Dernières vulnérabilités du Mardi 4 Juillet 2023

Dernières vulnérabilités du Mardi 4 Juillet 2023
{{titre}}

Dernière mise à jour efféctuée le 04/07/2023 à 23:58:02

(0) Vulnérabilité(s) CRITICAL [9.0, 10.0]

(13) Vulnérabilité(s) HIGH [7.0, 8.9]

Vulnérabilité ID : CVE-2023-21672

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE ID : CVE-2023-21672
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-22667

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE ID : CVE-2023-22667
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-22386

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE ID : CVE-2023-22386
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-22387

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE ID : CVE-2023-22387
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-24851

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

CVE ID : CVE-2023-24851
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-24854

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE ID : CVE-2023-24854
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28541

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE ID : CVE-2023-28541
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28542

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in WLAN HOST while fetching TX status information.

CVE ID : CVE-2023-28542
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-25521

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-25521
Source : psirt@nvidia.com
Score CVSS : 7.5

Références :
https://nvidia.custhelp.com/app/answers/detail/a_id/5461 | source : psirt@nvidia.com

Vulnérabilité : CWE-250


Vulnérabilité ID : CVE-2023-25522

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-25522
Source : psirt@nvidia.com
Score CVSS : 7.5

Références :
https://nvidia.custhelp.com/app/answers/detail/a_id/5461 | source : psirt@nvidia.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-21631

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE ID : CVE-2023-21631
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-25516

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.

CVE ID : CVE-2023-25516
Source : psirt@nvidia.com
Score CVSS : 7.1

Références :
https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468 | source : psirt@nvidia.com

Vulnérabilité : CWE-190


Vulnérabilité ID : CVE-2023-25517

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

CVE ID : CVE-2023-25517
Source : psirt@nvidia.com
Score CVSS : 7.1

Références :
https://nvidia.custhelp.com/app/answers/detail/a_id/5468 | source : psirt@nvidia.com

Vulnérabilité : CWE-285


(14) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Vulnérabilité ID : CVE-2023-21629

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE ID : CVE-2023-21629
Source : product-security@qualcomm.com
Score CVSS : 6.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21633

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

CVE ID : CVE-2023-21633
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21635

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

CVE ID : CVE-2023-21635
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21637

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory corruption in Linux while calling system configuration APIs.

CVE ID : CVE-2023-21637
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21638

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.

CVE ID : CVE-2023-21638
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21639

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

CVE ID : CVE-2023-21639
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21640

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVE ID : CVE-2023-21640
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21641

Première publication le : 04-07-2023 05:15:10
Dernière modification le : 04-07-2023 05:15:10

Description :
An app with non-privileged access can change global system brightness and cause undesired system behavior.

CVE ID : CVE-2023-21641
Source : product-security@qualcomm.com
Score CVSS : 6.6

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-2974

Première publication le : 04-07-2023 14:15:09
Dernière modification le : 04-07-2023 14:15:09

Description :
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

CVE ID : CVE-2023-2974
Source : secalert@redhat.com
Score CVSS : 6.5

Références :
https://access.redhat.com/errata/RHSA-2023:3809 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-2974 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2211026 | source : secalert@redhat.com


Vulnérabilité ID : CVE-2023-3502

Première publication le : 04-07-2023 14:15:09
Dernière modification le : 04-07-2023 14:15:09

Description :
A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3502
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/MoeMion233/VulHub/blob/main/Shopping%20Website%20(E-Commerce)%20search-result.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.232950 | source : cna@vuldb.com
https://vuldb.com/?id.232950 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3503

Première publication le : 04-07-2023 15:15:09
Dernière modification le : 04-07-2023 15:15:09

Description :
A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.

CVE ID : CVE-2023-3503
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.232951 | source : cna@vuldb.com
https://vuldb.com/?id.232951 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3504

Première publication le : 04-07-2023 15:15:09
Dernière modification le : 04-07-2023 15:15:09

Description :
A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3504
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.232952 | source : cna@vuldb.com
https://vuldb.com/?id.232952 | source : cna@vuldb.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-21624

Première publication le : 04-07-2023 05:15:09
Dernière modification le : 04-07-2023 05:15:09

Description :
Information disclosure in DSP Services while loading dynamic module.

CVE ID : CVE-2023-21624
Source : product-security@qualcomm.com
Score CVSS : 6.2

Références :
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-30990

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

CVE ID : CVE-2023-30990
Source : psirt@us.ibm.com
Score CVSS : 5.6

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7008573 | source : psirt@us.ibm.com

Vulnérabilité : CWE-94


(3) Vulnérabilité(s) LOW [0.1, 3.9]

Vulnérabilité ID : CVE-2023-3505

Première publication le : 04-07-2023 16:15:09
Dernière modification le : 04-07-2023 16:15:09

Description :
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3505
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232953 | source : cna@vuldb.com
https://vuldb.com/?id.232953 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3506

Première publication le : 04-07-2023 16:15:09
Dernière modification le : 04-07-2023 16:15:09

Description :
A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3506
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232954 | source : cna@vuldb.com
https://vuldb.com/?id.232954 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25523

Première publication le : 04-07-2023 00:15:09
Dernière modification le : 04-07-2023 00:15:09

Description :
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

CVE ID : CVE-2023-25523
Source : psirt@nvidia.com
Score CVSS : 3.3

Références :
https://nvidia.custhelp.com/app/answers/detail/a_id/5469 | source : psirt@nvidia.com

Vulnérabilité : CWE-476


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.