Dernières vulnérabilités du Mercredi 2 Août 2023

Dernières vulnérabilités du Mercredi 2 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 02/08/2023 à 23:58:03

(0) Vulnérabilité(s) CRITICAL [9.0, 10.0]

(11) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : us.ibm.com

Vulnérabilité ID : CVE-2022-40609

Première publication le : 02-08-2023 15:15:09
Dernière modification le : 02-08-2023 16:55:04

Description :
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.

CVE ID : CVE-2022-40609
Source : psirt@us.ibm.com
Score CVSS : 8.1

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7017032 | source : psirt@us.ibm.com

Vulnérabilité : CWE-502


Source : brocade.com

Vulnérabilité ID : CVE-2023-31432

Première publication le : 02-08-2023 00:15:17
Dernière modification le : 02-08-2023 13:30:34

Description :
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE ID : CVE-2023-31432
Source : sirt@brocade.com
Score CVSS : 7.8

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22385 | source : sirt@brocade.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-31926

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE ID : CVE-2023-31926
Source : sirt@brocade.com
Score CVSS : 7.1

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22388 | source : sirt@brocade.com

Vulnérabilité : CWE-281
Vulnérabilité : CWE-665


Source : f5.com

Vulnérabilité ID : CVE-2023-38418

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-38418
Source : f5sirt@f5.com
Score CVSS : 7.8

Références :
https://my.f5.com/manage/s/article/K000134746 | source : f5sirt@f5.com

Vulnérabilité : CWE-347


Vulnérabilité ID : CVE-2023-38138

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-38138
Source : f5sirt@f5.com
Score CVSS : 7.5

Références :
https://my.f5.com/manage/s/article/K000133474 | source : f5sirt@f5.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36858

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-36858
Source : f5sirt@f5.com
Score CVSS : 7.1

Références :
https://my.f5.com/manage/s/article/K000132563 | source : f5sirt@f5.com

Vulnérabilité : CWE-345


Source : open-xchange.com

Vulnérabilité ID : CVE-2023-26439

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

CVE ID : CVE-2023-26439
Source : security@open-xchange.com
Score CVSS : 7.6

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-26451

Première publication le : 02-08-2023 13:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.

CVE ID : CVE-2023-26451
Source : security@open-xchange.com
Score CVSS : 7.5

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-330


Vulnérabilité ID : CVE-2023-26440

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

CVE ID : CVE-2023-26440
Source : security@open-xchange.com
Score CVSS : 7.1

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-89


Source : gitlab.com

Vulnérabilité ID : CVE-2023-3364

Première publication le : 02-08-2023 00:15:18
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.

CVE ID : CVE-2023-3364
Source : cve@gitlab.com
Score CVSS : 7.5

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/415995 | source : cve@gitlab.com
https://hackerone.com/reports/1959727 | source : cve@gitlab.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-3994

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.

CVE ID : CVE-2023-3994
Source : cve@gitlab.com
Score CVSS : 7.5

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416225 | source : cve@gitlab.com
https://hackerone.com/reports/1963255 | source : cve@gitlab.com

Vulnérabilité : CWE-400


(31) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : gitlab.com

Vulnérabilité ID : CVE-2023-0632

Première publication le : 02-08-2023 00:15:16
Dernière modification le : 02-08-2023 13:30:39

Description :
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.

CVE ID : CVE-2023-0632
Source : cve@gitlab.com
Score CVSS : 6.5

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/390148 | source : cve@gitlab.com
https://hackerone.com/reports/1852677 | source : cve@gitlab.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-3385

Première publication le : 02-08-2023 00:15:18
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).

CVE ID : CVE-2023-3385
Source : cve@gitlab.com
Score CVSS : 6.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416161 | source : cve@gitlab.com
https://hackerone.com/reports/2032730 | source : cve@gitlab.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-2164

Première publication le : 02-08-2023 00:15:16
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.

CVE ID : CVE-2023-2164
Source : cve@gitlab.com
Score CVSS : 5.4

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/407783 | source : cve@gitlab.com
https://hackerone.com/reports/1940598 | source : cve@gitlab.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3993

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.

CVE ID : CVE-2023-3993
Source : cve@gitlab.com
Score CVSS : 4.9

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/409570 | source : cve@gitlab.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-3500

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.

CVE ID : CVE-2023-3500
Source : cve@gitlab.com
Score CVSS : 4.8

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416902 | source : cve@gitlab.com
https://hackerone.com/reports/2010926 | source : cve@gitlab.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3401

Première publication le : 02-08-2023 09:15:14
Dernière modification le : 02-08-2023 13:30:30

Description :
An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.

CVE ID : CVE-2023-3401
Source : cve@gitlab.com
Score CVSS : 4.8

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416252 | source : cve@gitlab.com
https://hackerone.com/reports/2031845 | source : cve@gitlab.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-3900

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

CVE ID : CVE-2023-3900
Source : cve@gitlab.com
Score CVSS : 4.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/418770 | source : cve@gitlab.com
https://hackerone.com/reports/2058514 | source : cve@gitlab.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-4011

Première publication le : 02-08-2023 06:15:11
Dernière modification le : 02-08-2023 13:30:30

Description :
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.

CVE ID : CVE-2023-4011
Source : cve@gitlab.com
Score CVSS : 4.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/409367 | source : cve@gitlab.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-2022

Première publication le : 02-08-2023 09:15:13
Dernière modification le : 02-08-2023 13:30:30

Description :
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

CVE ID : CVE-2023-2022
Source : cve@gitlab.com
Score CVSS : 4.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/407166 | source : cve@gitlab.com
https://hackerone.com/reports/1936572 | source : cve@gitlab.com

Vulnérabilité : CWE-284


Source : brocade.com

Vulnérabilité ID : CVE-2023-31928

Première publication le : 02-08-2023 00:15:17
Dernière modification le : 02-08-2023 13:30:34

Description :
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.

CVE ID : CVE-2023-31928
Source : sirt@brocade.com
Score CVSS : 6.3

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22390 | source : sirt@brocade.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-31428

Première publication le : 02-08-2023 00:15:16
Dernière modification le : 02-08-2023 13:30:34

Description :
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

CVE ID : CVE-2023-31428
Source : sirt@brocade.com
Score CVSS : 5.5

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22380 | source : sirt@brocade.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-31430

Première publication le : 02-08-2023 00:15:17
Dernière modification le : 02-08-2023 13:30:34

Description :
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE ID : CVE-2023-31430
Source : sirt@brocade.com
Score CVSS : 5.5

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22381 | source : sirt@brocade.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-31431

Première publication le : 02-08-2023 00:15:17
Dernière modification le : 02-08-2023 13:30:34

Description :
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE ID : CVE-2023-31431
Source : sirt@brocade.com
Score CVSS : 5.5

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22384 | source : sirt@brocade.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-31927

Première publication le : 02-08-2023 01:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

CVE ID : CVE-2023-31927
Source : sirt@brocade.com
Score CVSS : 5.3

Références :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22389 | source : sirt@brocade.com

Vulnérabilité : CWE-200


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4067

Première publication le : 02-08-2023 09:15:14
Dernière modification le : 02-08-2023 13:30:30

Description :
The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-4067
Source : security@wordfence.com
Score CVSS : 6.1

Références :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : f5.com

Vulnérabilité ID : CVE-2023-3470

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-3470
Source : f5sirt@f5.com
Score CVSS : 6.0

Références :
https://my.f5.com/manage/s/article/K000135449 | source : f5sirt@f5.com

Vulnérabilité : CWE-1391


Vulnérabilité ID : CVE-2023-38423

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-38423
Source : f5sirt@f5.com
Score CVSS : 5.4

Références :
https://my.f5.com/manage/s/article/K000134535 | source : f5sirt@f5.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-36494

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-36494
Source : f5sirt@f5.com
Score CVSS : 4.4

Références :
https://my.f5.com/manage/s/article/K000134922 | source : f5sirt@f5.com

Vulnérabilité : CWE-532


Vulnérabilité ID : CVE-2023-38419

Première publication le : 02-08-2023 16:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE ID : CVE-2023-38419
Source : f5sirt@f5.com
Score CVSS : 4.3

Références :
https://my.f5.com/manage/s/article/K000133472 | source : f5sirt@f5.com

Vulnérabilité : CWE-755


Source : open-xchange.com

Vulnérabilité ID : CVE-2023-26441

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.

CVE ID : CVE-2023-26441
Source : security@open-xchange.com
Score CVSS : 5.7

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-26443

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.

CVE ID : CVE-2023-26443
Source : security@open-xchange.com
Score CVSS : 5.5

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-26445

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:11

Description :
Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known.

CVE ID : CVE-2023-26445
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26446

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:11

Description :
The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known.

CVE ID : CVE-2023-26446
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26447

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:11

Description :
The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known.

CVE ID : CVE-2023-26447
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26448

Première publication le : 02-08-2023 13:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known.

CVE ID : CVE-2023-26448
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26449

Première publication le : 02-08-2023 13:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.

CVE ID : CVE-2023-26449
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26450

Première publication le : 02-08-2023 13:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.

CVE ID : CVE-2023-26450
Source : security@open-xchange.com
Score CVSS : 5.4

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-26438

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known.

CVE ID : CVE-2023-26438
Source : security@open-xchange.com
Score CVSS : 4.3

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-918


Source : octopus.com

Vulnérabilité ID : CVE-2022-2346

Première publication le : 02-08-2023 02:15:12
Dernière modification le : 02-08-2023 13:30:34

Description :
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.

CVE ID : CVE-2022-2346
Source : security@octopus.com
Score CVSS : 5.5

Références :
https://advisories.octopus.com/post/2023/sa2023-10/ | source : security@octopus.com


Vulnérabilité ID : CVE-2022-2416

Première publication le : 02-08-2023 06:15:10
Dernière modification le : 02-08-2023 13:30:34

Description :
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.

CVE ID : CVE-2022-2416
Source : security@octopus.com
Score CVSS : 5.5

Références :
https://advisories.octopus.com/post/2023/sa2023-11/ | source : security@octopus.com


Source : liferay.com

Vulnérabilité ID : CVE-2023-3426

Première publication le : 02-08-2023 10:15:09
Dernière modification le : 02-08-2023 13:30:30

Description :
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.

CVE ID : CVE-2023-3426
Source : security@liferay.com
Score CVSS : 4.3

Références :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3426 | source : security@liferay.com

Vulnérabilité : CWE-862


(5) Vulnérabilité(s) LOW [0.1, 3.9]

Source : open-xchange.com

Vulnérabilité ID : CVE-2023-26430

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.

CVE ID : CVE-2023-26430
Source : security@open-xchange.com
Score CVSS : 3.5

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-26442

Première publication le : 02-08-2023 13:15:10
Dernière modification le : 02-08-2023 20:15:10

Description :
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known.

CVE ID : CVE-2023-26442
Source : security@open-xchange.com
Score CVSS : 3.2

Références :
http://seclists.org/fulldisclosure/2023/Aug/8 | source : security@open-xchange.com
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf | source : security@open-xchange.com

Vulnérabilité : CWE-918


Source : gitlab.com

Vulnérabilité ID : CVE-2023-1210

Première publication le : 02-08-2023 00:15:16
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.

CVE ID : CVE-2023-1210
Source : cve@gitlab.com
Score CVSS : 3.1

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/394775 | source : cve@gitlab.com
https://hackerone.com/reports/1884672 | source : cve@gitlab.com

Vulnérabilité : CWE-200


Source : us.ibm.com

Vulnérabilité ID : CVE-2023-23476

Première publication le : 02-08-2023 15:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.

CVE ID : CVE-2023-23476
Source : psirt@us.ibm.com
Score CVSS : 3.1

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/245425 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7017490 | source : psirt@us.ibm.com

Vulnérabilité : CWE-200


Source : trellix.com

Vulnérabilité ID : CVE-2023-4016

Première publication le : 02-08-2023 05:15:09
Dernière modification le : 02-08-2023 13:30:34

Description :
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

CVE ID : CVE-2023-4016
Source : trellixpsirt@trellix.com
Score CVSS : 2.5

Références :
https://gitlab.com/procps-ng/procps | source : trellixpsirt@trellix.com

Vulnérabilité : CWE-122


(15) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-36121

Première publication le : 02-08-2023 00:15:18
Dernière modification le : 02-08-2023 13:30:34

Description :
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

CVE ID : CVE-2023-36121
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/e107%20v2.3.2.md | source : cve@mitre.org
https://www.chtsecurity.com/news/0a4743a5-491e-4685-95ee-df8316ab5284 | source : cve@mitre.org
https://www.chtsecurity.com/news/6c6675d4-3254-46ce-a16d-26523ff80540 | source : cve@mitre.org
https://www.exploit-db.com/exploits/51449 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38990

Première publication le : 02-08-2023 00:15:18
Dernière modification le : 02-08-2023 13:30:34

Description :
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.

CVE ID : CVE-2023-38990
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/thinkgem/jeesite/issues/519 | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-46485

Première publication le : 02-08-2023 14:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

CVE ID : CVE-2022-46485
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/WodenSec/CVE-2022-46485 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33257

Première publication le : 02-08-2023 14:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.

CVE ID : CVE-2023-33257
Source : cve@mitre.org
Score CVSS : /

Références :
https://writeup.recoil.nl/verint/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33383

Première publication le : 02-08-2023 14:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.

CVE ID : CVE-2023-33383
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-46484

Première publication le : 02-08-2023 15:15:09
Dernière modification le : 02-08-2023 16:55:04

Description :
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

CVE ID : CVE-2022-46484
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/WodenSec/CVE-2022-46484 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38330

Première publication le : 02-08-2023 15:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.

CVE ID : CVE-2023-38330
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugs.oxid-esales.com/view.php?id=7479 | source : cve@mitre.org
https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36081

Première publication le : 02-08-2023 20:15:12
Dernière modification le : 02-08-2023 20:15:12

Description :
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.

CVE ID : CVE-2023-36081
Source : cve@mitre.org
Score CVSS : /

Références :
http://flexiva.com | source : cve@mitre.org
http://gatesair.com | source : cve@mitre.org
https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36081 | source : cve@mitre.org


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-38556

Première publication le : 02-08-2023 08:15:09
Dernière modification le : 02-08-2023 13:30:30

Description :
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

CVE ID : CVE-2023-38556
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN61337171/ | source : vultures@jpcert.or.jp
https://www.epson.jp/support/misc_t/230802_oshirase.htm | source : vultures@jpcert.or.jp


Source : xiaomi.com

Vulnérabilité ID : CVE-2023-26316

Première publication le : 02-08-2023 14:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

CVE ID : CVE-2023-26316
Source : security@xiaomi.com
Score CVSS : /

Références :
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=322 | source : security@xiaomi.com


Vulnérabilité ID : CVE-2023-26317

Première publication le : 02-08-2023 14:15:10
Dernière modification le : 02-08-2023 16:55:04

Description :
A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.

CVE ID : CVE-2023-26317
Source : security@xiaomi.com
Score CVSS : /

Références :
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=529 | source : security@xiaomi.com


Source : golang.org

Vulnérabilité ID : CVE-2023-29407

Première publication le : 02-08-2023 20:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

CVE ID : CVE-2023-29407
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/514897 | source : security@golang.org
https://go.dev/issue/61581 | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-1990 | source : security@golang.org

Vulnérabilité : CWE-834


Vulnérabilité ID : CVE-2023-29408

Première publication le : 02-08-2023 20:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

CVE ID : CVE-2023-29408
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/514897 | source : security@golang.org
https://go.dev/issue/61582 | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-1989 | source : security@golang.org

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-29409

Première publication le : 02-08-2023 20:15:11
Dernière modification le : 02-08-2023 20:15:11

Description :
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

CVE ID : CVE-2023-29409
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/515257 | source : security@golang.org
https://go.dev/issue/61460 | source : security@golang.org
https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-1987 | source : security@golang.org

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-3978

Première publication le : 02-08-2023 20:15:12
Dernière modification le : 02-08-2023 20:15:12

Description :
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE ID : CVE-2023-3978
Source : security@golang.org
Score CVSS : /

Références :
https://go.dev/cl/514896 | source : security@golang.org
https://go.dev/issue/61615 | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-1988 | source : security@golang.org

Vulnérabilité : CWE-79


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.