Dernières vulnérabilités du Mardi 5 Septembre 2023

Dernières vulnérabilités du Mardi 5 Septembre 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 05/09/2023 à 23:58:02

(12) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : qualcomm.com

Vulnérabilité ID : CVE-2023-28562

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption while handling payloads from remote ESL.

CVE ID : CVE-2023-28562
Source : product-security@qualcomm.com
Score CVSS : 9.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28581

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.

CVE ID : CVE-2023-28581
Source : product-security@qualcomm.com
Score CVSS : 9.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Source : usom.gov.tr

Vulnérabilité ID : CVE-2023-3374

Première publication le : 05-09-2023 17:15:09
Dernière modification le : 05-09-2023 17:31:50

Description :
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

CVE ID : CVE-2023-3374
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0489 | source : cve@usom.gov.tr

Vulnérabilité : CWE-184


Vulnérabilité ID : CVE-2023-35065

Première publication le : 05-09-2023 18:15:10
Dernière modification le : 05-09-2023 18:29:49

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.

CVE ID : CVE-2023-35065
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0490 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-35068

Première publication le : 05-09-2023 18:15:10
Dernière modification le : 05-09-2023 18:29:49

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.

CVE ID : CVE-2023-35068
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0491 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-35072

Première publication le : 05-09-2023 18:15:10
Dernière modification le : 05-09-2023 18:29:49

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .

CVE ID : CVE-2023-35072
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0492 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3616

Première publication le : 05-09-2023 18:15:11
Dernière modification le : 05-09-2023 18:29:49

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

CVE ID : CVE-2023-3616
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0493 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4034

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 19:15:48

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0.

CVE ID : CVE-2023-4034
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0494 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4531

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 19:15:48

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection.This issue affects E-commerce Software: before 20230901 .

CVE ID : CVE-2023-4531
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0495 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3375

Première publication le : 05-09-2023 17:15:09
Dernière modification le : 05-09-2023 17:31:50

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.

CVE ID : CVE-2023-3375
Source : cve@usom.gov.tr
Score CVSS : 9.1

Références :
https://www.usom.gov.tr/bildirim/tr-23-0489 | source : cve@usom.gov.tr

Vulnérabilité : CWE-434


Source : github.com

Vulnérabilité ID : CVE-2023-39361

Première publication le : 05-09-2023 21:15:46
Dernière modification le : 05-09-2023 21:15:46

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-39361
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg | source : security-advisories@github.com

Vulnérabilité : CWE-89


Source : mitre.org

Vulnérabilité ID : CVE-2017-9453

Première publication le : 05-09-2023 18:15:08
Dernière modification le : 05-09-2023 18:29:49

Description :
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.

CVE ID : CVE-2017-9453
Source : cve@mitre.org
Score CVSS : 9.0

Références :
https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html | source : cve@mitre.org


(34) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : synopsys.com

Vulnérabilité ID : CVE-2023-2453

Première publication le : 05-09-2023 15:15:42
Dernière modification le : 05-09-2023 17:31:50

Description :
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.

CVE ID : CVE-2023-2453
Source : disclosure@synopsys.com
Score CVSS : 8.8

Références :
https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ | source : disclosure@synopsys.com

Vulnérabilité : CWE-829


Source : github.com

Vulnérabilité ID : CVE-2023-39359

Première publication le : 05-09-2023 21:15:46
Dernière modification le : 05-09-2023 21:15:46

Description :
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-39359
Source : security-advisories@github.com
Score CVSS : 8.8

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h | source : security-advisories@github.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-41317

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 19:15:48

Description :
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following conditions are met**: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 ("impacted versions"); **and** 2. The Supergraph schema provided to the Router (either via Apollo Uplink or explicitly via other configuration) **has a `subscription` type** with root-fields defined; **and** 3. The YAML configuration provided to the Router **has subscriptions enabled** (they are _disabled_ by default), either by setting `enabled: true` _or_ by setting a valid `mode` within the `subscriptions` object (as seen in [subscriptions' documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup)); **and** 4. An [anonymous](https://spec.graphql.org/draft/#sec-Anonymous-Operation-Definitions) (i.e., un-named) `subscription` operation (e.g., `subscription { ... }`) is received by the Router If **all four** of these criteria are met, the impacted versions will panic and terminate. There is no data-privacy risk or sensitive-information exposure aspect to this vulnerability. This is fixed in Apollo Router v1.29.1. Users are advised to upgrade. Updating to v1.29.1 should be a clear and simple upgrade path for those running impacted versions. However, if Subscriptions are **not** necessary for your Graph – but are enabled via configuration — then disabling subscriptions is another option to mitigate the risk.

CVE ID : CVE-2023-41317
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/apollographql/router/commit/b295c103dd86c57c848397d32e8094edfa8502aa | source : security-advisories@github.com
https://github.com/apollographql/router/releases/tag/v1.29.1 | source : security-advisories@github.com
https://github.com/apollographql/router/security/advisories/GHSA-w8vq-3hf9-xppx | source : security-advisories@github.com

Vulnérabilité : CWE-755


Source : qualcomm.com

Vulnérabilité ID : CVE-2022-33275

Première publication le : 05-09-2023 07:15:11
Dernière modification le : 05-09-2023 12:54:56

Description :
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

CVE ID : CVE-2022-33275
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2022-40534

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Memory corruption due to improper validation of array index in Audio.

CVE ID : CVE-2022-40534
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28538

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

CVE ID : CVE-2023-28538
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-33021

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Memory corruption in Graphics while processing user packets for command submission.

CVE ID : CVE-2023-33021
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28543

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).

CVE ID : CVE-2023-28543
Source : product-security@qualcomm.com
Score CVSS : 8.1

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21662

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in Core Platform while printing the response buffer in log.

CVE ID : CVE-2023-21662
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21664

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory Corruption in Core Platform while printing the response buffer in log.

CVE ID : CVE-2023-21664
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28544

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

CVE ID : CVE-2023-28544
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28548

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

CVE ID : CVE-2023-28548
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28549

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

CVE ID : CVE-2023-28549
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28557

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

CVE ID : CVE-2023-28557
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28558

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN handler while processing PhyID in Tx status handler.

CVE ID : CVE-2023-28558
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28559

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

CVE ID : CVE-2023-28559
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28560

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

CVE ID : CVE-2023-28560
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28564

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

CVE ID : CVE-2023-28564
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28565

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE ID : CVE-2023-28565
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28567

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while handling command through WMI interfaces.

CVE ID : CVE-2023-28567
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28573

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in WLAN HAL while parsing WMI command parameters.

CVE ID : CVE-2023-28573
Source : product-security@qualcomm.com
Score CVSS : 7.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21646

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Transient DOS in Modem while processing invalid System Information Block 1.

CVE ID : CVE-2023-21646
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21653

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Transient DOS in Modem while processing RRC reconfiguration message.

CVE ID : CVE-2023-21653
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28584

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

CVE ID : CVE-2023-28584
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-33015

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVE ID : CVE-2023-33015
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-33016

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

CVE ID : CVE-2023-33016
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-33019

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

CVE ID : CVE-2023-33019
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-33020

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVE ID : CVE-2023-33020
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Source : usom.gov.tr

Vulnérabilité ID : CVE-2023-4178

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 19:15:48

Description :
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.

CVE ID : CVE-2023-4178
Source : cve@usom.gov.tr
Score CVSS : 8.2

Références :
https://www.usom.gov.tr/bildirim/tr-23-0496 | source : cve@usom.gov.tr

Vulnérabilité : CWE-290


Source : cisco.com

Vulnérabilité ID : CVE-2023-31242

Première publication le : 05-09-2023 17:15:08
Dernière modification le : 05-09-2023 18:15:08

Description :
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-31242
Source : talos-cna@cisco.com
Score CVSS : 8.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | source : talos-cna@cisco.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-34998

Première publication le : 05-09-2023 17:15:09
Dernière modification le : 05-09-2023 18:15:09

Description :
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.

CVE ID : CVE-2023-34998
Source : talos-cna@cisco.com
Score CVSS : 8.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770 | source : talos-cna@cisco.com

Vulnérabilité : CWE-319


Vulnérabilité ID : CVE-2023-34353

Première publication le : 05-09-2023 17:15:08
Dernière modification le : 05-09-2023 18:15:09

Description :
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

CVE ID : CVE-2023-34353
Source : talos-cna@cisco.com
Score CVSS : 7.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | source : talos-cna@cisco.com

Vulnérabilité : CWE-330


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4781

Première publication le : 05-09-2023 19:15:49
Dernière modification le : 05-09-2023 19:15:49

Description :
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE ID : CVE-2023-4781
Source : security@huntr.dev
Score CVSS : 7.8

Références :
https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 | source : security@huntr.dev
https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883 | source : security@huntr.dev

Vulnérabilité : CWE-122


Source : us.ibm.com

Vulnérabilité ID : CVE-2023-35892

Première publication le : 05-09-2023 00:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.

CVE ID : CVE-2023-35892
Source : psirt@us.ibm.com
Score CVSS : 7.1

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030359 | source : psirt@us.ibm.com

Vulnérabilité : CWE-611


(29) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : qualcomm.com

Vulnérabilité ID : CVE-2022-40524

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

CVE ID : CVE-2022-40524
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21636

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Memory Corruption due to improper validation of array index in Linux while updating adn record.

CVE ID : CVE-2023-21636
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21644

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:56

Description :
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

CVE ID : CVE-2023-21644
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21654

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in Audio during playback session with audio effects enabled.

CVE ID : CVE-2023-21654
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21655

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory corruption in Audio while validating and mapping metadata.

CVE ID : CVE-2023-21655
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21663

Première publication le : 05-09-2023 07:15:12
Dernière modification le : 05-09-2023 12:54:51

Description :
Memory Corruption while accessing metadata in Display.

CVE ID : CVE-2023-21663
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21667

Première publication le : 05-09-2023 07:15:13
Dernière modification le : 05-09-2023 12:54:51

Description :
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

CVE ID : CVE-2023-21667
Source : product-security@qualcomm.com
Score CVSS : 6.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2022-33220

Première publication le : 05-09-2023 07:15:11
Dernière modification le : 05-09-2023 12:54:56

Description :
Information disclosure in Automotive multimedia due to buffer over-read.

CVE ID : CVE-2022-33220
Source : product-security@qualcomm.com
Score CVSS : 5.1

Références :
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin | source : product-security@qualcomm.com


Source : cisco.com

Vulnérabilité ID : CVE-2023-32271

Première publication le : 05-09-2023 17:15:08
Dernière modification le : 05-09-2023 18:15:09

Description :
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-32271
Source : talos-cna@cisco.com
Score CVSS : 6.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | source : talos-cna@cisco.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-32615

Première publication le : 05-09-2023 17:15:08
Dernière modification le : 05-09-2023 18:15:09

Description :
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-32615
Source : talos-cna@cisco.com
Score CVSS : 6.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771 | source : talos-cna@cisco.com

Vulnérabilité : CWE-73


Vulnérabilité ID : CVE-2023-34317

Première publication le : 05-09-2023 17:15:08
Dernière modification le : 05-09-2023 18:15:09

Description :
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-34317
Source : talos-cna@cisco.com
Score CVSS : 6.5

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | source : talos-cna@cisco.com

Vulnérabilité : CWE-20


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4748

Première publication le : 05-09-2023 06:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238637 was assigned to this vulnerability.

CVE ID : CVE-2023-4748
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/houseoforange/mybugs/blob/main/Yongyou-UFIDA-NC-Arbitrary-File-Read.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.238637 | source : cna@vuldb.com
https://vuldb.com/?id.238637 | source : cna@vuldb.com

Vulnérabilité : CWE-22


Source : github.com

Vulnérabilité ID : CVE-2023-39360

Première publication le : 05-09-2023 21:15:46
Dernière modification le : 05-09-2023 21:15:46

Description :
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39360
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39366

Première publication le : 05-09-2023 21:15:46
Dernière modification le : 05-09-2023 21:15:46

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39366
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39510

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39510
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39512

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39512
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39513

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. _CENSUS_ found that an adversary that is able to configure a data-query template with malicious code appended in the template path, in order to deploy a stored XSS attack against any user with the _General Administration>Sites/Devices/Data_ privileges. A user that possesses the _Template Editor>Data Queries_ permissions can configure the data query template path in _cacti_. Please note that such a user may be a low privileged user. This configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing an existing or adding a new data query template. If a template is linked to a device then the formatted template path will be rendered in the device's management page, when a _verbose data query_ is requested. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39513
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39514

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping.

CVE ID : CVE-2023-39514
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39515

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE ID : CVE-2023-39515
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h | source : security-advisories@github.com

Vulnérabilité : CWE-79


Source : us.ibm.com

Vulnérabilité ID : CVE-2023-22870

Première publication le : 05-09-2023 01:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.

CVE ID : CVE-2023-22870
Source : psirt@us.ibm.com
Score CVSS : 5.9

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/244121 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com

Vulnérabilité : CWE-319


Vulnérabilité ID : CVE-2023-35906

Première publication le : 05-09-2023 01:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.

CVE ID : CVE-2023-35906
Source : psirt@us.ibm.com
Score CVSS : 5.3

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/259649 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029681 | source : psirt@us.ibm.com

Vulnérabilité : CWE-348


Vulnérabilité ID : CVE-2023-32338

Première publication le : 05-09-2023 00:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

CVE ID : CVE-2023-32338
Source : psirt@us.ibm.com
Score CVSS : 5.1

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/255585 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7029765 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7029766 | source : psirt@us.ibm.com


Vulnérabilité ID : CVE-2023-29261

Première publication le : 05-09-2023 01:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.

CVE ID : CVE-2023-29261
Source : psirt@us.ibm.com
Score CVSS : 5.1

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/252139 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7029765 | source : psirt@us.ibm.com

Vulnérabilité : CWE-922


Vulnérabilité ID : CVE-2022-43903

Première publication le : 05-09-2023 00:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

CVE ID : CVE-2022-43903
Source : psirt@us.ibm.com
Score CVSS : 4.3

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/240894 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030110 | source : psirt@us.ibm.com

Vulnérabilité : CWE-20


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4778

Première publication le : 05-09-2023 16:15:08
Dernière modification le : 05-09-2023 17:31:50

Description :
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE ID : CVE-2023-4778
Source : security@huntr.dev
Score CVSS : 5.9

Références :
https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed | source : security@huntr.dev
https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397 | source : security@huntr.dev

Vulnérabilité : CWE-125


Source : synopsys.com

Vulnérabilité ID : CVE-2023-4480

Première publication le : 05-09-2023 15:15:42
Dernière modification le : 05-09-2023 17:31:50

Description :
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.

CVE ID : CVE-2023-4480
Source : disclosure@synopsys.com
Score CVSS : 5.5

Références :
https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ | source : disclosure@synopsys.com

Vulnérabilité : CWE-538


Source : vmware.com

Vulnérabilité ID : CVE-2023-20897

Première publication le : 05-09-2023 11:15:32
Dernière modification le : 05-09-2023 12:54:46

Description :
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CVE ID : CVE-2023-20897
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://saltproject.io/security-announcements/2023-08-10-advisory/ | source : security@vmware.com


Vulnérabilité ID : CVE-2023-20898

Première publication le : 05-09-2023 11:15:33
Dernière modification le : 05-09-2023 12:54:46

Description :
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

CVE ID : CVE-2023-20898
Source : security@vmware.com
Score CVSS : 4.2

Références :
https://saltproject.io/security-announcements/2023-08-10-advisory/ | source : security@vmware.com


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4636

Première publication le : 05-09-2023 03:15:12
Dernière modification le : 05-09-2023 06:50:39

Description :
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-4636
Source : security@wordfence.com
Score CVSS : 4.4

Références :
https://github.com/xsn1210/vul2/blob/main/xss%5BWordPressFile%5D%20.md | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2961909/user-private-files | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


(2) Vulnérabilité(s) LOW [0.1, 3.9]

Source : cisco.com

Vulnérabilité ID : CVE-2023-34994

Première publication le : 05-09-2023 17:15:09
Dernière modification le : 05-09-2023 18:15:09

Description :
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-34994
Source : talos-cna@cisco.com
Score CVSS : 3.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | source : talos-cna@cisco.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-35124

Première publication le : 05-09-2023 17:15:09
Dernière modification le : 05-09-2023 18:15:10

Description :
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

CVE ID : CVE-2023-35124
Source : talos-cna@cisco.com
Score CVSS : 3.1

Références :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | source : talos-cna@cisco.com

Vulnérabilité : CWE-209


(36) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-36308

Première publication le : 05-09-2023 04:15:08
Dernière modification le : 05-09-2023 06:50:39

Description :
** DISPUTED ** disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

CVE ID : CVE-2023-36308
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/disintegration/imaging/issues/165 | source : cve@mitre.org
https://github.com/disintegration/imaging/releases/tag/v1.6.2 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40936

Première publication le : 05-09-2023 04:15:09
Dernière modification le : 05-09-2023 04:15:09

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-40936
Source : cve@mitre.org
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-40937

Première publication le : 05-09-2023 04:15:09
Dernière modification le : 05-09-2023 04:15:09

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-40937
Source : cve@mitre.org
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-36307

Première publication le : 05-09-2023 05:15:07
Dernière modification le : 05-09-2023 06:50:39

Description :
** DISPUTED ** ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

CVE ID : CVE-2023-36307
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/SimonWaldherr/zplgfa/pull/6 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41908

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.

CVE ID : CVE-2023-41908
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db | source : cve@mitre.org
https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41909

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

CVE ID : CVE-2023-41909
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41910

Première publication le : 05-09-2023 07:15:14
Dernière modification le : 05-09-2023 12:54:46

Description :
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.

CVE ID : CVE-2023-41910
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b | source : cve@mitre.org
https://github.com/lldpd/lldpd/releases/tag/1.0.17 | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-41763

Première publication le : 05-09-2023 13:15:07
Dernière modification le : 05-09-2023 13:33:34

Description :
An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.

CVE ID : CVE-2022-41763
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36361

Première publication le : 05-09-2023 16:15:07
Dernière modification le : 05-09-2023 17:31:50

Description :
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

CVE ID : CVE-2023-36361
Source : cve@mitre.org
Score CVSS : /

Références :
http://audimex.com | source : cve@mitre.org
http://audimexee.com | source : cve@mitre.org
https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41012

Première publication le : 05-09-2023 16:15:07
Dernière modification le : 05-09-2023 17:31:50

Description :
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.

CVE ID : CVE-2023-41012
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4-Identity-verification-has-design-flaws | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41107

Première publication le : 05-09-2023 16:15:08
Dernière modification le : 05-09-2023 17:31:50

Description :
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.

CVE ID : CVE-2023-41107
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-020.txt | source : cve@mitre.org
https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41108

Première publication le : 05-09-2023 16:15:08
Dernière modification le : 05-09-2023 17:31:50

Description :
TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.

CVE ID : CVE-2023-41108
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-021.txt | source : cve@mitre.org
https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021 | source : cve@mitre.org


Vulnérabilité ID : CVE-2015-1390

Première publication le : 05-09-2023 18:15:07
Dernière modification le : 05-09-2023 18:29:49

Description :
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.

CVE ID : CVE-2015-1390
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2015-1391

Première publication le : 05-09-2023 18:15:07
Dernière modification le : 05-09-2023 18:29:49

Description :
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.

CVE ID : CVE-2015-1391
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2015-2201

Première publication le : 05-09-2023 18:15:08
Dernière modification le : 05-09-2023 18:29:49

Description :
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

CVE ID : CVE-2015-2201
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2015-2202

Première publication le : 05-09-2023 18:15:08
Dernière modification le : 05-09-2023 18:29:49

Description :
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CVE ID : CVE-2015-2202
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39598

Première publication le : 05-09-2023 18:15:10
Dernière modification le : 05-09-2023 18:29:49

Description :
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

CVE ID : CVE-2023-39598
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39681

Première publication le : 05-09-2023 18:15:11
Dernière modification le : 05-09-2023 18:29:49

Description :
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.

CVE ID : CVE-2023-39681
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/yanbochen97/CuppaCMS_RCE | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40918

Première publication le : 05-09-2023 18:15:11
Dernière modification le : 05-09-2023 18:29:49

Description :
KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role.

CVE ID : CVE-2023-40918
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/didi/KnowStreaming/issues/1128 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-35593

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 20:15:07

Description :
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.

CVE ID : CVE-2020-35593
Source : cve@mitre.org
Score CVSS : /

Références :
http://web.archive.org/web/20210106175128/https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 | source : cve@mitre.org
https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 | source : cve@mitre.org
https://webapps.bmc.com/support/faces/az/prodallversions.jsp?seqid=304517 | source : cve@mitre.org
https://www.securifera.com/advisories/ | source : cve@mitre.org
https://www.securifera.com/blog/2021/03/08/bmc-patrol-agent-domain-user-to-domain-admin-part-2/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-40546

Première publication le : 05-09-2023 19:15:48
Dernière modification le : 05-09-2023 19:15:48

Description :
Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.

CVE ID : CVE-2021-40546
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/doudoudedi/buffer_overflow/blob/main/Tenda%20AC6%20V4.0-Denial%20of%20Service%20Vulnerability.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39654

Première publication le : 05-09-2023 20:15:07
Dernière modification le : 05-09-2023 20:15:07

Description :
abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict.

CVE ID : CVE-2023-39654
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Leeyangee/leeya_bug/blob/main/%5BWarning%5DSQL%20Injection%20in%20abupy%20%3C=%20v0.4.0.md | source : cve@mitre.org
https://github.com/bbfamily/abu | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41009

Première publication le : 05-09-2023 20:15:07
Dernière modification le : 05-09-2023 20:15:07

Description :
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.

CVE ID : CVE-2023-41009
Source : cve@mitre.org
Score CVSS : /

Références :
http://adlered.com | source : cve@mitre.org
https://github.com/Rabb1tQ/HillstoneCVEs/blob/main/CVE-2023-41009/CVE-2023-41009.md | source : cve@mitre.org
https://github.com/adlered/bolo-solo | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41508

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

CVE ID : CVE-2023-41508
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/redblueteam/CVE-2023-41508/ | source : cve@mitre.org
https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-4310

Première publication le : 05-09-2023 21:15:47
Dernière modification le : 05-09-2023 21:15:47

Description :
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

CVE ID : CVE-2023-4310
Source : cve@mitre.org
Score CVSS : /

Références :
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207 | source : cve@mitre.org
https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access | source : cve@mitre.org

Vulnérabilité : CWE-77


Source : cert.pl

Vulnérabilité ID : CVE-2023-4540

Première publication le : 05-09-2023 08:15:40
Dernière modification le : 05-09-2023 12:54:46

Description :
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

CVE ID : CVE-2023-4540
Source : cvd@cert.pl
Score CVSS : /

Références :
https://cert.pl/posts/2023/09/CVE-2023-4540/ | source : cvd@cert.pl
https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6 | source : cvd@cert.pl

Vulnérabilité : CWE-755


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-38574

Première publication le : 05-09-2023 09:15:08
Dernière modification le : 05-09-2023 12:54:46

Description :
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

CVE ID : CVE-2023-38574
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN60140221/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-39448

Première publication le : 05-09-2023 09:15:08
Dernière modification le : 05-09-2023 12:54:46

Description :
Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

CVE ID : CVE-2023-39448
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN82758000/ | source : vultures@jpcert.or.jp
https://www.ss-proj.org/support/954.html | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-39938

Première publication le : 05-09-2023 09:15:09
Dernière modification le : 05-09-2023 12:54:46

Description :
Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE ID : CVE-2023-39938
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN60140221/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40535

Première publication le : 05-09-2023 09:15:09
Dernière modification le : 05-09-2023 12:54:46

Description :
Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

CVE ID : CVE-2023-40535
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN60140221/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40705

Première publication le : 05-09-2023 09:15:09
Dernière modification le : 05-09-2023 12:54:46

Description :
Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

CVE ID : CVE-2023-40705
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN60140221/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-36492

Première publication le : 05-09-2023 10:15:07
Dernière modification le : 05-09-2023 12:54:46

Description :
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

CVE ID : CVE-2023-36492
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN82758000/ | source : vultures@jpcert.or.jp
https://www.ss-proj.org/support/954.html | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38569

Première publication le : 05-09-2023 10:15:07
Dernière modification le : 05-09-2023 12:54:46

Description :
Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

CVE ID : CVE-2023-38569
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN82758000/ | source : vultures@jpcert.or.jp
https://www.ss-proj.org/support/954.html | source : vultures@jpcert.or.jp


Source : pega.com

Vulnérabilité ID : CVE-2023-32086

Première publication le : 05-09-2023 15:15:42
Dernière modification le : 05-09-2023 15:15:42

Description :
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2023-32086
Source : security@pega.com
Score CVSS : /

Références :


Source : apache.org

Vulnérabilité ID : CVE-2023-40743

Première publication le : 05-09-2023 15:15:42
Dernière modification le : 05-09-2023 17:31:50

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

CVE ID : CVE-2023-40743
Source : security@apache.org
Score CVSS : /

Références :
https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 | source : security@apache.org
https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82 | source : security@apache.org

Vulnérabilité : CWE-20


Source : cert.org

Vulnérabilité ID : CVE-2020-10128

Première publication le : 05-09-2023 20:15:07
Dernière modification le : 05-09-2023 20:15:07

Description :
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.

CVE ID : CVE-2020-10128
Source : cret@cert.org
Score CVSS : /

Références :
https://developer.searchblox.com/v9.2/changelog/version-921 | source : cret@cert.org

Vulnérabilité : CWE-79


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.