Dernières vulnérabilités du Mardi 29 Août 2023

Dernières vulnérabilités du Mardi 29 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 29/08/2023 à 23:58:02

(2) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : vmware.com

Vulnérabilité ID : CVE-2023-34039

Première publication le : 29-08-2023 18:15:08
Dernière modification le : 29-08-2023 20:41:07

Description :
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

CVE ID : CVE-2023-34039
Source : security@vmware.com
Score CVSS : 9.8

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0018.html | source : security@vmware.com


Source : ncsc.nl

Vulnérabilité ID : CVE-2023-23770

Première publication le : 29-08-2023 09:15:07
Dernière modification le : 29-08-2023 13:34:55

Description :
Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.

CVE ID : CVE-2023-23770
Source : cert@ncsc.nl
Score CVSS : 9.4

Références :
https://tetraburst.com/ | source : cert@ncsc.nl


(9) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : ncsc.nl

Vulnérabilité ID : CVE-2023-23771

Première publication le : 29-08-2023 09:15:08
Dernière modification le : 29-08-2023 13:34:55

Description :
Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.

CVE ID : CVE-2023-23771
Source : cert@ncsc.nl
Score CVSS : 8.4

Références :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnérabilité ID : CVE-2023-23774

Première publication le : 29-08-2023 09:15:09
Dernière modification le : 29-08-2023 13:34:55

Description :
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

CVE ID : CVE-2023-23774
Source : cert@ncsc.nl
Score CVSS : 8.4

Références :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnérabilité ID : CVE-2023-23772

Première publication le : 29-08-2023 09:15:09
Dernière modification le : 29-08-2023 13:34:55

Description :
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

CVE ID : CVE-2023-23772
Source : cert@ncsc.nl
Score CVSS : 7.2

Références :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnérabilité ID : CVE-2023-23773

Première publication le : 29-08-2023 09:15:09
Dernière modification le : 29-08-2023 13:34:55

Description :
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

CVE ID : CVE-2023-23773
Source : cert@ncsc.nl
Score CVSS : 7.2

Références :
https://tetraburst.com/ | source : cert@ncsc.nl


Source : hpe.com

Vulnérabilité ID : CVE-2023-39266

Première publication le : 29-08-2023 20:15:09
Dernière modification le : 29-08-2023 20:41:07

Description :
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

CVE ID : CVE-2023-39266
Source : security-alert@hpe.com
Score CVSS : 8.3

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt | source : security-alert@hpe.com


Source : emc.com

Vulnérabilité ID : CVE-2023-32457

Première publication le : 29-08-2023 08:15:34
Dernière modification le : 29-08-2023 13:34:55

Description :
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.

CVE ID : CVE-2023-32457
Source : security_alert@emc.com
Score CVSS : 7.5

Références :
https://www.dell.com/support/kbdoc/en-us/000216916/dsa-2023-277-security-update-for-dell-powerscale-onefs-for-improper-privilege-management-vulnerability | source : security_alert@emc.com

Vulnérabilité : CWE-267


Source : hq.dhs.gov

Vulnérabilité ID : CVE-2023-4346

Première publication le : 29-08-2023 20:15:10
Dernière modification le : 29-08-2023 20:41:07

Description :
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way.

CVE ID : CVE-2023-4346
Source : ics-cert@hq.dhs.gov
Score CVSS : 7.5

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-645


Source : vmware.com

Vulnérabilité ID : CVE-2023-20890

Première publication le : 29-08-2023 18:15:08
Dernière modification le : 29-08-2023 20:41:07

Description :
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

CVE ID : CVE-2023-20890
Source : security@vmware.com
Score CVSS : 7.2

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0018.html | source : security@vmware.com


Source : patchstack.com

Vulnérabilité ID : CVE-2023-32241

Première publication le : 29-08-2023 21:15:09
Dernière modification le : 29-08-2023 21:15:09

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.

CVE ID : CVE-2023-32241
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/essential-addons-elementor/wordpress-essential-addons-for-elementor-pro-plugin-5-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


(11) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : tenable.com

Vulnérabilité ID : CVE-2023-3252

Première publication le : 29-08-2023 19:15:27
Dernière modification le : 29-08-2023 20:41:07

Description :
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.

CVE ID : CVE-2023-3252
Source : vulnreport@tenable.com
Score CVSS : 6.8

Références :
https://www.tenable.com/security/tns-2023-29 | source : vulnreport@tenable.com


Vulnérabilité ID : CVE-2023-3253

Première publication le : 29-08-2023 20:15:10
Dernière modification le : 29-08-2023 20:41:07

Description :
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

CVE ID : CVE-2023-3253
Source : vulnreport@tenable.com
Score CVSS : 4.3

Références :
https://www.tenable.com/security/tns-2023-29 | source : vulnreport@tenable.com


Vulnérabilité ID : CVE-2023-3251

Première publication le : 29-08-2023 19:15:27
Dernière modification le : 29-08-2023 20:41:07

Description :
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

CVE ID : CVE-2023-3251
Source : vulnreport@tenable.com
Score CVSS : 4.1

Références :
https://www.tenable.com/security/tns-2023-29 | source : vulnreport@tenable.com

Vulnérabilité : CWE-522


Source : hpe.com

Vulnérabilité ID : CVE-2023-39267

Première publication le : 29-08-2023 20:15:09
Dernière modification le : 29-08-2023 20:41:07

Description :
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

CVE ID : CVE-2023-39267
Source : security-alert@hpe.com
Score CVSS : 6.6

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt | source : security-alert@hpe.com


Vulnérabilité ID : CVE-2023-39268

Première publication le : 29-08-2023 20:15:09
Dernière modification le : 29-08-2023 20:41:07

Description :
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVE ID : CVE-2023-39268
Source : security-alert@hpe.com
Score CVSS : 4.5

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt | source : security-alert@hpe.com


Source : arista.com

Vulnérabilité ID : CVE-2023-3646

Première publication le : 29-08-2023 17:15:12
Dernière modification le : 29-08-2023 18:14:25

Description :
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

CVE ID : CVE-2023-3646
Source : psirt@arista.com
Score CVSS : 5.9

Références :
https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | source : psirt@arista.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-24548

Première publication le : 29-08-2023 17:15:11
Dernière modification le : 29-08-2023 18:14:25

Description :
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

CVE ID : CVE-2023-24548
Source : psirt@arista.com
Score CVSS : 5.3

Références :
https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089 | source : psirt@arista.com

Vulnérabilité : CWE-120


Source : hitachi.co.jp

Vulnérabilité ID : CVE-2023-1995

Première publication le : 29-08-2023 02:15:07
Dernière modification le : 29-08-2023 05:18:54

Description :
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.

CVE ID : CVE-2023-1995
Source : hirt@hitachi.co.jp
Score CVSS : 5.3

Références :
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-133/index.html | source : hirt@hitachi.co.jp

Vulnérabilité : CWE-778


Source : github.com

Vulnérabilité ID : CVE-2023-39522

Première publication le : 29-08-2023 18:15:08
Dernière modification le : 29-08-2023 20:41:07

Description :
goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.

CVE ID : CVE-2023-39522
Source : security-advisories@github.com
Score CVSS : 5.3

Références :
https://github.com/goauthentik/authentik/commit/aa874dd92a770d5f8cd8f265b7cdd31cd73a4599 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/security/advisories/GHSA-vmf9-6pcv-xr87 | source : security-advisories@github.com

Vulnérabilité : CWE-203


Vulnérabilité ID : CVE-2023-41037

Première publication le : 29-08-2023 17:15:13
Dernière modification le : 29-08-2023 18:14:25

Description :
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.

CVE ID : CVE-2023-41037
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566 | source : security-advisories@github.com
https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp | source : security-advisories@github.com

Vulnérabilité : CWE-347


Source : mongodb.com

Vulnérabilité ID : CVE-2021-32050

Première publication le : 29-08-2023 16:15:08
Dernière modification le : 29-08-2023 18:14:25

Description :
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

CVE ID : CVE-2021-32050
Source : cna@mongodb.com
Score CVSS : 4.2

Références :
https://jira.mongodb.org/browse/CDRIVER-3797 | source : cna@mongodb.com
https://jira.mongodb.org/browse/CXX-2028 | source : cna@mongodb.com
https://jira.mongodb.org/browse/NODE-3356 | source : cna@mongodb.com
https://jira.mongodb.org/browse/PHPC-1869 | source : cna@mongodb.com
https://jira.mongodb.org/browse/SWIFT-1229 | source : cna@mongodb.com

Vulnérabilité : CWE-200


(2) Vulnérabilité(s) LOW [0.1, 3.9]

Source : cloudflare.com

Vulnérabilité ID : CVE-2023-0238

Première publication le : 29-08-2023 15:15:07
Dernière modification le : 29-08-2023 18:14:25

Description :
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

CVE ID : CVE-2023-0238
Source : cna@cloudflare.com
Score CVSS : 3.9

Références :
https://developers.cloudflare.com/warp-client/ | source : cna@cloudflare.com
https://github.com/cloudflare/advisories/security/advisories/GHSA-23rx-f69w-g75c | source : cna@cloudflare.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-0654

Première publication le : 29-08-2023 16:15:08
Dernière modification le : 29-08-2023 18:14:25

Description :
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

CVE ID : CVE-2023-0654
Source : cna@cloudflare.com
Score CVSS : 3.9

Références :
https://developers.cloudflare.com/warp-client/ | source : cna@cloudflare.com
https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7 | source : cna@cloudflare.com

Vulnérabilité : CWE-1021


(18) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-41358

Première publication le : 29-08-2023 04:15:16
Dernière modification le : 29-08-2023 05:18:54

Description :
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

CVE ID : CVE-2023-41358
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FRRouting/frr/pull/14260 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41359

Première publication le : 29-08-2023 04:15:16
Dernière modification le : 29-08-2023 05:18:54

Description :
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

CVE ID : CVE-2023-41359
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FRRouting/frr/pull/14232 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41360

Première publication le : 29-08-2023 04:15:16
Dernière modification le : 29-08-2023 05:18:54

Description :
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

CVE ID : CVE-2023-41360
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FRRouting/frr/pull/14245 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41361

Première publication le : 29-08-2023 04:15:17
Dernière modification le : 29-08-2023 05:18:54

Description :
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

CVE ID : CVE-2023-41361
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FRRouting/frr/pull/14241 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41363

Première publication le : 29-08-2023 05:15:43
Dernière modification le : 29-08-2023 05:18:54

Description :
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.

CVE ID : CVE-2023-41363
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40787

Première publication le : 29-08-2023 13:15:53
Dernière modification le : 29-08-2023 13:34:55

Description :
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

CVE ID : CVE-2023-40787
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/kaliwin/9d6cf58bb6ec06765cdf7b75e13ee460 | source : cve@mitre.org
https://sword.bladex.cn/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38283

Première publication le : 29-08-2023 16:15:08
Dernière modification le : 29-08-2023 18:14:25

Description :
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.

CVE ID : CVE-2023-38283
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling | source : cve@mitre.org
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig | source : cve@mitre.org
https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1 | source : cve@mitre.org
https://news.ycombinator.com/item?id=37305800 | source : cve@mitre.org
https://www.openbsd.org/errata73.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38802

Première publication le : 29-08-2023 16:15:09
Dernière modification le : 29-08-2023 18:14:25

Description :
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVE ID : CVE-2023-38802
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling | source : cve@mitre.org
https://news.ycombinator.com/item?id=37305800 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41362

Première publication le : 29-08-2023 16:15:09
Dernière modification le : 29-08-2023 18:14:25

Description :
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.

CVE ID : CVE-2023-41362
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch | source : cve@mitre.org
https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5 | source : cve@mitre.org
https://mybb.com/versions/1.8.36/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41376

Première publication le : 29-08-2023 16:15:09
Dernière modification le : 29-08-2023 18:14:25

Description :
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.

CVE ID : CVE-2023-41376
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling | source : cve@mitre.org
https://news.ycombinator.com/item?id=37305800 | source : cve@mitre.org
https://www.nokia.com/networks/technologies/service-router-operating-system/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39615

Première publication le : 29-08-2023 17:15:12
Dernière modification le : 29-08-2023 18:14:25

Description :
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.

CVE ID : CVE-2023-39615
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39616

Première publication le : 29-08-2023 17:15:12
Dernière modification le : 29-08-2023 18:14:25

Description :
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

CVE ID : CVE-2023-39616
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40889

Première publication le : 29-08-2023 17:15:12
Dernière modification le : 29-08-2023 18:14:25

Description :
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

CVE ID : CVE-2023-40889
Source : cve@mitre.org
Score CVSS : /

Références :
https://hackmd.io/@cspl/B1ZkFZv23 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40890

Première publication le : 29-08-2023 17:15:12
Dernière modification le : 29-08-2023 18:14:25

Description :
A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

CVE ID : CVE-2023-40890
Source : cve@mitre.org
Score CVSS : /

Références :
https://hackmd.io/@cspl/H1PxPAUnn | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-3262

Première publication le : 29-08-2023 20:15:09
Dernière modification le : 29-08-2023 20:41:07

Description :
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.

CVE ID : CVE-2021-3262
Source : cve@mitre.org
Score CVSS : /

Références :
http://tripspark.com | source : cve@mitre.org
http://veo.com | source : cve@mitre.org
https://susos.co/blog/f/cve-disclosureuncovered-sql-injection-in-tripspark-veo-transport | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39663

Première publication le : 29-08-2023 20:15:09
Dernière modification le : 29-08-2023 20:41:07

Description :
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.

CVE ID : CVE-2023-39663
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/mathjax/MathJax/issues/3074 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39678

Première publication le : 29-08-2023 20:15:10
Dernière modification le : 29-08-2023 20:41:07

Description :
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

CVE ID : CVE-2023-39678
Source : cve@mitre.org
Score CVSS : /

Références :
https://telegra.ph/XSS-in-BDCOM-OLT-P3310D-2AC-07-29 | source : cve@mitre.org


Source : google.com

Vulnérabilité ID : CVE-2023-4572

Première publication le : 29-08-2023 20:15:10
Dernière modification le : 29-08-2023 20:41:07

Description :
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-4572
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html | source : chrome-cve-admin@google.com
https://crbug.com/1472492 | source : chrome-cve-admin@google.com


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.