Dernières vulnérabilités du Lundi 7 Août 2023 + weekend

Dernières vulnérabilités du Lundi 7 Août 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 07/08/2023 à 23:58:05

(16) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : github.com

Vulnérabilité ID : CVE-2023-37470

Première publication le : 04-08-2023 16:15:09
Dernière modification le : 04-08-2023 17:10:50

Description :
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.

CVE ID : CVE-2023-37470
Source : security-advisories@github.com
Score CVSS : 10.0

Références :
https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 | source : security-advisories@github.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-39344

Première publication le : 04-08-2023 20:15:10
Dernière modification le : 06-08-2023 12:01:17

Description :
social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.

CVE ID : CVE-2023-39344
Source : security-advisories@github.com
Score CVSS : 10.0

Références :
https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1 | source : security-advisories@github.com
https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfh | source : security-advisories@github.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-38702

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 06-08-2023 12:01:17

Description :
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

CVE ID : CVE-2023-38702
Source : security-advisories@github.com
Score CVSS : 9.9

Références :
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-36480

Première publication le : 04-08-2023 15:15:10
Dernière modification le : 07-08-2023 15:15:11

Description :
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue.

CVE ID : CVE-2023-36480
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597 | source : security-advisories@github.com
https://support.aerospike.com/s/article/CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses | source : security-advisories@github.com

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-38692

Première publication le : 04-08-2023 18:15:14
Dernière modification le : 04-08-2023 18:53:22

Description :
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.

CVE ID : CVE-2023-38692
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java | source : security-advisories@github.com
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1 | source : security-advisories@github.com
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5w | source : security-advisories@github.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-38686

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.

CVE ID : CVE-2023-38686
Source : security-advisories@github.com
Score CVSS : 9.3

Références :
https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations | source : security-advisories@github.com
https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/pull/574 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/releases/tag/v2.5.6 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g | source : security-advisories@github.com
https://github.com/python/cpython/issues/91826 | source : security-advisories@github.com
https://peps.python.org/pep-0476/ | source : security-advisories@github.com

Vulnérabilité : CWE-295


Vulnérabilité ID : CVE-2023-38699

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.

CVE ID : CVE-2023-38699
Source : security-advisories@github.com
Score CVSS : 9.1

Références :
https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0 | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw | source : security-advisories@github.com

Vulnérabilité : CWE-311


Vulnérabilité ID : CVE-2023-39526

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

CVE ID : CVE-2023-39526
Source : security-advisories@github.com
Score CVSS : 9.1

Références :
https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pc | source : security-advisories@github.com

Vulnérabilité : CWE-89


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4159

Première publication le : 04-08-2023 18:15:18
Dernière modification le : 04-08-2023 18:53:22

Description :
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4159
Source : security@huntr.dev
Score CVSS : 9.9

Références :
https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8 | source : security@huntr.dev
https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c | source : security@huntr.dev

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-4195

Première publication le : 06-08-2023 18:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

CVE ID : CVE-2023-4195
Source : security@huntr.dev
Score CVSS : 9.9

Références :
https://github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b | source : security@huntr.dev
https://huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-06518656bfd6 | source : security@huntr.dev

Vulnérabilité : CWE-98


Vulnérabilité ID : CVE-2023-4188

Première publication le : 05-08-2023 20:15:09
Dernière modification le : 06-08-2023 12:01:01

Description :
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE ID : CVE-2023-4188
Source : security@huntr.dev
Score CVSS : 9.8

Références :
https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f | source : security@huntr.dev
https://huntr.dev/bounties/fe9809b6-40ad-4e81-9197-a9aa42e8a7bf | source : security@huntr.dev

Vulnérabilité : CWE-89


Source : mitre.org

Vulnérabilité ID : CVE-2023-36131

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 05-08-2023 03:52:46

Description :
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.

CVE ID : CVE-2023-36131
Source : cve@mitre.org
Score CVSS : 9.8

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org

Vulnérabilité : NVD-CWE-Other

Produit vulnérable : cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*


Vulnérabilité ID : CVE-2023-36132

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 05-08-2023 03:57:31

Description :
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.

CVE ID : CVE-2023-36132
Source : cve@mitre.org
Score CVSS : 9.8

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org

Vulnérabilité : NVD-CWE-Other

Produit vulnérable : cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*


Vulnérabilité ID : CVE-2023-36133

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 05-08-2023 03:56:48

Description :
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.

CVE ID : CVE-2023-36133
Source : cve@mitre.org
Score CVSS : 9.8

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org

Vulnérabilité : NVD-CWE-Other

Produit vulnérable : cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*


Vulnérabilité ID : CVE-2023-36139

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 05-08-2023 03:55:28

Description :
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

CVE ID : CVE-2023-36139
Source : cve@mitre.org
Score CVSS : 9.8

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org

Vulnérabilité : CWE-345

Produit vulnérable : cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*


Source : pega.com

Vulnérabilité ID : CVE-2023-32090

Première publication le : 07-08-2023 12:15:10
Dernière modification le : 07-08-2023 12:57:14

Description :
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

CVE ID : CVE-2023-32090
Source : security@pega.com
Score CVSS : 9.8

Références :
https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators | source : security@pega.com

Vulnérabilité : CWE-1393


(26) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : github.com

Vulnérabilité ID : CVE-2023-39346

Première publication le : 04-08-2023 21:15:11
Dernière modification le : 06-08-2023 12:01:01

Description :
LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.

CVE ID : CVE-2023-39346
Source : security-advisories@github.com
Score CVSS : 8.8

Références :
https://github.com/bjrjk/LinuxASMCallGraph/commit/20dba06bd1a3cf260612d4f21547c25002121cd5 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/issues/6 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/issues/8 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/security/advisories/GHSA-63c3-r9qm-c2wx | source : security-advisories@github.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-39527

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

CVE ID : CVE-2023-39527
Source : security-advisories@github.com
Score CVSS : 8.3

Références :
https://github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp | source : security-advisories@github.com

Vulnérabilité : CWE-116
Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-38689

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.

CVE ID : CVE-2023-38689
Source : security-advisories@github.com
Score CVSS : 8.1

Références :
https://github.com/RS485/LogisticsPipes/commit/39a90b8f2d1a2bcc512ec68c3e139f1dac07aa56 | source : security-advisories@github.com
https://github.com/RS485/LogisticsPipes/commit/527c4f4fb028e9afab29d4e639935010ad7be9e7 | source : security-advisories@github.com
https://github.com/RS485/LogisticsPipes/security/advisories/GHSA-mcp7-xf3v-25x3 | source : security-advisories@github.com

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-39349

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.

CVE ID : CVE-2023-39349
Source : security-advisories@github.com
Score CVSS : 8.1

Références :
https://github.com/getsentry/self-hosted/releases/tag/23.7.2 | source : security-advisories@github.com
https://github.com/getsentry/sentry/commit/fad12c1150d1135edf9666ea72ca11bc110c1083 | source : security-advisories@github.com
https://github.com/getsentry/sentry/pull/53850 | source : security-advisories@github.com
https://github.com/getsentry/sentry/releases/tag/23.7.2 | source : security-advisories@github.com
https://github.com/getsentry/sentry/security/advisories/GHSA-9jcq-jf57-c62c | source : security-advisories@github.com

Vulnérabilité : CWE-284
Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-38704

Première publication le : 07-08-2023 20:15:09
Dernière modification le : 07-08-2023 20:15:09

Description :
`import-in-the-middle` is a module loading interceptor specifically for ESM modules. Prior to version 1.4.2, the `import-in-the-middle` loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an `import()` function. This vulnerability has been patched in `import-in-the-middle` version 1.4.2. Some workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using `import-in-the-middle` and support for EcmaScript Modules is not needed, ensure that certain options are set, either via command-line or the `NODE_OPTIONS` environment variable.

CVE ID : CVE-2023-38704
Source : security-advisories@github.com
Score CVSS : 8.1

Références :
https://github.com/DataDog/import-in-the-middle/commit/2531cdd9d1d73f9eaa87c16967f60cb276c1971b | source : security-advisories@github.com
https://github.com/DataDog/import-in-the-middle/security/advisories/GHSA-5r27-rw8r-7967 | source : security-advisories@github.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-38497

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.

CVE ID : CVE-2023-38497
Source : security-advisories@github.com
Score CVSS : 7.9

Références :
https://en.wikipedia.org/wiki/Umask | source : security-advisories@github.com
https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff | source : security-advisories@github.com
https://github.com/rust-lang/cargo/pull/12443 | source : security-advisories@github.com
https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 | source : security-advisories@github.com
https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 | source : security-advisories@github.com
https://www.rust-lang.org/policies/security | source : security-advisories@github.com

Vulnérabilité : CWE-278


Vulnérabilité ID : CVE-2023-37896

Première publication le : 04-08-2023 16:15:09
Dernière modification le : 04-08-2023 17:10:50

Description :
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.

CVE ID : CVE-2023-37896
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/projectdiscovery/nuclei/pull/3927 | source : security-advisories@github.com
https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.9 | source : security-advisories@github.com
https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-2xx4-jj5v-6mff | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38688

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

CVE ID : CVE-2023-38688
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23 | source : security-advisories@github.com
https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a | source : security-advisories@github.com
https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx | source : security-advisories@github.com

Vulnérabilité : CWE-311


Source : ch.abb.com

Vulnérabilité ID : CVE-2023-0425

Première publication le : 07-08-2023 06:15:10
Dernière modification le : 07-08-2023 12:57:14

Description :
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

CVE ID : CVE-2023-0425
Source : cybersecurity@ch.abb.com
Score CVSS : 8.6

Références :
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 | source : cybersecurity@ch.abb.com

Vulnérabilité : CWE-839


Vulnérabilité ID : CVE-2023-0426

Première publication le : 07-08-2023 06:15:11
Dernière modification le : 07-08-2023 12:57:14

Description :
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

CVE ID : CVE-2023-0426
Source : cybersecurity@ch.abb.com
Score CVSS : 8.6

Références :
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.68514131.339223974.1691382343-1911411808.1686627590 | source : cybersecurity@ch.abb.com

Vulnérabilité : CWE-121


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4196

Première publication le : 06-08-2023 18:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

CVE ID : CVE-2023-4196
Source : security@huntr.dev
Score CVSS : 8.3

Références :
https://github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c | source : security@huntr.dev
https://huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0 | source : security@huntr.dev

Vulnérabilité : CWE-79


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4141

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.

CVE ID : CVE-2023-4141
Source : security@wordfence.com
Score CVSS : 8.0

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-4142

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.

CVE ID : CVE-2023-4142
Source : security@wordfence.com
Score CVSS : 8.0

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-4139

Première publication le : 04-08-2023 03:15:13
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.

CVE ID : CVE-2023-4139
Source : security@wordfence.com
Score CVSS : 7.5

Références :
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-200


Source : opencloudos.tech

Vulnérabilité ID : CVE-2023-3896

Première publication le : 07-08-2023 13:15:12
Dernière modification le : 07-08-2023 15:41:35

Description :
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

CVE ID : CVE-2023-3896
Source : security@opencloudos.tech
Score CVSS : 7.8

Références :
https://github.com/vim/vim/issues/12528 | source : security@opencloudos.tech
https://github.com/vim/vim/pull/12540 | source : security@opencloudos.tech

Vulnérabilité : CWE-369


Source : redhat.com

Vulnérabilité ID : CVE-2023-4147

Première publication le : 07-08-2023 14:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVE ID : CVE-2023-4147
Source : secalert@redhat.com
Score CVSS : 7.8

Références :
https://access.redhat.com/security/cve/CVE-2023-4147 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2225239 | source : secalert@redhat.com
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 | source : secalert@redhat.com
https://www.spinics.net/lists/stable/msg671573.html | source : secalert@redhat.com


Source : yd.MitsubishiElectric.co.jp

Vulnérabilité ID : CVE-2023-0525

Première publication le : 04-08-2023 00:15:10
Dernière modification le : 04-08-2023 02:45:53

Description :
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

CVE ID : CVE-2023-0525
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 7.5

Références :
https://jvn.jp/vu/JVNVU95285923/index.html | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-261


Source : gitlab.com

Vulnérabilité ID : CVE-2023-4012

Première publication le : 07-08-2023 18:15:10
Dernière modification le : 07-08-2023 18:20:15

Description :
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

CVE ID : CVE-2023-4012
Source : cve@gitlab.com
Score CVSS : 7.5

Références :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422 | source : cve@gitlab.com
https://gitlab.com/NTPsec/ntpsec/-/issues/794 | source : cve@gitlab.com

Vulnérabilité : CWE-372


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4180

Première publication le : 06-08-2023 08:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.

CVE ID : CVE-2023-4180
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20login.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236215 | source : cna@vuldb.com
https://vuldb.com/?id.236215 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4182

Première publication le : 06-08-2023 10:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.

CVE ID : CVE-2023-4182
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://vuldb.com/?ctiid.236217 | source : cna@vuldb.com
https://vuldb.com/?id.236217 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4184

Première publication le : 06-08-2023 12:15:09
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.

CVE ID : CVE-2023-4184
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://vuldb.com/?ctiid.236219 | source : cna@vuldb.com
https://vuldb.com/?id.236219 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Source : patchstack.com

Vulnérabilité ID : CVE-2023-30491

Première publication le : 05-08-2023 23:15:10
Dernière modification le : 06-08-2023 12:01:01

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.

CVE ID : CVE-2023-30491
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36686

Première publication le : 05-08-2023 23:15:12
Dernière modification le : 06-08-2023 12:00:51

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.

CVE ID : CVE-2023-36686
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36689

Première publication le : 05-08-2023 23:15:12
Dernière modification le : 06-08-2023 12:00:51

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.

CVE ID : CVE-2023-36689
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wpcodefactory-helper/wordpress-wpfactory-helper-plugin-1-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-37873

Première publication le : 05-08-2023 23:15:12
Dernière modification le : 06-08-2023 12:00:51

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

CVE ID : CVE-2023-37873
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-38392

Première publication le : 07-08-2023 13:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.

CVE ID : CVE-2023-38392
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


(60) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : github.com

Vulnérabilité ID : CVE-2023-39523

Première publication le : 07-08-2023 21:15:09
Dernière modification le : 07-08-2023 21:15:09

Description :
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter. In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands. Version 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly.

CVE ID : CVE-2023-39523
Source : security-advisories@github.com
Score CVSS : 6.8

Références :
https://github.com/nexB/scancode.io/blob/main/scanpipe/pipes/fetch.py#L185 | source : security-advisories@github.com
https://github.com/nexB/scancode.io/commit/07ec0de1964b14bf085a1c9a27ece2b61ab6105c | source : security-advisories@github.com
https://github.com/nexB/scancode.io/releases/tag/v32.5.1 | source : security-advisories@github.com
https://github.com/nexB/scancode.io/security/advisories/GHSA-2ggp-cmvm-f62f | source : security-advisories@github.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-39528

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-39528
Source : security-advisories@github.com
Score CVSS : 6.8

Références :
https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-39524

Première publication le : 07-08-2023 20:15:10
Dernière modification le : 07-08-2023 20:15:10

Description :
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-39524
Source : security-advisories@github.com
Score CVSS : 6.7

Références :
https://github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h | source : security-advisories@github.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-39529

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-39529
Source : security-advisories@github.com
Score CVSS : 6.7

Références :
https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47 | source : security-advisories@github.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-38487

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.

CVE ID : CVE-2023-38487
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/hedgedoc/hedgedoc/pull/4476/commits/781263ab84255885e1fe60c7e92e2f8d611664d2 | source : security-advisories@github.com
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg | source : security-advisories@github.com

Vulnérabilité : CWE-289


Vulnérabilité ID : CVE-2023-38695

Première publication le : 04-08-2023 18:15:14
Dernière modification le : 04-08-2023 18:53:22

Description :
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.

CVE ID : CVE-2023-38695
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/issues/15 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-39525

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-39525
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm2 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-39530

Première publication le : 07-08-2023 21:15:10
Dernière modification le : 07-08-2023 21:15:10

Description :
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-39530
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7 | source : security-advisories@github.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-38708

Première publication le : 04-08-2023 01:15:09
Dernière modification le : 04-08-2023 02:45:45

Description :
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.

CVE ID : CVE-2023-38708
Source : security-advisories@github.com
Score CVSS : 6.3

Références :
https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c | source : security-advisories@github.com
https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38494

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.

CVE ID : CVE-2023-38494
Source : security-advisories@github.com
Score CVSS : 5.9

Références :
https://github.com/metersphere/metersphere/commit/a23f75d93b666901fd148d834df9384f6f24cf28 | source : security-advisories@github.com
https://github.com/metersphere/metersphere/security/advisories/GHSA-fjp5-95pv-5253 | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-39363

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.

CVE ID : CVE-2023-39363
Source : security-advisories@github.com
Score CVSS : 5.9

Références :
https://github.com/vyperlang/vyper/pull/2439 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/pull/2514 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38 | source : security-advisories@github.com
https://hackmd.io/@LlamaRisk/BJzSKHNjn | source : security-advisories@github.com
https://hackmd.io/@vyperlang/HJUgNMhs2 | source : security-advisories@github.com

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-38690

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.

CVE ID : CVE-2023-38690
Source : security-advisories@github.com
Score CVSS : 5.8

Références :
https://github.com/matrix-org/matrix-appservice-irc/commit/0afb064635d37e039067b5b3d6423448b93026d3 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-3pmj-jqqp-2mj3 | source : security-advisories@github.com

Vulnérabilité : CWE-20
Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-38697

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.

CVE ID : CVE-2023-38697
Source : security-advisories@github.com
Score CVSS : 5.8

Références :
https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd | source : security-advisories@github.com
https://github.com/socketry/protocol-http1/pull/20 | source : security-advisories@github.com
https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj | source : security-advisories@github.com
https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding | source : security-advisories@github.com

Vulnérabilité : CWE-444


Vulnérabilité ID : CVE-2023-39520

Première publication le : 07-08-2023 20:15:09
Dernière modification le : 07-08-2023 20:15:09

Description :
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.

CVE ID : CVE-2023-39520
Source : security-advisories@github.com
Score CVSS : 5.5

Références :
https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b | source : security-advisories@github.com
https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi | source : security-advisories@github.com
https://github.com/cryptomator/cryptomator/releases/tag/1.9.3 | source : security-advisories@github.com
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3 | source : security-advisories@github.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-38691

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 04-08-2023 18:53:28

Description :
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.

CVE ID : CVE-2023-38691
Source : security-advisories@github.com
Score CVSS : 5.0

Références :
https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x | source : security-advisories@github.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-38698

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.

CVE ID : CVE-2023-38698
Source : security-advisories@github.com
Score CVSS : 4.9

Références :
https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171 | source : security-advisories@github.com
https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca | source : security-advisories@github.com
https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3 | source : security-advisories@github.com

Vulnérabilité : CWE-190


Vulnérabilité ID : CVE-2023-39343

Première publication le : 04-08-2023 01:15:10
Dernière modification le : 04-08-2023 02:45:45

Description :
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

CVE ID : CVE-2023-39343
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b | source : security-advisories@github.com
https://github.com/sulu/sulu/releases/tag/2.5.10 | source : security-advisories@github.com
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr | source : security-advisories@github.com

Vulnérabilité : CWE-204


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4140

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.

CVE ID : CVE-2023-4140
Source : security@wordfence.com
Score CVSS : 6.6

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-269


Source : cisco.com

Vulnérabilité ID : CVE-2020-26064

Première publication le : 04-08-2023 21:15:09
Dernière modification le : 06-08-2023 12:01:17

Description :
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.

CVE ID : CVE-2020-26064
Source : ykramarz@cisco.com
Score CVSS : 6.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2020-26065

Première publication le : 04-08-2023 21:15:10
Dernière modification le : 06-08-2023 12:01:17

Description :
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

CVE ID : CVE-2020-26065
Source : ykramarz@cisco.com
Score CVSS : 6.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2020-26082

Première publication le : 04-08-2023 21:15:10
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

CVE ID : CVE-2020-26082
Source : ykramarz@cisco.com
Score CVSS : 5.8

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg | source : ykramarz@cisco.com


Source : patchstack.com

Vulnérabilité ID : CVE-2023-32600

Première publication le : 06-08-2023 00:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.

CVE ID : CVE-2023-32600
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-119-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-34377

Première publication le : 05-08-2023 23:15:11
Dernière modification le : 06-08-2023 12:00:51

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.

CVE ID : CVE-2023-34377
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/my-content-management/wordpress-my-content-management-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36678

Première publication le : 05-08-2023 23:15:12
Dernière modification le : 06-08-2023 12:00:51

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.

CVE ID : CVE-2023-36678
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-37874

Première publication le : 05-08-2023 23:15:13
Dernière modification le : 06-08-2023 12:00:51

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.

CVE ID : CVE-2023-37874
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/http-headers/wordpress-http-headers-plugin-1-18-11-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-34010

Première publication le : 05-08-2023 23:15:11
Dernière modification le : 06-08-2023 12:01:01

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions.

CVE ID : CVE-2023-34010
Source : audit@patchstack.com
Score CVSS : 5.8

Références :
https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4190

Première publication le : 06-08-2023 01:15:10
Dernière modification le : 06-08-2023 12:00:51

Description :
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.

CVE ID : CVE-2023-4190
Source : security@huntr.dev
Score CVSS : 6.5

Références :
https://github.com/admidio/admidio/commit/391fb2af5bee641837a58e7dd66ff76eac92bb74 | source : security@huntr.dev
https://huntr.dev/bounties/71bc75d2-320c-4332-ad11-9de535a06d92 | source : security@huntr.dev

Vulnérabilité : CWE-613


Vulnérabilité ID : CVE-2023-4158

Première publication le : 04-08-2023 18:15:17
Dernière modification le : 04-08-2023 18:53:22

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4158
Source : security@huntr.dev
Score CVSS : 6.4

Références :
https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8 | source : security@huntr.dev
https://huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4157

Première publication le : 04-08-2023 18:15:17
Dernière modification le : 04-08-2023 18:53:22

Description :
Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4157
Source : security@huntr.dev
Score CVSS : 5.2

Références :
https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63 | source : security@huntr.dev
https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014 | source : security@huntr.dev

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-4189

Première publication le : 05-08-2023 20:15:17
Dernière modification le : 06-08-2023 12:01:01

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE ID : CVE-2023-4189
Source : security@huntr.dev
Score CVSS : 4.8

Références :
https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f | source : security@huntr.dev
https://huntr.dev/bounties/b00e6986-64e7-464e-ba44-e42476bfcdc4 | source : security@huntr.dev

Vulnérabilité : CWE-79


Source : microsoft.com

Vulnérabilité ID : CVE-2023-38157

Première publication le : 07-08-2023 18:15:09
Dernière modification le : 07-08-2023 18:20:15

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2023-38157
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157 | source : secure@microsoft.com


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4169

Première publication le : 05-08-2023 18:15:17
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4169
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G | source : cna@vuldb.com
https://vuldb.com/?ctiid.236185 | source : cna@vuldb.com
https://vuldb.com/?id.236185 | source : cna@vuldb.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-4176

Première publication le : 06-08-2023 02:15:11
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211.

CVE ID : CVE-2023-4176
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/ayjmytks/Hos-System/blob/main/Hospital%20Management%20System%20appointmentapproval.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.236211 | source : cna@vuldb.com
https://vuldb.com/?id.236211 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4179

Première publication le : 06-08-2023 08:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4179
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/SQL%20Injection%20in%20doctors.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236214 | source : cna@vuldb.com
https://vuldb.com/?id.236214 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4185

Première publication le : 06-08-2023 13:15:14
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220.

CVE ID : CVE-2023-4185
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yusoyea/VulList/blob/main/Hospital%20Management%20System%20patientlogin.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.236220 | source : cna@vuldb.com
https://vuldb.com/?id.236220 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4186

Première publication le : 06-08-2023 14:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability.

CVE ID : CVE-2023-4186
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/E1even-321/Pharmacy-system/blob/main/Pharmacy%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.236221 | source : cna@vuldb.com
https://vuldb.com/?id.236221 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-4191

Première publication le : 06-08-2023 23:15:26
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4191
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Resort-Reservation-System/blob/main/local%20file%20inclusion/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236234 | source : cna@vuldb.com
https://vuldb.com/?id.236234 | source : cna@vuldb.com

Vulnérabilité : CWE-73


Vulnérabilité ID : CVE-2023-4192

Première publication le : 07-08-2023 00:15:09
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.

CVE ID : CVE-2023-4192
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20manage_user.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236235 | source : cna@vuldb.com
https://vuldb.com/?id.236235 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4193

Première publication le : 07-08-2023 00:15:09
Dernière modification le : 07-08-2023 12:57:26

Description :
A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.

CVE ID : CVE-2023-4193
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20view_fee.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236236 | source : cna@vuldb.com
https://vuldb.com/?id.236236 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4199

Première publication le : 07-08-2023 18:15:10
Dernière modification le : 07-08-2023 18:20:15

Description :
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.

CVE ID : CVE-2023-4199
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20catagory_data.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236289 | source : cna@vuldb.com
https://vuldb.com/?id.236289 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4200

Première publication le : 07-08-2023 19:15:12
Dernière modification le : 07-08-2023 19:30:20

Description :
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4200
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20product_data.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236290 | source : cna@vuldb.com
https://vuldb.com/?id.236290 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4201

Première publication le : 07-08-2023 20:15:10
Dernière modification le : 07-08-2023 20:15:10

Description :
A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.

CVE ID : CVE-2023-4201
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20ex_catagory_data.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236291 | source : cna@vuldb.com
https://vuldb.com/?id.236291 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4165

Première publication le : 05-08-2023 14:15:23
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4165
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
https://github.com/nagenanhai/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236181 | source : cna@vuldb.com
https://vuldb.com/?id.236181 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4166

Première publication le : 05-08-2023 16:15:23
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4166
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
https://github.com/Das1yGa0/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236182 | source : cna@vuldb.com
https://vuldb.com/?id.236182 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4181

Première publication le : 06-08-2023 09:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.

CVE ID : CVE-2023-4181
Source : cna@vuldb.com
Score CVSS : 5.4

Références :
https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/vertical%20privilege%20escalation/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236216 | source : cna@vuldb.com
https://vuldb.com/?id.236216 | source : cna@vuldb.com

Vulnérabilité : CWE-841


Vulnérabilité ID : CVE-2023-4168

Première publication le : 05-08-2023 18:15:09
Dernière modification le : 07-08-2023 18:15:10

Description :
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4168
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.236184 | source : cna@vuldb.com
https://vuldb.com/?id.236184 | source : cna@vuldb.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-4171

Première publication le : 05-08-2023 21:15:09
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4171
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://github.com/nagenanhai/cve/blob/main/duqu.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236206 | source : cna@vuldb.com
https://vuldb.com/?id.236206 | source : cna@vuldb.com

Vulnérabilité : CWE-24


Vulnérabilité ID : CVE-2023-4172

Première publication le : 05-08-2023 23:15:13
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.

CVE ID : CVE-2023-4172
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://github.com/nagenanhai/cve/blob/main/duqu2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236207 | source : cna@vuldb.com
https://vuldb.com/?id.236207 | source : cna@vuldb.com

Vulnérabilité : CWE-36


Vulnérabilité ID : CVE-2023-4183

Première publication le : 06-08-2023 11:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4183
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://vuldb.com/?ctiid.236218 | source : cna@vuldb.com
https://vuldb.com/?id.236218 | source : cna@vuldb.com

Vulnérabilité : CWE-284


Source : mitre.org

Vulnérabilité ID : CVE-2023-36138

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 05-08-2023 03:56:40

Description :
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.

CVE ID : CVE-2023-36138
Source : cve@mitre.org
Score CVSS : 6.1

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org

Vulnérabilité : CWE-79

Produit vulnérable : cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*


Vulnérabilité ID : CVE-2023-39903

Première publication le : 07-08-2023 05:15:09
Dernière modification le : 07-08-2023 12:57:14

Description :
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.

CVE ID : CVE-2023-39903
Source : cve@mitre.org
Score CVSS : 5.9

Références :
https://security.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=a0131919-6d84-43b4-800e-d7f78200a70f | source : cve@mitre.org
https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-ISS-IS-2023-071410-Security-Notice.pdf | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36141

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 07-08-2023 13:59:08

Description :
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

CVE ID : CVE-2023-36141
Source : cve@mitre.org
Score CVSS : 5.3

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org

Vulnérabilité : NVD-CWE-noinfo

Produit vulnérable : cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*


Vulnérabilité ID : CVE-2023-29505

Première publication le : 04-08-2023 15:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

CVE ID : CVE-2023-29505
Source : cve@mitre.org
Score CVSS : 4.3

Références :
https://excellium-services.com/cert-xlm-advisory/CVE-2023-29505 | source : cve@mitre.org
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_127131 | source : cve@mitre.org


Source : redhat.com

Vulnérabilité ID : CVE-2023-4135

Première publication le : 04-08-2023 14:15:12
Dernière modification le : 04-08-2023 15:27:24

Description :
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

CVE ID : CVE-2023-4135
Source : secalert@redhat.com
Score CVSS : 6.0

Références :
https://access.redhat.com/security/cve/CVE-2023-4135 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | source : secalert@redhat.com
https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 | source : secalert@redhat.com


Vulnérabilité ID : CVE-2023-4194

Première publication le : 07-08-2023 14:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.

CVE ID : CVE-2023-4194
Source : secalert@redhat.com
Score CVSS : 5.5

Références :
https://access.redhat.com/security/cve/CVE-2023-4194 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2229498 | source : secalert@redhat.com
https://lore.kernel.org/all/20230731164237.48365-1-lersek@redhat.com/ | source : secalert@redhat.com
https://lore.kernel.org/all/20230731164237.48365-2-lersek@redhat.com/ | source : secalert@redhat.com
https://lore.kernel.org/all/20230731164237.48365-3-lersek@redhat.com/ | source : secalert@redhat.com


Vulnérabilité ID : CVE-2023-4205

Première publication le : 07-08-2023 14:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
An out-of-bounds memory access flaw was found in the Linux kernel’s do_journal_end function when the fails array-index-out-of-bounds in fs/reiserfs/journal.c could happen. This flaw allows a local user to crash the system.

CVE ID : CVE-2023-4205
Source : secalert@redhat.com
Score CVSS : 5.5

Références :
https://access.redhat.com/security/cve/CVE-2023-4205 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2228101 | source : secalert@redhat.com
https://www.spinics.net/lists/kernel/msg4876594.html | source : secalert@redhat.com


Source : yd.MitsubishiElectric.co.jp

Vulnérabilité ID : CVE-2023-3373

Première publication le : 04-08-2023 00:15:14
Dernière modification le : 04-08-2023 02:45:45

Description :
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

CVE ID : CVE-2023-3373
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 5.9

Références :
https://jvn.jp/vu/JVNVU92167394/index.html | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-342


Source : gitlab.com

Vulnérabilité ID : CVE-2023-4002

Première publication le : 04-08-2023 01:15:10
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.

CVE ID : CVE-2023-4002
Source : cve@gitlab.com
Score CVSS : 5.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416647 | source : cve@gitlab.com

Vulnérabilité : CWE-284


Source : vmware.com

Vulnérabilité ID : CVE-2023-34037

Première publication le : 04-08-2023 12:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.

CVE ID : CVE-2023-34037
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0017.html | source : security@vmware.com


Vulnérabilité ID : CVE-2023-34038

Première publication le : 04-08-2023 12:15:10
Dernière modification le : 04-08-2023 15:27:24

Description :
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

CVE ID : CVE-2023-34038
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0017.html | source : security@vmware.com


(8) Vulnérabilité(s) LOW [0.1, 3.9]

Source : github.com

Vulnérabilité ID : CVE-2023-38700

Première publication le : 04-08-2023 19:15:09
Dernière modification le : 06-08-2023 12:01:17

Description :
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.

CVE ID : CVE-2023-38700
Source : security-advisories@github.com
Score CVSS : 3.5

Références :
https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q | source : security-advisories@github.com

Vulnérabilité : CWE-200


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4167

Première publication le : 05-08-2023 16:15:23
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183.

CVE ID : CVE-2023-4167
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://github.com/whoamiecho/vuls/blob/main/emby.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236183 | source : cna@vuldb.com
https://vuldb.com/?id.236183 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4170

Première publication le : 05-08-2023 19:15:18
Dernière modification le : 06-08-2023 12:01:01

Description :
A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4170
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://github.com/Wkingxc/CVE/blob/master/dedebiz_XSS.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.236186 | source : cna@vuldb.com
https://vuldb.com/?id.236186 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4173

Première publication le : 06-08-2023 00:15:10
Dernière modification le : 07-08-2023 18:15:10

Description :
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.

CVE ID : CVE-2023-4173
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
http://packetstormsecurity.com/files/174016/mooSocial-3.1.8-Cross-Site-Scripting.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.236208 | source : cna@vuldb.com
https://vuldb.com/?id.236208 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4174

Première publication le : 06-08-2023 01:15:08
Dernière modification le : 07-08-2023 18:15:10

Description :
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.

CVE ID : CVE-2023-4174
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
http://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.236209 | source : cna@vuldb.com
https://vuldb.com/?id.236209 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4175

Première publication le : 06-08-2023 02:15:09
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4175
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.236210 | source : cna@vuldb.com
https://vuldb.com/?id.236210 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4177

Première publication le : 06-08-2023 07:15:42
Dernière modification le : 06-08-2023 12:00:51

Description :
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability.

CVE ID : CVE-2023-4177
Source : cna@vuldb.com
Score CVSS : 2.6

Références :
https://seclists.org/fulldisclosure/2023/Aug/3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.236213 | source : cna@vuldb.com
https://vuldb.com/?id.236213 | source : cna@vuldb.com

Vulnérabilité : CWE-200


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4187

Première publication le : 05-08-2023 18:15:18
Dernière modification le : 06-08-2023 12:01:01

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE ID : CVE-2023-4187
Source : security@huntr.dev
Score CVSS : 3.5

Références :
https://github.com/instantsoft/icms2/commit/1dbc3e6c8fbf5d2dc551cb27fad0de3584dee40f | source : security@huntr.dev
https://huntr.dev/bounties/14941381-b669-4756-94fc-cce172472f8b | source : security@huntr.dev

Vulnérabilité : CWE-79


(127) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-30297

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.

CVE ID : CVE-2023-30297
Source : cve@mitre.org
Score CVSS : /

Références :
https://status.n-able.com/2023/07/27/cve-2023-30297-release-note/ | source : cve@mitre.org
https://www.n-able.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33665

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 04-08-2023 02:45:45

Description :
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

CVE ID : CVE-2023-33665
Source : cve@mitre.org
Score CVSS : /

Références :
https://security.friendsofpresta.org/modules/2023/08/01/aitable.html | source : cve@mitre.org
https://www.boutique.ai-dev.fr/en/ergonomie/56-table-attributes.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36134

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

CVE ID : CVE-2023-36134
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36135

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

CVE ID : CVE-2023-36135
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36137

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.

CVE ID : CVE-2023-36137
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36158

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.

CVE ID : CVE-2023-36158
Source : cve@mitre.org
Score CVSS : /

Références :
http://toll.com | source : cve@mitre.org
https://cyberredteam.tech/posts/cve-2023-36158/ | source : cve@mitre.org
https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md | source : cve@mitre.org
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36159

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

CVE ID : CVE-2023-36159
Source : cve@mitre.org
Score CVSS : /

Références :
http://lost.com | source : cve@mitre.org
https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38941

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.

CVE ID : CVE-2023-38941
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Ehco1996/django-sspanel | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38991

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

CVE ID : CVE-2023-38991
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/thinkgem/jeesite/issues/520 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30146

Première publication le : 04-08-2023 01:15:09
Dernière modification le : 07-08-2023 14:15:11

Description :
Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.

CVE ID : CVE-2023-30146
Source : cve@mitre.org
Score CVSS : /

Références :
https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras/ | source : cve@mitre.org
https://github.com/L1-0/CVE-2023-30146 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29689

Première publication le : 04-08-2023 15:15:10
Dernière modification le : 04-08-2023 15:27:24

Description :
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

CVE ID : CVE-2023-29689
Source : cve@mitre.org
Score CVSS : /

Références :
https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38964

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2023-38964
Source : cve@mitre.org
Score CVSS : /

Références :
https://vida03.gitbook.io/redteam/web/cve-2023-38964 | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-41401

Première publication le : 04-08-2023 17:15:09
Dernière modification le : 04-08-2023 18:53:28

Description :
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

CVE ID : CVE-2022-41401
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180 | source : cve@mitre.org
https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103 | source : cve@mitre.org
https://github.com/ixSly/CVE-2022-41401 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39112

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 04-08-2023 18:53:28

Description :
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.

CVE ID : CVE-2023-39112
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Luci4n555/vul_report/blob/master/vul_1.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39143

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:15:10

Description :
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).

CVE ID : CVE-2023-39143
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ | source : cve@mitre.org
https://www.papercut.com/kb/Main/securitybulletinjuly2023/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33372

Première publication le : 04-08-2023 18:15:11
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

CVE ID : CVE-2023-33372
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33372 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33373

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.

CVE ID : CVE-2023-33373
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33373 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33374

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.

CVE ID : CVE-2023-33374
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33374 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33375

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices.

CVE ID : CVE-2023-33375
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33375 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33376

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33376
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33376 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33377

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33377
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33377 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33378

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33378
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33378 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33379

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.

CVE ID : CVE-2023-33379
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38332

Première publication le : 04-08-2023 18:15:13
Dernière modification le : 04-08-2023 18:53:22

Description :
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.

CVE ID : CVE-2023-38332
Source : cve@mitre.org
Score CVSS : /

Références :
https://manageengine.com | source : cve@mitre.org
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39107

Première publication le : 04-08-2023 18:15:16
Dernière modification le : 04-08-2023 18:53:22

Description :
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.

CVE ID : CVE-2023-39107
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.nomachine.com/SU07U00247 | source : cve@mitre.org
https://kb.nomachine.com/TR07U10948 | source : cve@mitre.org
https://www.ns-echo.com/posts/nomachine_afo.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39551

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 06-08-2023 12:01:17

Description :
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

CVE ID : CVE-2023-39551
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39552

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 06-08-2023 12:01:17

Description :
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).

CVE ID : CVE-2023-39552
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-23564

Première publication le : 05-08-2023 02:15:09
Dernière modification le : 06-08-2023 12:01:01

Description :
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.

CVE ID : CVE-2020-23564
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/a1ertx55/cmstest/blob/main/semcms.md | source : cve@mitre.org
https://github.com/a1ertx55/cmstest/blob/master/semcms.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-46782

Première publication le : 05-08-2023 02:15:10
Dernière modification le : 06-08-2023 12:01:01

Description :
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.

CVE ID : CVE-2022-46782
Source : cve@mitre.org
Score CVSS : /

Références :
https://advisories.stormshield.eu/2022-028/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33367

Première publication le : 05-08-2023 02:15:10
Dernière modification le : 06-08-2023 12:01:01

Description :
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.

CVE ID : CVE-2023-33367
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33367 | source : cve@mitre.org
https://www.controlid.com.br/en/access-control/idsecure/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38943

Première publication le : 05-08-2023 02:15:11
Dernière modification le : 06-08-2023 12:01:01

Description :
ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini.

CVE ID : CVE-2023-38943
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/0x727/ShuiZe_0x727 | source : cve@mitre.org
https://github.com/0x727/ShuiZe_0x727/issues/160 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36095

Première publication le : 05-08-2023 03:15:13
Dernière modification le : 06-08-2023 12:01:01

Description :
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.

CVE ID : CVE-2023-36095
Source : cve@mitre.org
Score CVSS : /

Références :
http://langchain.com | source : cve@mitre.org
https://github.com/hwchase17/langchain | source : cve@mitre.org
https://github.com/langchain-ai/langchain/issues/5872 | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-48579

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

CVE ID : CVE-2022-48579
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-38795

Première publication le : 07-08-2023 14:15:10
Dernière modification le : 07-08-2023 15:41:35

Description :
In Gitea through 1.17.1, repo cloning can occur in the migration function.

CVE ID : CVE-2022-38795
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.gitea.com/release-of-1.17.2/ | source : cve@mitre.org
https://github.com/go-gitea/gitea/pull/20869 | source : cve@mitre.org
https://github.com/go-gitea/gitea/pull/20892 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36220

Première publication le : 07-08-2023 14:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

CVE ID : CVE-2023-36220
Source : cve@mitre.org
Score CVSS : /

Références :
https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html | source : cve@mitre.org
https://release-demo.textpattern.co/ | source : cve@mitre.org
https://textpattern.com/ | source : cve@mitre.org
https://textpattern.com/file_download/118/textpattern-4.8.8.zip | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-27373

Première publication le : 07-08-2023 15:15:10
Dernière modification le : 07-08-2023 15:41:35

Description :
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.

CVE ID : CVE-2023-27373
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.insyde.com/security-pledge/SA-2023035 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-32783

Première publication le : 07-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:20:15

Description :
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.

CVE ID : CVE-2023-32783
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.peteslade.com/post/manageengine-adauditplus-cve-2023-32783 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36054

Première publication le : 07-08-2023 19:15:09
Dernière modification le : 07-08-2023 19:30:24

Description :
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

CVE ID : CVE-2023-36054
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd | source : cve@mitre.org
https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final | source : cve@mitre.org
https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final | source : cve@mitre.org
https://web.mit.edu/kerberos/www/advisories/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36499

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:24

Description :
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

CVE ID : CVE-2023-36499
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38412

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:24

Description :
Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.

CVE ID : CVE-2023-38412
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38591

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:24

Description :
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.

CVE ID : CVE-2023-38591
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38921

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:24

Description :
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

CVE ID : CVE-2023-38921
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38922

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:24

Description :
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

CVE ID : CVE-2023-38922
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38924

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.

CVE ID : CVE-2023-38924
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_password_create_smb_cfg/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38925

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

CVE ID : CVE-2023-38925
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38926

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

CVE ID : CVE-2023-38926
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38928

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.

CVE ID : CVE-2023-38928
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/usb_remote_invite_password | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38929

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer.

CVE ID : CVE-2023-38929
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38930

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

CVE ID : CVE-2023-38930
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38931

Première publication le : 07-08-2023 19:15:10
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

CVE ID : CVE-2023-38931
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38932

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.

CVE ID : CVE-2023-38932
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formSafeEmailFilter | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38933

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

CVE ID : CVE-2023-38933
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38934

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.

CVE ID : CVE-2023-38934
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38935

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

CVE ID : CVE-2023-38935
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38936

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

CVE ID : CVE-2023-38936
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38937

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

CVE ID : CVE-2023-38937
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38938

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

CVE ID : CVE-2023-38938
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38939

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.

CVE ID : CVE-2023-38939
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formWrlsafeset | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38940

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

CVE ID : CVE-2023-38940
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39550

Première publication le : 07-08-2023 19:15:11
Dernière modification le : 07-08-2023 19:30:20

Description :
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.

CVE ID : CVE-2023-39550
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-39379

Première publication le : 04-08-2023 10:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

CVE ID : CVE-2023-39379
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN38847224/ | source : vultures@jpcert.or.jp
https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en | source : vultures@jpcert.or.jp


Source : redhat.com

Vulnérabilité ID : CVE-2023-0264

Première publication le : 04-08-2023 18:15:11
Dernière modification le : 04-08-2023 18:53:22

Description :
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

CVE ID : CVE-2023-0264
Source : secalert@redhat.com
Score CVSS : /

Références :
https://access.redhat.com/security/cve/CVE-2023-0264 | source : secalert@redhat.com


Source : github.com

Vulnérabilité ID : CVE-2023-38707

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 04-08-2023 19:15:10

Description :
** REJECT ** This CVE has been rejected because of [CNA rule 7.4.7](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules): ``` 7.4.7 CNAs SHOULD NOT assign CVE IDs to vulnerabilities in products that are not publicly available or licensable. ``` The repository with the vulnerable code is private, and therefore the product is not publicly available.

CVE ID : CVE-2023-38707
Source : security-advisories@github.com
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-38696

Première publication le : 04-08-2023 20:15:09
Dernière modification le : 04-08-2023 20:15:09

Description :
** REJECT ** This CVE has been rejected because it is unclear whether the issue rests in the original repository `microsoft/ContosoAir`, the forked repository `Apetree100122/ContosoAir`, or both. If the Microsoft repository is vulnerable, [Microsoft](https://www.cve.org/PartnerInformation/ListofPartners/partner/microsoft) is the appropriate CVE Numbering Authority.

CVE ID : CVE-2023-38696
Source : security-advisories@github.com
Score CVSS : /

Références :


Source : google.com

Vulnérabilité ID : CVE-2022-4955

Première publication le : 04-08-2023 20:15:09
Dernière modification le : 06-08-2023 12:01:17

Description :
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE ID : CVE-2022-4955
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html | source : chrome-cve-admin@google.com
https://crbug.com/1349146 | source : chrome-cve-admin@google.com


Source : apache.org

Vulnérabilité ID : CVE-2023-39508

Première publication le : 05-08-2023 07:15:43
Dernière modification le : 06-08-2023 12:01:01

Description :
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0.

CVE ID : CVE-2023-39508
Source : security@apache.org
Score CVSS : /

Références :
http://seclists.org/fulldisclosure/2023/Jul/43 | source : security@apache.org
https://github.com/apache/airflow/pull/29706 | source : security@apache.org
https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15 | source : security@apache.org

Vulnérabilité : CWE-200
Vulnérabilité : CWE-250


Vulnérabilité ID : CVE-2023-37581

Première publication le : 06-08-2023 08:15:09
Dernière modification le : 06-08-2023 14:15:10

Description :
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?

CVE ID : CVE-2023-37581
Source : security@apache.org
Score CVSS : /

Références :
http://seclists.org/fulldisclosure/2023/Jul/43 | source : security@apache.org
https://lists.apache.org/thread/n9mjhhlm7z7b7to646tkvf3otkf21flp | source : security@apache.org

Vulnérabilité : CWE-20


Source : unisoc.com

Vulnérabilité ID : CVE-2022-47350

Première publication le : 07-08-2023 02:15:09
Dernière modification le : 07-08-2023 12:57:26

Description :
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE ID : CVE-2022-47350
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2022-47351

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE ID : CVE-2022-47351
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33906

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33906
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33907

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33907
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33908

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33908
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33909

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33909
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33910

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33910
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33911

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33911
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33912

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE ID : CVE-2023-33912
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Vulnérabilité ID : CVE-2023-33913

Première publication le : 07-08-2023 02:15:10
Dernière modification le : 07-08-2023 12:57:26

Description :
In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed

CVE ID : CVE-2023-33913
Source : security@unisoc.com
Score CVSS : /

Références :
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 | source : security@unisoc.com


Source : mediatek.com

Vulnérabilité ID : CVE-2023-20780

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.

CVE ID : CVE-2023-20780
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20781

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.

CVE ID : CVE-2023-20781
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20782

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.

CVE ID : CVE-2023-20782
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20783

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.

CVE ID : CVE-2023-20783
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20784

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.

CVE ID : CVE-2023-20784
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20785

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524.

CVE ID : CVE-2023-20785
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20786

Première publication le : 07-08-2023 04:15:12
Dernière modification le : 07-08-2023 12:57:21

Description :
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.

CVE ID : CVE-2023-20786
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20787

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734.

CVE ID : CVE-2023-20787
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20788

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735.

CVE ID : CVE-2023-20788
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20789

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.

CVE ID : CVE-2023-20789
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20790

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.

CVE ID : CVE-2023-20790
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20793

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.

CVE ID : CVE-2023-20793
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20795

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.

CVE ID : CVE-2023-20795
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20796

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.

CVE ID : CVE-2023-20796
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20797

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.

CVE ID : CVE-2023-20797
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20798

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.

CVE ID : CVE-2023-20798
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20800

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

CVE ID : CVE-2023-20800
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20801

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.

CVE ID : CVE-2023-20801
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20802

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:21

Description :
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.

CVE ID : CVE-2023-20802
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20803

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:14

Description :
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.

CVE ID : CVE-2023-20803
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20804

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:14

Description :
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.

CVE ID : CVE-2023-20804
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20805

Première publication le : 07-08-2023 04:15:13
Dernière modification le : 07-08-2023 12:57:14

Description :
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.

CVE ID : CVE-2023-20805
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20806

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.

CVE ID : CVE-2023-20806
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20807

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.

CVE ID : CVE-2023-20807
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20808

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.

CVE ID : CVE-2023-20808
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20809

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.

CVE ID : CVE-2023-20809
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20810

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

CVE ID : CVE-2023-20810
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20811

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

CVE ID : CVE-2023-20811
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20812

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.

CVE ID : CVE-2023-20812
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20813

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549.

CVE ID : CVE-2023-20813
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20814

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560.

CVE ID : CVE-2023-20814
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20815

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453587; Issue ID: ALPS07453587.

CVE ID : CVE-2023-20815
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20816

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453589; Issue ID: ALPS07453589.

CVE ID : CVE-2023-20816
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20817

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600.

CVE ID : CVE-2023-20817
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Vulnérabilité ID : CVE-2023-20818

Première publication le : 07-08-2023 04:15:14
Dernière modification le : 07-08-2023 12:57:14

Description :
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.

CVE ID : CVE-2023-20818
Source : security@mediatek.com
Score CVSS : /

Références :
https://corp.mediatek.com/product-security-bulletin/August-2023 | source : security@mediatek.com


Source : wpscan.com

Vulnérabilité ID : CVE-2021-24916

Première publication le : 07-08-2023 15:15:10
Dernière modification le : 07-08-2023 15:41:35

Description :
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

CVE ID : CVE-2021-24916
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/93b893be-59ad-4500-8edb-9fa7a45304d5 | source : contact@wpscan.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-0604

Première publication le : 07-08-2023 15:15:10
Dernière modification le : 07-08-2023 15:41:35

Description :
The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-0604
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/4492b5ad-c339-47f5-9003-a9c5f23efdd9 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-2843

Première publication le : 07-08-2023 15:15:10
Dernière modification le : 07-08-2023 15:41:35

Description :
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

CVE ID : CVE-2023-2843
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/8e713eaf-f332-47e2-a131-c14222201fdc | source : contact@wpscan.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3365

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment

CVE ID : CVE-2023-3365
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/21ce5baa-8085-4053-8d8b-f7d3e2ae70c1 | source : contact@wpscan.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-3492

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

CVE ID : CVE-2023-3492
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40 | source : contact@wpscan.com

Vulnérabilité : CWE-352
Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3524

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

CVE ID : CVE-2023-3524
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/89570379-769b-4684-b8a7-28c37b408e5d | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3575

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-3575
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/6f884688-2c0d-4844-bd31-ef7085edf112 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3650

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE ID : CVE-2023-3650
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/0a0ecdff-c961-4947-bf7e-bd2392501e33 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3671

Première publication le : 07-08-2023 15:15:11
Dernière modification le : 07-08-2023 15:41:35

Description :
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-3671
Source : contact@wpscan.com
Score CVSS : /

Références :
https://wpscan.com/vulnerability/8b765f39-38e0-49c7-843a-a5b9375a32e7 | source : contact@wpscan.com

Vulnérabilité : CWE-79


Source : joomla.org

Vulnérabilité ID : CVE-2023-23757

Première publication le : 07-08-2023 17:15:09
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

CVE ID : CVE-2023-23757
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/extension/ba-gallery/ | source : security@joomla.org

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-23758

Première publication le : 07-08-2023 17:15:10
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

CVE ID : CVE-2023-23758
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/extension/creative-gallery/ | source : security@joomla.org

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-34476

Première publication le : 07-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

CVE ID : CVE-2023-34476
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/extension/proforms-basic/ | source : security@joomla.org

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-34477

Première publication le : 07-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

CVE ID : CVE-2023-34477
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/extension/online-virtual-classroom/ | source : security@joomla.org

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-38044

Première publication le : 07-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

CVE ID : CVE-2023-38044
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/vulnerable-extensions/resolved/hikashop-versions-from-4-4-1-to-4-7-2-are-affected-sql-injection/ | source : security@joomla.org
https://www.hikashop.com/support/documentation/56-hikashop-changelog.html | source : security@joomla.org

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-38045

Première publication le : 07-08-2023 17:15:11
Dernière modification le : 07-08-2023 18:20:15

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

CVE ID : CVE-2023-38045
Source : security@joomla.org
Score CVSS : /

Références :
https://extensions.joomla.org/extension/admiror-gallery/ | source : security@joomla.org

Vulnérabilité : CWE-79


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.