection-in-login-field-a9073780f7e8 | source : cve@mitre.org
https://phpgurukul.com/student-management-system-using-php-and-mysql/ | source : cve@mitre.org
https://portswigger.net/web-security/sql-injection | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39076

Première publication le : 08-09-2023 13:15:07
Dernière modification le : 08-09-2023 17:36:26

Description :
Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.

CVE ID : CVE-2023-39076
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39584

Première publication le : 08-09-2023 13:15:07
Dernière modification le : 08-09-2023 17:36:26

Description :
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.

CVE ID : CVE-2023-39584
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.js#L49 | source : cve@mitre.org
https://github.com/hexojs/hexo/issues/5250 | source : cve@mitre.org
https://www.gem-love.com/2023/07/25/hexo%E5%8D%9A%E5%AE%A2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%92%8C%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/#undefined | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40924

Première publication le : 08-09-2023 13:15:08
Dernière modification le : 08-09-2023 17:36:26

Description :
SolarView Compact < 6.00 is vulnerable to Directory Traversal.

CVE ID : CVE-2023-40924
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Yobing1/CVE-2023-40924/blob/main/README.md | source : cve@mitre.org
https://nvd.nist.gov/vuln/detail/CVE-2023-33620 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39676

Première publication le : 08-09-2023 14:15:11
Dernière modification le : 11-09-2023 09:15:08

Description :
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.

CVE ID : CVE-2023-39676
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ | source : cve@mitre.org
https://sorcery.ie | source : cve@mitre.org
https://themeforest.net/user/fieldthemes | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39712

Première publication le : 08-09-2023 18:15:07
Dernière modification le : 10-09-2023 19:45:57

Description :
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.

CVE ID : CVE-2023-39712
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457#file-cve-2023-39712 | source : cve@mitre.org
https://www.sourcecodester.com/ | source : cve@mitre.org
https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41575

Première publication le : 08-09-2023 19:15:44
Dernière modification le : 10-09-2023 19:45:57

Description :
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.

CVE ID : CVE-2023-41575
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/soundarkutty/Stored-xss/blob/main/poc | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41578

Première publication le : 08-09-2023 19:15:44
Dernière modification le : 10-09-2023 19:45:57

Description :
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.

CVE ID : CVE-2023-41578
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Snakinya/Bugs/issues/1 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42268

Première publication le : 08-09-2023 19:15:44
Dernière modification le : 10-09-2023 19:45:57

Description :
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.

CVE ID : CVE-2023-42268
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/jeecgboot/jeecg-boot/issues/5311 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42276

Première publication le : 08-09-2023 22:15:11
Dernière modification le : 10-09-2023 19:45:57

Description :
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.

CVE ID : CVE-2023-42276
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/dromara/hutool/issues/3286 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42277

Première publication le : 08-09-2023 22:15:11
Dernière modification le : 10-09-2023 19:45:57

Description :
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

CVE ID : CVE-2023-42277
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/dromara/hutool/issues/3285 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42278

Première publication le : 08-09-2023 22:15:12
Dernière modification le : 10-09-2023 19:45:57

Description :
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().

CVE ID : CVE-2023-42278
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/dromara/hutool/issues/3289 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41564

Première publication le : 08-09-2023 23:15:11
Dernière modification le : 10-09-2023 19:45:57

Description :
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

CVE ID : CVE-2023-41564
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41915

Première publication le : 09-09-2023 22:15:09
Dernière modification le : 10-09-2023 19:45:57

Description :
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CVE ID : CVE-2023-41915
Source : cve@mitre.org
Score CVSS : /

Références :
https://docs.openpmix.org/en/latest/security.html | source : cve@mitre.org
https://github.com/openpmix/openpmix/releases/tag/v4.2.6 | source : cve@mitre.org
https://github.com/openpmix/openpmix/releases/tag/v5.0.1 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42467

Première publication le : 11-09-2023 04:15:10
Dernière modification le : 11-09-2023 12:41:46

Description :
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

CVE ID : CVE-2023-42467
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitlab.com/qemu-project/qemu/-/issues/1813 | source : cve@mitre.org
https://gitlab.com/thuth/qemu/-/commit/3f91104484e5bf55b56d7e1b039a4a5a17d0c1a7 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40040

Première publication le : 11-09-2023 06:15:43
Dernière modification le : 11-09-2023 12:41:46

Description :
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.

CVE ID : CVE-2023-40040
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/actuator/cve/blob/main/CVE-2023-40040 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40039

Première publication le : 11-09-2023 07:15:08
Dernière modification le : 11-09-2023 12:41:46

Description :
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.

CVE ID : CVE-2023-40039
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40039 | source : cve@mitre.org
https://i.ebayimg.com/images/g/-UcAAOSwDe1kyD-Z/s-l1600.png | source : cve@mitre.org
https://i.ebayimg.com/images/g/4P0AAOSwdhxkrZtt/s-l1600.jpg | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-35845

Première publication le : 11-09-2023 08:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.

CVE ID : CVE-2023-35845
Source : cve@mitre.org
Score CVSS : /

Références :
https://uponfurtherinvestigation.blogspot.com/2023/06/cve-2023-35845-anaconda3-creates.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42470

Première publication le : 11-09-2023 08:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.

CVE ID : CVE-2023-42470
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md | source : cve@mitre.org
https://github.com/actuator/imou/blob/main/poc.apk | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-42471

Première publication le : 11-09-2023 08:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).

CVE ID : CVE-2023-42471
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/actuator/wave.ai.browser/blob/main/CWE-94.md | source : cve@mitre.org
https://github.com/actuator/wave.ai.browser/blob/main/poc.apk | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36161

Première publication le : 11-09-2023 13:15:24
Dernière modification le : 11-09-2023 14:26:36

Description :
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.

CVE ID : CVE-2023-36161
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36980

Première publication le : 11-09-2023 14:15:09
Dernière modification le : 11-09-2023 14:26:36

Description :
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.

CVE ID : CVE-2023-36980
Source : cve@mitre.org
Score CVSS : /

Références :
https://etherscan.io/ | source : cve@mitre.org
https://github.com/WayneLi12/CVEs/tree/master/CVE-2023-36980 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40786

Première publication le : 11-09-2023 14:15:09
Dernière modification le : 11-09-2023 14:26:36

Description :
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.

CVE ID : CVE-2023-40786
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitee.com/Hk_Cms/HkCms/issues/I7S3VC | source : cve@mitre.org
https://www.hkcms.cn/index/index/uplogs.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24088

Première publication le : 11-09-2023 15:15:52
Dernière modification le : 11-09-2023 18:02:20

Description :
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.

CVE ID : CVE-2020-24088
Source : cve@mitre.org
Score CVSS : /

Références :
http://blog.rewolf.pl/blog/?p=1630 | source : cve@mitre.org
http://dronesec.pw/blog/2018/05/17/dell-supportassist-local-privilege-escalation/ | source : cve@mitre.org
https://github.com/rjt-gupta/CVE-2020-24088 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-27470

Première publication le : 11-09-2023 15:15:52
Dernière modification le : 11-09-2023 18:02:20

Description :
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

CVE ID : CVE-2023-27470
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0011.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36140

Première publication le : 11-09-2023 15:16:00
Dernière modification le : 11-09-2023 18:02:20

Description :
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.

CVE ID : CVE-2023-36140
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41000

Première publication le : 11-09-2023 15:16:02
Dernière modification le : 11-09-2023 18:02:20

Description :
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

CVE ID : CVE-2023-41000
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/gpac/gpac/issues/2550 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30058

Première publication le : 11-09-2023 16:15:07
Dernière modification le : 11-09-2023 18:02:20

Description :
novel-plus 3.6.2 is vulnerable to SQL Injection.

CVE ID : CVE-2023-30058
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/Rabb1tQ/HillstoneCVEs/tree/main/CVE-2023-30058 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19318

Première publication le : 11-09-2023 18:15:09
Dernière modification le : 11-09-2023 19:08:33

Description :
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.

CVE ID : CVE-2020-19318
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hhhhu8045759/dir_605L-stack-overflow/blob/master/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39067

Première publication le : 11-09-2023 18:15:10
Dernière modification le : 11-09-2023 19:08:33

Description :
Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL.

CVE ID : CVE-2023-39067
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Yao-ruo/CVE-FIND/blob/main/CVE-2023-39067 | source : cve@mitre.org
https://github.com/Yao-ruo/CVE-ZLMediaKit/blob/main/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41593

Première publication le : 11-09-2023 18:15:10
Dernière modification le : 11-09-2023 19:08:33

Description :
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.

CVE ID : CVE-2023-41593
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41593 | source : cve@mitre.org
https://portswigger.net/web-security/cross-site-scripting | source : cve@mitre.org
https://www.acunetix.com/websitesecurity/cross-site-scripting/ | source : cve@mitre.org
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41609

Première publication le : 11-09-2023 18:15:10
Dernière modification le : 11-09-2023 19:08:33

Description :
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

CVE ID : CVE-2023-41609
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/CouchCMS/CouchCMS/issues/190 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19319

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.

CVE ID : CVE-2020-19319
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hhhhu8045759/dir_619l-buffer-overflow | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19320

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.

CVE ID : CVE-2020-19320
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hhhhu8045759/dlink-619l-buffer_overflow | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19323

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required

CVE ID : CVE-2020-19323
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/hhhhu8045759/619L_upnpd_heapoverflow | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19559

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.

CVE ID : CVE-2020-19559
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31067

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.

CVE ID : CVE-2023-31067
Source : cve@mitre.org
Score CVSS : /

Références :
http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html | source : cve@mitre.org
https://www.exploit-db.com/exploits/51679 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31068

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.

CVE ID : CVE-2023-31068
Source : cve@mitre.org
Score CVSS : /

Références :
http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html | source : cve@mitre.org
https://www.exploit-db.com/exploits/51680 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31069

Première publication le : 11-09-2023 19:15:41
Dernière modification le : 11-09-2023 19:15:41

Description :
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.

CVE ID : CVE-2023-31069
Source : cve@mitre.org
Score CVSS : /

Références :
http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html | source : cve@mitre.org
https://www.exploit-db.com/exploits/51681 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31468

Première publication le : 11-09-2023 19:15:42
Dernière modification le : 11-09-2023 19:15:42

Description :
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.

CVE ID : CVE-2023-31468
Source : cve@mitre.org
Score CVSS : /

Références :
http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html | source : cve@mitre.org
https://www.exploit-db.com/exploits/51682 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38743

Première publication le : 11-09-2023 19:15:42
Dernière modification le : 11-09-2023 19:15:42

Description :
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.

CVE ID : CVE-2023-38743
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38829

Première publication le : 11-09-2023 19:15:42
Dernière modification le : 11-09-2023 19:15:42

Description :
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

CVE ID : CVE-2023-38829
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39063

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.

CVE ID : CVE-2023-39063
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/AndreGNogueira/CVE-2023-39063 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39068

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component.

CVE ID : CVE-2023-39068
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39070

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.

CVE ID : CVE-2023-39070
Source : cve@mitre.org
Score CVSS : /

Références :
https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39780

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability.

CVE ID : CVE-2023-39780
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md | source : cve@mitre.org
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md | source : cve@mitre.org
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md | source : cve@mitre.org
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md | source : cve@mitre.org
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md | source : cve@mitre.org
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41103

Première publication le : 11-09-2023 19:15:43
Dernière modification le : 11-09-2023 19:15:43

Description :
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.

CVE ID : CVE-2023-41103
Source : cve@mitre.org
Score CVSS : /

Références :
https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103 | source : cve@mitre.org
https://www.interactsoftware.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40944

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.

CVE ID : CVE-2023-40944
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40944 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40945

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.

CVE ID : CVE-2023-40945
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-40945 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40946

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.

CVE ID : CVE-2023-40946
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40946 | source : cve@mitre.org


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2014-5329

Première publication le : 08-09-2023 03:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.

CVE ID : CVE-2014-5329
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN23809730/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-41775

Première publication le : 08-09-2023 08:15:07
Dernière modification le : 08-09-2023 12:58:39

Description :
Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.

CVE ID : CVE-2023-41775
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN42691027/ | source : vultures@jpcert.or.jp
https://status.direct4b.com/2023/08/31/2023083101/ | source : vultures@jpcert.or.jp


Source : openssl.org

Vulnérabilité ID : CVE-2023-4807

Première publication le : 08-09-2023 12:15:08
Dernière modification le : 11-09-2023 19:15:44

Description :
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.

CVE ID : CVE-2023-4807
Source : openssl-security@openssl.org
Score CVSS : /

Références :
http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html | source : openssl-security@openssl.org
http://www.openwall.com/lists/oss-security/2023/09/08/1 | source : openssl-security@openssl.org
http://www.openwall.com/lists/oss-security/2023/09/08/3 | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5 | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508 | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff | source : openssl-security@openssl.org
https://www.openssl.org/news/secadv/20230908.txt | source : openssl-security@openssl.org


Source : golang.org

Vulnérabilité ID : CVE-2023-39318

Première publication le : 08-09-2023 17:15:27
Dernière modification le : 08-09-2023 17:36:26

Description :
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

CVE ID : CVE-2023-39318
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/526156 | source : security@golang.org
https://go.dev/issue/62196 | source : security@golang.org
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2041 | source : security@golang.org

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39319

Première publication le : 08-09-2023 17:15:27
Dernière modification le : 08-09-2023 17:36:26

Description :
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.

CVE ID : CVE-2023-39319
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/526157 | source : security@golang.org
https://go.dev/issue/62197 | source : security@golang.org
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2043 | source : security@golang.org

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39320

Première publication le : 08-09-2023 17:15:27
Dernière modification le : 08-09-2023 17:36:26

Description :
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.

CVE ID : CVE-2023-39320
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/526158 | source : security@golang.org
https://go.dev/issue/62198 | source : security@golang.org
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2042 | source : security@golang.org

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-39321

Première publication le : 08-09-2023 17:15:28
Dernière modification le : 08-09-2023 17:36:26

Description :
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

CVE ID : CVE-2023-39321
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/523039 | source : security@golang.org
https://go.dev/issue/62266 | source : security@golang.org
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2044 | source : security@golang.org

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-39322

Première publication le : 08-09-2023 17:15:28
Dernière modification le : 08-09-2023 17:36:26

Description :
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

CVE ID : CVE-2023-39322
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/523039 | source : security@golang.org
https://go.dev/issue/62266 | source : security@golang.org
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2045 | source : security@golang.org

Vulnérabilité : CWE-400


Source : mozilla.org

Vulnérabilité ID : CVE-2023-4573

Première publication le : 11-09-2023 08:15:07
Dernière modification le : 11-09-2023 12:41:46

Description :
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4573
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1846687 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4104

Première publication le : 11-09-2023 09:15:08
Dernière modification le : 11-09-2023 12:41:46

Description :
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.

CVE ID : CVE-2023-4104
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1831318 | source : security@mozilla.org
https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055 | source : security@mozilla.org
https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110 | source : security@mozilla.org
https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-39/ | source : security@mozilla.org
https://www.openwall.com/lists/oss-security/2023/08/03/1 | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4574

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4574
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1846688 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4575

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4575
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1846689 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4576

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4576
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4577

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4577
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1847397 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4578

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4578
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1839007 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4579

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.

CVE ID : CVE-2023-4579
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1842766 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4580

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4580
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1843046 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4581

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4581
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1843758 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4582

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4582
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1773874 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4583

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4583
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/show_bug.cgi?id=1842030 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4584

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4584
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-35/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Vulnérabilité ID : CVE-2023-4585

Première publication le : 11-09-2023 09:15:09
Dernière modification le : 11-09-2023 12:41:46

Description :
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVE ID : CVE-2023-4585
Source : security@mozilla.org
Score CVSS : /

Références :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1833504%2C1841082%2C1847904%2C1848999 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-36/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-38/ | source : security@mozilla.org


Source : wpscan.com

Vulnérabilité ID : CVE-2023-2705

Première publication le : 11-09-2023 20:15:08
Dernière modification le : 11-09-2023 20:15:08

Description :
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin

CVE ID : CVE-2023-2705
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/0b3c83ad-d490-4ca3-8589-39163ea5e24b | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3169

Première publication le : 11-09-2023 20:15:09
Dernière modification le : 11-09-2023 20:15:09

Description :
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.

CVE ID : CVE-2023-3169
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3170

Première publication le : 11-09-2023 20:15:09
Dernière modification le : 11-09-2023 20:15:09

Description :
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-3170
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/e95ff3c6-283b-4e5e-bea0-1f1375da08da | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3510

Première publication le : 11-09-2023 20:15:10
Dernière modification le : 11-09-2023 20:15:10

Description :
The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.

CVE ID : CVE-2023-3510
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581 | source : contact@wpscan.com

Vulnérabilité : CWE-352
Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4022

Première publication le : 11-09-2023 20:15:11
Dernière modification le : 11-09-2023 20:15:11

Description :
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4022
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/c4ac0b19-58b1-4620-b3b7-fbe6dd6c8dd5 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4060

Première publication le : 11-09-2023 20:15:11
Dernière modification le : 11-09-2023 20:15:11

Description :
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4060
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/88745c9b-1c20-4004-89f6-d9ee223651f2 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4270

Première publication le : 11-09-2023 20:15:11
Dernière modification le : 11-09-2023 20:15:11

Description :
The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE ID : CVE-2023-4270
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/04560bf1-676b-46fb-9344-4150862f2686 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4278

Première publication le : 11-09-2023 20:15:11
Dernière modification le : 11-09-2023 20:15:11

Description :
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

CVE ID : CVE-2023-4278
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/cb3173ec-9891-4bd8-9d05-24fe805b5235 | source : contact@wpscan.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-4294

Première publication le : 11-09-2023 20:15:11
Dernière modification le : 11-09-2023 20:15:11

Description :
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

CVE ID : CVE-2023-4294
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/1fc71fc7-861a-46cc-a147-1c7ece9a7776 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4307

Première publication le : 11-09-2023 20:15:12
Dernière modification le : 11-09-2023 20:15:12

Description :
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack

CVE ID : CVE-2023-4307
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3 | source : contact@wpscan.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-4314

Première publication le : 11-09-2023 20:15:12
Dernière modification le : 11-09-2023 20:15:12

Description :
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.

CVE ID : CVE-2023-4314
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc | source : contact@wpscan.com

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-4318

Première publication le : 11-09-2023 20:15:12
Dernière modification le : 11-09-2023 20:15:12

Description :
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

CVE ID : CVE-2023-4318
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/93b40030-3706-4063-bf59-4ec983afdbb6 | source : contact@wpscan.com

Vulnérabilité : CWE-352


Source : android.com

Vulnérabilité ID : CVE-2023-35658

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35658
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35664

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35664
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/47299fd978258e67a8eebc361cb7a4dd2936205e | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35665

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35665
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/services/Telephony/+/674039e70e1c5bf29b808899ac80c709acc82290 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35666

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35666
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35667

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35667
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35669

Première publication le : 11-09-2023 21:15:41
Dernière modification le : 11-09-2023 21:15:41

Description :
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35669
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35670

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35670
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35671

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35671
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35673

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35673
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35674

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35674
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35675

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35675
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35676

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35676
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35677

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35677
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35679

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-35679
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35680

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35680
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/services/Telephony/+/674039e70e1c5bf29b808899ac80c709acc82290 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35681

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35681
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35682

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-35682
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/apps/Launcher3/+/09f8b0e52e45a0b39bab457534ba2e5ae91ffad0 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35683

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35683
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35684

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35684
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Vulnérabilité ID : CVE-2023-35687

Première publication le : 11-09-2023 21:15:42
Dernière modification le : 11-09-2023 21:15:42

Description :
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35687
Source : security@android.com
Score CVSS : /

Références :
https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036 | source : security@android.com
https://source.android.com/security/bulletin/2023-09-01 | source : security@android.com


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.