Dernières vulnérabilités du Mardi 8 Août 2023

Dernières vulnérabilités du Mardi 8 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 08/08/2023 à 23:58:04

(27) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : cert.vde.com

Vulnérabilité ID : CVE-2023-3570

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.

CVE ID : CVE-2023-3570
Source : info@cert.vde.com
Score CVSS : 9.9

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3571

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.

CVE ID : CVE-2023-3571
Source : info@cert.vde.com
Score CVSS : 9.9

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3572

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

CVE ID : CVE-2023-3572
Source : info@cert.vde.com
Score CVSS : 9.9

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3573

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.

CVE ID : CVE-2023-3573
Source : info@cert.vde.com
Score CVSS : 9.9

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3526

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

CVE ID : CVE-2023-3526
Source : info@cert.vde.com
Score CVSS : 9.6

Références :
https://cert.vde.com/en/advisories/VDE-2023-017 | source : info@cert.vde.com

Vulnérabilité : CWE-79


Source : sap.com

Vulnérabilité ID : CVE-2023-37483

Première publication le : 08-08-2023 01:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.

CVE ID : CVE-2023-37483
Source : cna@sap.com
Score CVSS : 9.8

Références :
https://me.sap.com/notes/3341460 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-284


Source : usom.gov.tr

Vulnérabilité ID : CVE-2023-3898

Première publication le : 08-08-2023 09:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.

CVE ID : CVE-2023-3898
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0440 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3717

Première publication le : 08-08-2023 11:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.

CVE ID : CVE-2023-3717
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0441 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3716

Première publication le : 08-08-2023 12:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.

CVE ID : CVE-2023-3716
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0442 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3651

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.

CVE ID : CVE-2023-3651
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://https://www.usom.gov.tr/bildirim/tr-23-0443 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3386

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

CVE ID : CVE-2023-3386
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0444 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3522

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.

CVE ID : CVE-2023-3522
Source : cve@usom.gov.tr
Score CVSS : 9.8

Références :
https://www.usom.gov.tr/bildirim/tr-23-0445 | source : cve@usom.gov.tr

Vulnérabilité : CWE-89


Source : qualcomm.com

Vulnérabilité ID : CVE-2022-40510

Première publication le : 08-08-2023 10:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE ID : CVE-2022-40510
Source : product-security@qualcomm.com
Score CVSS : 9.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28561

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption in QESL while processing payload from external ESL device to firmware.

CVE ID : CVE-2023-28561
Source : product-security@qualcomm.com
Score CVSS : 9.8

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21651

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVE ID : CVE-2023-21651
Source : product-security@qualcomm.com
Score CVSS : 9.3

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21643

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption due to untrusted pointer dereference in automotive during system call.

CVE ID : CVE-2023-21643
Source : product-security@qualcomm.com
Score CVSS : 9.1

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Source : siemens.com

Vulnérabilité ID : CVE-2023-37372

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.

CVE ID : CVE-2023-37372
Source : productcert@siemens.com
Score CVSS : 9.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-24845

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

CVE ID : CVE-2023-24845
Source : productcert@siemens.com
Score CVSS : 9.1

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-908185.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-684


Source : github.com

Vulnérabilité ID : CVE-2023-39532

Première publication le : 08-08-2023 17:15:09
Dernière modification le : 08-08-2023 18:33:14

Description :
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`. On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin. Within an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker. Within Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution. Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.

CVE ID : CVE-2023-39532
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/endojs/endo/commit/fc90c6429604dc79ce8e3355e236ccce2bada041 | source : security-advisories@github.com
https://github.com/endojs/endo/security/advisories/GHSA-9c4h-3f7h-322r | source : security-advisories@github.com

Vulnérabilité : CWE-20


Source : microsoft.com

Vulnérabilité ID : CVE-2023-21709

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE ID : CVE-2023-21709
Source : secure@microsoft.com
Score CVSS : 9.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35385

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Message Queuing Remote Code Execution Vulnerability

CVE ID : CVE-2023-35385
Source : secure@microsoft.com
Score CVSS : 9.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35385 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36910

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Message Queuing Remote Code Execution Vulnerability

CVE ID : CVE-2023-36910
Source : secure@microsoft.com
Score CVSS : 9.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36910 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36911

Première publication le : 08-08-2023 18:15:17
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Message Queuing Remote Code Execution Vulnerability

CVE ID : CVE-2023-36911
Source : secure@microsoft.com
Score CVSS : 9.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36911 | source : secure@microsoft.com


Source : zoom.us

Vulnérabilité ID : CVE-2023-39216

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CVE ID : CVE-2023-39216
Source : security@zoom.us
Score CVSS : 9.6

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-36534

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CVE ID : CVE-2023-36534
Source : security@zoom.us
Score CVSS : 9.3

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-22


Source : cyberdanube.com

Vulnérabilité ID : CVE-2023-4202

Première publication le : 08-08-2023 11:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.

CVE ID : CVE-2023-4202
Source : office@cyberdanube.com
Score CVSS : 9.0

Références :
https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ | source : office@cyberdanube.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4203

Première publication le : 08-08-2023 11:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

CVE ID : CVE-2023-4203
Source : office@cyberdanube.com
Score CVSS : 9.0

Références :
https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/ | source : office@cyberdanube.com

Vulnérabilité : CWE-79


(106) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : sap.com

Vulnérabilité ID : CVE-2023-39439

Première publication le : 08-08-2023 01:15:19
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

CVE ID : CVE-2023-39439
Source : cna@sap.com
Score CVSS : 8.8

Références :
https://me.sap.com/notes/3346500 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-1390


Vulnérabilité ID : CVE-2023-36923

Première publication le : 08-08-2023 01:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.

CVE ID : CVE-2023-36923
Source : cna@sap.com
Score CVSS : 7.8

Références :
https://me.sap.com/notes/3341599 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-37490

Première publication le : 08-08-2023 01:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system

CVE ID : CVE-2023-37490
Source : cna@sap.com
Score CVSS : 7.6

Références :
https://me.sap.com/notes/3317710 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-427


Vulnérabilité ID : CVE-2023-39437

Première publication le : 08-08-2023 01:15:19
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.

CVE ID : CVE-2023-39437
Source : cna@sap.com
Score CVSS : 7.6

Références :
https://me.sap.com/notes/3358300 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-37491

Première publication le : 08-08-2023 01:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.

CVE ID : CVE-2023-37491
Source : cna@sap.com
Score CVSS : 7.5

Références :
https://me.sap.com/notes/3344295 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-285


Vulnérabilité ID : CVE-2023-33993

Première publication le : 08-08-2023 01:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.

CVE ID : CVE-2023-33993
Source : cna@sap.com
Score CVSS : 7.1

Références :
https://me.sap.com/notes/3337797 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-89


Source : cert-in.org.in

Vulnérabilité ID : CVE-2023-37569

Première publication le : 08-08-2023 09:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

CVE ID : CVE-2023-37569
Source : vdisclose@cert-in.org.in
Score CVSS : 8.8

Références :
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226 | source : vdisclose@cert-in.org.in

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-37570

Première publication le : 08-08-2023 09:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.

CVE ID : CVE-2023-37570
Source : vdisclose@cert-in.org.in
Score CVSS : 7.2

Références :
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226 | source : vdisclose@cert-in.org.in

Vulnérabilité : CWE-613


Source : siemens.com

Vulnérabilité ID : CVE-2023-27411

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.

CVE ID : CVE-2023-27411
Source : productcert@siemens.com
Score CVSS : 8.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2021-41544

Première publication le : 08-08-2023 10:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.

CVE ID : CVE-2021-41544
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-188491.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-427


Vulnérabilité ID : CVE-2022-39062

Première publication le : 08-08-2023 10:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation.

CVE ID : CVE-2022-39062
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-975961.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-732


Vulnérabilité ID : CVE-2023-28830

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVE ID : CVE-2023-28830
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-30795

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-30795
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-30796

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-30796
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38525

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38525
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38526

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38526
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38527

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38527
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38528

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38528
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-38529

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38529
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38530

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38530
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38531

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38531
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38641

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.

CVE ID : CVE-2023-38641
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-975961.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-250


Vulnérabilité ID : CVE-2023-38679

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)

CVE ID : CVE-2023-38679
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-38680

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)

CVE ID : CVE-2023-38680
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-38681

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)

CVE ID : CVE-2023-38681
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-38682

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38682
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38683

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38683
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-39181

Première publication le : 08-08-2023 10:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39181
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-39182

Première publication le : 08-08-2023 10:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39182
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39183

Première publication le : 08-08-2023 10:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39183
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39184

Première publication le : 08-08-2023 10:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39184
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39185

Première publication le : 08-08-2023 10:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39185
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39186

Première publication le : 08-08-2023 10:15:19
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39186
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39187

Première publication le : 08-08-2023 10:15:19
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39187
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39188

Première publication le : 08-08-2023 10:15:20
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39188
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-39419

Première publication le : 08-08-2023 10:15:22
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-39419
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-39549

Première publication le : 08-08-2023 10:15:22
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)

CVE ID : CVE-2023-39549
Source : productcert@siemens.com
Score CVSS : 7.8

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-932528.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-39269

Première publication le : 08-08-2023 10:15:21
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

CVE ID : CVE-2023-39269
Source : productcert@siemens.com
Score CVSS : 7.5

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-770902.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-770


Source : microsoft.com

Vulnérabilité ID : CVE-2023-29328

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Teams Remote Code Execution Vulnerability

CVE ID : CVE-2023-29328
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-29330

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Teams Remote Code Execution Vulnerability

CVE ID : CVE-2023-29330
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35368

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Exchange Remote Code Execution Vulnerability

CVE ID : CVE-2023-35368
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35381

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Fax Service Remote Code Execution Vulnerability

CVE ID : CVE-2023-35381
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35381 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35387

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35387
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35387 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36882

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE ID : CVE-2023-36882
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36882 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38169

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft OLE DB Remote Code Execution Vulnerability

CVE ID : CVE-2023-38169
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38181

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Exchange Server Spoofing Vulnerability

CVE ID : CVE-2023-38181
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38185

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Exchange Server Remote Code Execution Vulnerability

CVE ID : CVE-2023-38185
Source : secure@microsoft.com
Score CVSS : 8.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36897

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Visual Studio Tools for Office Runtime Spoofing Vulnerability

CVE ID : CVE-2023-36897
Source : secure@microsoft.com
Score CVSS : 8.1

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35388

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Exchange Server Remote Code Execution Vulnerability

CVE ID : CVE-2023-35388
Source : secure@microsoft.com
Score CVSS : 8.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36891

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft SharePoint Server Spoofing Vulnerability

CVE ID : CVE-2023-36891
Source : secure@microsoft.com
Score CVSS : 8.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36892

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft SharePoint Server Spoofing Vulnerability

CVE ID : CVE-2023-36892
Source : secure@microsoft.com
Score CVSS : 8.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38182

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Exchange Server Remote Code Execution Vulnerability

CVE ID : CVE-2023-38182
Source : secure@microsoft.com
Score CVSS : 8.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35359

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35359
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35359 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35371

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Office Remote Code Execution Vulnerability

CVE ID : CVE-2023-35371
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35372

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Office Visio Remote Code Execution Vulnerability

CVE ID : CVE-2023-35372
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35379

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35379
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35379 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35380

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35380
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35380 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35382

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35382
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35382 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35386

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35386
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35386 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35390

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:04

Description :
.NET and Visual Studio Remote Code Execution Vulnerability

CVE ID : CVE-2023-35390
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36865

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft Office Visio Remote Code Execution Vulnerability

CVE ID : CVE-2023-36865
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36866

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft Office Visio Remote Code Execution Vulnerability

CVE ID : CVE-2023-36866
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36895

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Outlook Remote Code Execution Vulnerability

CVE ID : CVE-2023-36895
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36896

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Excel Remote Code Execution Vulnerability

CVE ID : CVE-2023-36896
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36896 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36898

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

CVE ID : CVE-2023-36898
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36900

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36900
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36900 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36903

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows System Assessment Tool Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36903
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36904

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36904
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36904 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38154

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-38154
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38154 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38170

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
HEVC Video Extensions Remote Code Execution Vulnerability

CVE ID : CVE-2023-38170
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38170 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38175

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Windows Defender Elevation of Privilege Vulnerability

CVE ID : CVE-2023-38175
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38186

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Windows Mobile Device Management Elevation of Privilege Vulnerability

CVE ID : CVE-2023-38186
Source : secure@microsoft.com
Score CVSS : 7.8

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38186 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35383

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Message Queuing Information Disclosure Vulnerability

CVE ID : CVE-2023-35383
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35383 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36912

Première publication le : 08-08-2023 18:15:19
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-36912
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36912 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38172

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-38172
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38172 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38178

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
.NET Core and Visual Studio Denial of Service Vulnerability

CVE ID : CVE-2023-38178
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38184

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE ID : CVE-2023-38184
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38184 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36899

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
ASP.NET Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36899
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38180

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
.NET and Visual Studio Denial of Service Vulnerability

CVE ID : CVE-2023-38180
Source : secure@microsoft.com
Score CVSS : 7.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36873

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
.NET Framework Spoofing Vulnerability

CVE ID : CVE-2023-36873
Source : secure@microsoft.com
Score CVSS : 7.4

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38167

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

CVE ID : CVE-2023-38167
Source : secure@microsoft.com
Score CVSS : 7.2

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36876

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36876
Source : secure@microsoft.com
Score CVSS : 7.1

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35391

Première publication le : 08-08-2023 19:15:09
Dernière modification le : 08-08-2023 20:39:01

Description :
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

CVE ID : CVE-2023-35391
Source : secure@microsoft.com
Score CVSS : 7.1

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35378

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows Projected File System Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35378
Source : secure@microsoft.com
Score CVSS : 7.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35378 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38176

Première publication le : 08-08-2023 18:15:22
Dernière modification le : 08-08-2023 18:32:54

Description :
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

CVE ID : CVE-2023-38176
Source : secure@microsoft.com
Score CVSS : 7.0

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176 | source : secure@microsoft.com


Source : rockwellautomation.com

Vulnérabilité ID : CVE-2023-2423

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.

CVE ID : CVE-2023-2423
Source : PSIRT@rockwellautomation.com
Score CVSS : 8.6

Références :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371 | source : PSIRT@rockwellautomation.com

Vulnérabilité : CWE-682


Source : qualcomm.com

Vulnérabilité ID : CVE-2023-22666

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE ID : CVE-2023-22666
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28537

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE ID : CVE-2023-28537
Source : product-security@qualcomm.com
Score CVSS : 8.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21625

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

CVE ID : CVE-2023-21625
Source : product-security@qualcomm.com
Score CVSS : 8.2

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21652

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

CVE ID : CVE-2023-21652
Source : product-security@qualcomm.com
Score CVSS : 7.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28555

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
Transient DOS in Audio while remapping channel buffer in media codec decoding.

CVE ID : CVE-2023-28555
Source : product-security@qualcomm.com
Score CVSS : 7.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21626

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE ID : CVE-2023-21626
Source : product-security@qualcomm.com
Score CVSS : 7.1

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Source : zoom.us

Vulnérabilité ID : CVE-2023-36541

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.

CVE ID : CVE-2023-36541
Source : security@zoom.us
Score CVSS : 8.0

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-345


Vulnérabilité ID : CVE-2023-36540

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

CVE ID : CVE-2023-36540
Source : security@zoom.us
Score CVSS : 7.3

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-426


Vulnérabilité ID : CVE-2023-36533

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.

CVE ID : CVE-2023-36533
Source : security@zoom.us
Score CVSS : 7.1

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-36535

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

CVE ID : CVE-2023-36535
Source : security@zoom.us
Score CVSS : 7.1

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-602


Source : github.com

Vulnérabilité ID : CVE-2023-39533

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.

CVE ID : CVE-2023-39533
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017 | source : security-advisories@github.com
https://github.com/golang/go/issues/61460 | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/commit/0cce607219f3710addc7e18672cffd1f1d912fbb | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/commit/445be526aea4ee0b1fa5388aa65d32b2816d3a00 | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/commit/e30fcf7dfd4715ed89a5e68d7a4f774d3b9aa92d | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/pull/2454 | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/security/advisories/GHSA-876p-8259-xjgg | source : security-advisories@github.com
https://github.com/quic-go/quic-go/pull/4012 | source : security-advisories@github.com

Vulnérabilité : CWE-770


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4219

Première publication le : 08-08-2023 13:15:12
Dernière modification le : 08-08-2023 13:57:34

Description :
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.

CVE ID : CVE-2023-4219
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://github.com/Yesec/-Doctor-s-Appointment-System/blob/main/SQL%20Injection%20in%20login.php/vuln.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.236365 | source : cna@vuldb.com
https://vuldb.com/?id.236365 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Source : mongodb.com

Vulnérabilité ID : CVE-2023-4009

Première publication le : 08-08-2023 09:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

CVE ID : CVE-2023-4009
Source : cna@mongodb.com
Score CVSS : 7.2

Références :
https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0 | source : cna@mongodb.com
https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22 | source : cna@mongodb.com

Vulnérabilité : CWE-648


Source : patchstack.com

Vulnérabilité ID : CVE-2023-27412

Première publication le : 08-08-2023 11:15:09
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.

CVE ID : CVE-2023-27412
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/mocho-blog/wordpress-mocho-blog-theme-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-27421

Première publication le : 08-08-2023 11:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions.

CVE ID : CVE-2023-27421
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/everest-news/wordpress-everest-news-theme-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32503

Première publication le : 08-08-2023 11:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions.

CVE ID : CVE-2023-32503
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-24409

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.

CVE ID : CVE-2023-24409
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/responsive-horizontal-vertical-and-accordion-tabs/wordpress-wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-plugin-1-1-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-24413

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.

CVE ID : CVE-2023-24413
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wp-vertical-image-slider/wordpress-wordpress-vertical-image-slider-plugin-plugin-1-2-16-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-27627

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions.

CVE ID : CVE-2023-27627
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wooemailreport/wordpress-woocommerce-email-report-plugin-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-38384

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.

CVE ID : CVE-2023-38384
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/easync-booking/wordpress-easync-plugin-1-3-6-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


(65) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : qualcomm.com

Vulnérabilité ID : CVE-2023-21627

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption in Trusted Execution Environment while calling service API with invalid address.

CVE ID : CVE-2023-21627
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21648

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption in RIL while trying to send apdu packet.

CVE ID : CVE-2023-21648
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21649

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory corruption in WLAN while running doDriverCmd for an unspecific command.

CVE ID : CVE-2023-21649
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21650

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.

CVE ID : CVE-2023-21650
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28575

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE ID : CVE-2023-28575
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28577

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

CVE ID : CVE-2023-28577
Source : product-security@qualcomm.com
Score CVSS : 6.7

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-21647

Première publication le : 08-08-2023 10:15:13
Dernière modification le : 08-08-2023 12:51:11

Description :
Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.

CVE ID : CVE-2023-21647
Source : product-security@qualcomm.com
Score CVSS : 6.5

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Vulnérabilité ID : CVE-2023-28576

Première publication le : 08-08-2023 10:15:14
Dernière modification le : 08-08-2023 12:51:11

Description :
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

CVE ID : CVE-2023-28576
Source : product-security@qualcomm.com
Score CVSS : 6.4

Références :
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | source : product-security@qualcomm.com


Source : siemens.com

Vulnérabilité ID : CVE-2023-38532

Première publication le : 08-08-2023 10:15:16
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

CVE ID : CVE-2023-38532
Source : productcert@siemens.com
Score CVSS : 6.6

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-37373

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.

CVE ID : CVE-2023-37373
Source : productcert@siemens.com
Score CVSS : 5.3

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-306


Source : patchstack.com

Vulnérabilité ID : CVE-2023-29099

Première publication le : 08-08-2023 11:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.

CVE ID : CVE-2023-29099
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/divi/wordpress-divi-theme-4-20-2-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2022-45821

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.

CVE ID : CVE-2022-45821
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/noo-timetable/wordpress-noo-timetable-responsive-calendar-auto-sync-wordpress-plugin-plugin-2-1-3-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-23829

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions.

CVE ID : CVE-2023-23829
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/owl-carousel/wordpress-owl-carousel-plugin-0-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-23877

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.

CVE ID : CVE-2023-23877
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/pinterest-rss-widget/wordpress-pinterest-rss-widget-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-23880

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.

CVE ID : CVE-2023-23880
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/google-analytics-dashboard-for-wp/wordpress-exactmetrics-plugin-7-14-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-28773

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.

CVE ID : CVE-2023-28773
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/secondary-title/wordpress-secondary-title-plugin-2-0-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-30482

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.

CVE ID : CVE-2023-30482
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/wpbulky-wp-bulk-edit-post-types/wordpress-wpbulky-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-27416

Première publication le : 08-08-2023 11:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.

CVE ID : CVE-2023-27416
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/decon-wp-sms/wordpress-decon-wp-sms-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-27422

Première publication le : 08-08-2023 11:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.

CVE ID : CVE-2023-27422
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/ns-coupon-to-become-customer/wordpress-ns-coupon-to-become-customer-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36692

Première publication le : 08-08-2023 11:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions.

CVE ID : CVE-2023-36692
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/wp-cirrus/wordpress-wp-cirrus-plugin-0-6-11-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25063

Première publication le : 08-08-2023 12:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.

CVE ID : CVE-2023-25063
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/quick-pagepost-redirect-plugin/wordpress-quick-page-post-redirect-plugin-plugin-5-2-3-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25459

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.

CVE ID : CVE-2023-25459
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/post-snippets/wordpress-post-snippets-custom-wordpress-code-snippets-customizer-plugin-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-27415

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.

CVE ID : CVE-2023-27415
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/letterpress/wordpress-letterpress-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25984

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.

CVE ID : CVE-2023-25984
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/dovetail/wordpress-dovetail-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-28931

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.

CVE ID : CVE-2023-28931
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/post-connector/wordpress-post-connector-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-28934

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.

CVE ID : CVE-2023-28934
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-31221

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.

CVE ID : CVE-2023-31221
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/pdq-csv/wordpress-pdq-csv-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32292

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.

CVE ID : CVE-2023-32292
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/whatshelp-chat-button/wordpress-chat-button-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Source : microsoft.com

Vulnérabilité ID : CVE-2023-35376

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-35376
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35376 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35377

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:33:10

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-35377
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35377 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35389

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

CVE ID : CVE-2023-35389
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35389 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36890

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:04

Description :
Microsoft SharePoint Server Information Disclosure Vulnerability

CVE ID : CVE-2023-36890
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36893

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Outlook Spoofing Vulnerability

CVE ID : CVE-2023-36893
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36894

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft SharePoint Server Information Disclosure Vulnerability

CVE ID : CVE-2023-36894
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36909

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-36909
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36913

Première publication le : 08-08-2023 18:15:20
Dernière modification le : 08-08-2023 18:33:00

Description :
Microsoft Message Queuing Information Disclosure Vulnerability

CVE ID : CVE-2023-36913
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36913 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38254

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Microsoft Message Queuing Denial of Service Vulnerability

CVE ID : CVE-2023-38254
Source : secure@microsoft.com
Score CVSS : 6.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38254 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36869

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Azure DevOps Server Spoofing Vulnerability

CVE ID : CVE-2023-36869
Source : secure@microsoft.com
Score CVSS : 6.3

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36908

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Hyper-V Information Disclosure Vulnerability

CVE ID : CVE-2023-36908
Source : secure@microsoft.com
Score CVSS : 5.7

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36908 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36889

Première publication le : 08-08-2023 18:15:15
Dernière modification le : 08-08-2023 18:33:04

Description :
Windows Group Policy Security Feature Bypass Vulnerability

CVE ID : CVE-2023-36889
Source : secure@microsoft.com
Score CVSS : 5.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36889 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36905

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE ID : CVE-2023-36905
Source : secure@microsoft.com
Score CVSS : 5.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36905 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36906

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Cryptographic Services Information Disclosure Vulnerability

CVE ID : CVE-2023-36906
Source : secure@microsoft.com
Score CVSS : 5.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36906 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36907

Première publication le : 08-08-2023 18:15:16
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Cryptographic Services Information Disclosure Vulnerability

CVE ID : CVE-2023-36907
Source : secure@microsoft.com
Score CVSS : 5.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36907 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36914

Première publication le : 08-08-2023 18:15:21
Dernière modification le : 08-08-2023 18:33:00

Description :
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

CVE ID : CVE-2023-36914
Source : secure@microsoft.com
Score CVSS : 5.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36914 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35384

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:10

Description :
Windows HTML Platforms Security Feature Bypass Vulnerability

CVE ID : CVE-2023-35384
Source : secure@microsoft.com
Score CVSS : 5.4

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35384 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35394

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:04

Description :
Azure HDInsight Jupyter Notebook Spoofing Vulnerability

CVE ID : CVE-2023-35394
Source : secure@microsoft.com
Score CVSS : 4.6

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35394 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-35393

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:04

Description :
Azure Apache Hive Spoofing Vulnerability

CVE ID : CVE-2023-35393
Source : secure@microsoft.com
Score CVSS : 4.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36877

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Azure Apache Oozie Spoofing Vulnerability

CVE ID : CVE-2023-36877
Source : secure@microsoft.com
Score CVSS : 4.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36881

Première publication le : 08-08-2023 18:15:14
Dernière modification le : 08-08-2023 18:33:04

Description :
Azure Apache Ambari Spoofing Vulnerability

CVE ID : CVE-2023-36881
Source : secure@microsoft.com
Score CVSS : 4.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-38188

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Azure Apache Hadoop Spoofing Vulnerability

CVE ID : CVE-2023-38188
Source : secure@microsoft.com
Score CVSS : 4.5

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38188 | source : secure@microsoft.com


Source : sap.com

Vulnérabilité ID : CVE-2023-37488

Première publication le : 08-08-2023 01:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.

CVE ID : CVE-2023-37488
Source : cna@sap.com
Score CVSS : 6.1

Références :
https://me.sap.com/notes/3350494 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-37486

Première publication le : 08-08-2023 01:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.

CVE ID : CVE-2023-37486
Source : cna@sap.com
Score CVSS : 5.9

Références :
https://me.sap.com/notes/3341934 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-39436

Première publication le : 08-08-2023 01:15:19
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

CVE ID : CVE-2023-39436
Source : cna@sap.com
Score CVSS : 5.8

Références :
https://me.sap.com/notes/2067220 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-37484

Première publication le : 08-08-2023 01:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

CVE ID : CVE-2023-37484
Source : cna@sap.com
Score CVSS : 5.3

Références :
https://me.sap.com/notes/3341460 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-37487

Première publication le : 08-08-2023 01:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

CVE ID : CVE-2023-37487
Source : cna@sap.com
Score CVSS : 5.3

Références :
https://me.sap.com/notes/3333616 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-37492

Première publication le : 08-08-2023 01:15:18
Dernière modification le : 08-08-2023 12:51:11

Description :
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.

CVE ID : CVE-2023-37492
Source : cna@sap.com
Score CVSS : 4.9

Références :
https://me.sap.com/notes/3348000 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-39440

Première publication le : 08-08-2023 01:15:20
Dernière modification le : 08-08-2023 12:51:11

Description :
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.

CVE ID : CVE-2023-39440
Source : cna@sap.com
Score CVSS : 4.4

Références :
https://me.sap.com/notes/3312586 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200


Source : usom.gov.tr

Vulnérabilité ID : CVE-2023-3652

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.

CVE ID : CVE-2023-3652
Source : cve@usom.gov.tr
Score CVSS : 6.1

Références :
https://https://www.usom.gov.tr/bildirim/tr-23-0443 | source : cve@usom.gov.tr

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3653

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.

CVE ID : CVE-2023-3653
Source : cve@usom.gov.tr
Score CVSS : 6.1

Références :
https://https://www.usom.gov.tr/bildirim/tr-23-0443 | source : cve@usom.gov.tr

Vulnérabilité : CWE-79


Source : zoom.us

Vulnérabilité ID : CVE-2023-39218

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

CVE ID : CVE-2023-39218
Source : security@zoom.us
Score CVSS : 6.1

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-602


Vulnérabilité ID : CVE-2023-36532

Première publication le : 08-08-2023 18:15:13
Dernière modification le : 08-08-2023 18:33:04

Description :
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

CVE ID : CVE-2023-36532
Source : security@zoom.us
Score CVSS : 5.9

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2023-39217

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:32:54

Description :
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

CVE ID : CVE-2023-39217
Source : security@zoom.us
Score CVSS : 5.3

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnérabilité : CWE-20


Source : google.com

Vulnérabilité ID : CVE-2023-3894

Première publication le : 08-08-2023 18:15:24
Dernière modification le : 08-08-2023 18:32:54

Description :
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

CVE ID : CVE-2023-3894
Source : cve-coordination@google.com
Score CVSS : 5.8

Références :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083 | source : cve-coordination@google.com
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x | source : cve-coordination@google.com
https://github.com/FasterXML/jackson-dataformats-text/pull/398 | source : cve-coordination@google.com

Vulnérabilité : CWE-20


Source : github.com

Vulnérabilité ID : CVE-2023-39518

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.

CVE ID : CVE-2023-39518
Source : security-advisories@github.com
Score CVSS : 5.4

Références :
https://github.com/fobybus/social-media-skeleton/commit/6765d1109016e1f1d707ef47917927c7704e6428 | source : security-advisories@github.com
https://github.com/fobybus/social-media-skeleton/pull/4 | source : security-advisories@github.com
https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-2jxx-r967-f76p | source : security-advisories@github.com

Vulnérabilité : CWE-79


Source : cert.vde.com

Vulnérabilité ID : CVE-2023-3569

Première publication le : 08-08-2023 07:15:10
Dernière modification le : 08-08-2023 12:51:11

Description :
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

CVE ID : CVE-2023-3569
Source : info@cert.vde.com
Score CVSS : 4.9

Références :
https://cert.vde.com/en/advisories/VDE-2023-017 | source : info@cert.vde.com

Vulnérabilité : CWE-776


(3) Vulnérabilité(s) LOW [0.1, 3.9]

Source : sap.com

Vulnérabilité ID : CVE-2023-36926

Première publication le : 08-08-2023 01:15:17
Dernière modification le : 08-08-2023 12:51:11

Description :
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.

CVE ID : CVE-2023-36926
Source : cna@sap.com
Score CVSS : 3.7

Références :
https://me.sap.com/notes/3358328 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnérabilité : CWE-200
Vulnérabilité : CWE-287


Source : github.com

Vulnérabilité ID : CVE-2023-39342

Première publication le : 08-08-2023 18:15:24
Dernière modification le : 08-08-2023 18:32:54

Description :
Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user's terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2.

CVE ID : CVE-2023-39342
Source : security-advisories@github.com
Score CVSS : 3.6

Références :
https://github.com/freedomofpress/dangerzone/pull/491 | source : security-advisories@github.com
https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2 | source : security-advisories@github.com
https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632 | source : security-advisories@github.com

Vulnérabilité : CWE-150


Source : siemens.com

Vulnérabilité ID : CVE-2023-38524

Première publication le : 08-08-2023 10:15:15
Dernière modification le : 08-08-2023 12:51:11

Description :
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVE ID : CVE-2023-38524
Source : productcert@siemens.com
Score CVSS : 3.3

Références :
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | source : productcert@siemens.com

Vulnérabilité : CWE-476


(50) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-39976

Première publication le : 08-08-2023 06:15:46
Dernière modification le : 08-08-2023 12:51:11

Description :
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.

CVE ID : CVE-2023-39976
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 | source : cve@mitre.org
https://github.com/ClusterLabs/libqb/compare/v2.0.7...v2.0.8 | source : cve@mitre.org
https://github.com/ClusterLabs/libqb/pull/490 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39977

Première publication le : 08-08-2023 06:15:47
Dernière modification le : 08-08-2023 13:15:12

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3268. Reason: This candidate is a reservation duplicate of CVE-2023-3268. Notes: All CVE users should reference CVE-2023-3268 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-39977
Source : cve@mitre.org
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-39978

Première publication le : 08-08-2023 06:15:47
Dernière modification le : 08-08-2023 12:51:11

Description :
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

CVE ID : CVE-2023-39978
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 | source : cve@mitre.org
https://github.com/ImageMagick/ImageMagick6/compare/6.9.12-90...6.9.12-91 | source : cve@mitre.org
https://github.com/rmagick/rmagick/pull/1406/files | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37682

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

CVE ID : CVE-2023-37682
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/rt122001/CVES/blob/main/CVE-2023-37682.txt | source : cve@mitre.org
https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37683

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.

CVE ID : CVE-2023-37683
Source : cve@mitre.org
Score CVSS : /

Références :
http://online.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37683.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37684

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.

CVE ID : CVE-2023-37684
Source : cve@mitre.org
Score CVSS : /

Références :
http://online.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37684.txt | source : cve@mitre.org
https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37685

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.

CVE ID : CVE-2023-37685
Source : cve@mitre.org
Score CVSS : /

Références :
http://online.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37685.txt | source : cve@mitre.org
https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37686

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

CVE ID : CVE-2023-37686
Source : cve@mitre.org
Score CVSS : /

Références :
http://online.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37686.txt | source : cve@mitre.org
https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37687

Première publication le : 08-08-2023 12:15:11
Dernière modification le : 08-08-2023 12:51:11

Description :
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.

CVE ID : CVE-2023-37687
Source : cve@mitre.org
Score CVSS : /

Références :
http://online.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37687.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37688

Première publication le : 08-08-2023 12:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.

CVE ID : CVE-2023-37688
Source : cve@mitre.org
Score CVSS : /

Références :
http://maid.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37688.txt | source : cve@mitre.org
https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37689

Première publication le : 08-08-2023 12:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

CVE ID : CVE-2023-37689
Source : cve@mitre.org
Score CVSS : /

Références :
http://maid.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37689.txt | source : cve@mitre.org
https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37690

Première publication le : 08-08-2023 12:15:12
Dernière modification le : 08-08-2023 12:51:11

Description :
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

CVE ID : CVE-2023-37690
Source : cve@mitre.org
Score CVSS : /

Références :
http://maid.com | source : cve@mitre.org
http://phpgurukul.com | source : cve@mitre.org
https://github.com/rt122001/CVES/blob/main/CVE-2023-37690.txt | source : cve@mitre.org
https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36546

Première publication le : 08-08-2023 13:15:10
Dernière modification le : 08-08-2023 13:57:34

Description :
An issue in PEStudio v.9.52 allows a remote attacker to execute arbitrary code via a crafted DLL file to the PESstudio exeutable.

CVE ID : CVE-2023-36546
Source : cve@mitre.org
Score CVSS : /

Références :
https://securitycafe.ro/2023/06/19/dll-hijacking-finding-vulnerabilities-in-pestudio-9-52/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-24698

Première publication le : 08-08-2023 15:15:09
Dernière modification le : 08-08-2023 15:24:41

Description :
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.

CVE ID : CVE-2023-24698
Source : cve@mitre.org
Score CVSS : /

Références :
https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33756

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.

CVE ID : CVE-2023-33756
Source : cve@mitre.org
Score CVSS : /

Références :
https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36136

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

CVE ID : CVE-2023-36136
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36306

Première publication le : 08-08-2023 15:15:10
Dernière modification le : 08-08-2023 15:24:41

Description :
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.

CVE ID : CVE-2023-36306
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.exploit-db.com/exploits/51643 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38758

Première publication le : 08-08-2023 16:15:11
Dernière modification le : 08-08-2023 17:07:18

Description :
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.

CVE ID : CVE-2023-38758
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://wger.de | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38759

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

CVE ID : CVE-2023-38759
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://wger.de | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38760

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.

CVE ID : CVE-2023-38760
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38761

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.

CVE ID : CVE-2023-38761
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38762

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.

CVE ID : CVE-2023-38762
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38763

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.

CVE ID : CVE-2023-38763
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38764

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.

CVE ID : CVE-2023-38764
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38765

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.

CVE ID : CVE-2023-38765
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38766

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.

CVE ID : CVE-2023-38766
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38767

Première publication le : 08-08-2023 16:15:12
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.

CVE ID : CVE-2023-38767
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38768

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.

CVE ID : CVE-2023-38768
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38769

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.

CVE ID : CVE-2023-38769
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38770

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.

CVE ID : CVE-2023-38770
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38771

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.

CVE ID : CVE-2023-38771
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38773

Première publication le : 08-08-2023 16:15:13
Dernière modification le : 08-08-2023 17:07:18

Description :
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.

CVE ID : CVE-2023-38773
Source : cve@mitre.org
Score CVSS : /

Références :
https://churchcrm.io/ | source : cve@mitre.org
https://demo.churchcrm.io/master | source : cve@mitre.org
https://github.com/0x72303074/CVE-Disclosures | source : cve@mitre.org
https://github.com/ChurchCRM/CRM/wiki | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37646

Première publication le : 08-08-2023 17:15:09
Dernière modification le : 08-08-2023 18:33:14

Description :
An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.

CVE ID : CVE-2023-37646
Source : cve@mitre.org
Score CVSS : /

Références :
http://bitberry.com | source : cve@mitre.org
https://gist.github.com/Decamark/868e88aa6aae6b8f4a1dc1991efb83ca | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38814

Première publication le : 08-08-2023 18:15:23
Dernière modification le : 08-08-2023 18:15:23

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments. Notes: none.

CVE ID : CVE-2023-38814
Source : cve@mitre.org
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-38815

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 19:15:10

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-40042. Reason: This candidate is a reservation duplicate of CVE-2023-40042. Notes: All CVE users should reference CVE-2023-40042 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-38815
Source : cve@mitre.org
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-40041

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.

CVE ID : CVE-2023-40041
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/lib-cste_modules-wps.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40042

Première publication le : 08-08-2023 19:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

CVE ID : CVE-2023-40042
Source : cve@mitre.org
Score CVSS : /

Références :
http://www.totolink.cn | source : cve@mitre.org
https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md | source : cve@mitre.org
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-26961

Première publication le : 08-08-2023 20:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file.

CVE ID : CVE-2023-26961
Source : cve@mitre.org
Score CVSS : /

Références :
http://alteryx.com | source : cve@mitre.org
https://gist.github.com/DylanGrl/4269ae834c5d0ec77c9b928ad35d3be3 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36344

Première publication le : 08-08-2023 20:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.

CVE ID : CVE-2023-36344
Source : cve@mitre.org
Score CVSS : /

Références :
https://packetstormsecurity.com/files/173990/Diebold-Nixdorf-Vynamic-View-Console-5.3.1-DLL-Hijacking.html | source : cve@mitre.org
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/view/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36482

Première publication le : 08-08-2023 20:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.

CVE ID : CVE-2023-36482
Source : cve@mitre.org
Score CVSS : /

Références :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39086

Première publication le : 08-08-2023 20:15:10
Dernière modification le : 08-08-2023 20:39:01

Description :
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.

CVE ID : CVE-2023-39086
Source : cve@mitre.org
Score CVSS : /

Références :
http://121.41.98.87/2023/08/04/info/ | source : cve@mitre.org
http://asus.com | source : cve@mitre.org
http://na.com | source : cve@mitre.org


Source : amd.com

Vulnérabilité ID : CVE-2023-20555

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

CVE ID : CVE-2023-20555
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20556

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

CVE ID : CVE-2023-20556
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20561

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

CVE ID : CVE-2023-20561
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20562

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

CVE ID : CVE-2023-20562
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20569

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 21:15:09

Description :
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.

CVE ID : CVE-2023-20569
Source : psirt@amd.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/08/08/4 | source : psirt@amd.com
http://xenbits.xen.org/xsa/advisory-434.html | source : psirt@amd.com
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20586

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations

CVE ID : CVE-2023-20586
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20588

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CVE ID : CVE-2023-20588
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007 | source : psirt@amd.com


Vulnérabilité ID : CVE-2023-20589

Première publication le : 08-08-2023 18:15:11
Dernière modification le : 08-08-2023 18:33:14

Description :
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

CVE ID : CVE-2023-20589
Source : psirt@amd.com
Score CVSS : /

Références :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 | source : psirt@amd.com


Source : wordfence.com

Vulnérabilité ID : CVE-2023-2230

Première publication le : 08-08-2023 18:15:12
Dernière modification le : 08-08-2023 18:15:12

Description :
** REJECT ** Accidental Assignment

CVE ID : CVE-2023-2230
Source : security@wordfence.com
Score CVSS : /

Références :


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.