Dernières vulnérabilités du Mercredi 28 Juin 2023

Dernières vulnérabilités du Mercredi 28 Juin 2023
{{titre}}

Dernière mise à jour efféctuée le 28/06/2023 à 23:58:02

(6) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Vulnérabilité ID : CVE-2023-26134

Première publication le : 28-06-2023 05:15:10
Dernière modification le : 28-06-2023 12:34:43

Description :
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.

CVE ID : CVE-2023-26134
Source : report@snyk.io
Score CVSS : 9.8

Références :
https://github.com/JPeer264/node-git-commit-info/commit/f7c491ede51f886a988af9b266797cb24591d18c | source : report@snyk.io
https://github.com/JPeer264/node-git-commit-info/issues/24 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-GITCOMMITINFO-5740174 | source : report@snyk.io


Vulnérabilité ID : CVE-2023-32222

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.

CVE ID : CVE-2023-32222
Source : cna@cyber.gov.il
Score CVSS : 9.8

Références :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il


Vulnérabilité ID : CVE-2023-32224

Première publication le : 28-06-2023 21:15:10
Dernière modification le : 28-06-2023 21:15:10

Description :
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts

CVE ID : CVE-2023-32224
Source : cna@cyber.gov.il
Score CVSS : 9.8

Références :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnérabilité : CWE-307


Vulnérabilité ID : CVE-2023-20105

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.

CVE ID : CVE-2023-20105
Source : ykramarz@cisco.com
Score CVSS : 9.6

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b | source : ykramarz@cisco.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-20192

Première publication le : 28-06-2023 15:15:10
Dernière modification le : 28-06-2023 15:25:19

Description :
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.

CVE ID : CVE-2023-20192
Source : ykramarz@cisco.com
Score CVSS : 9.6

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b | source : ykramarz@cisco.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-2625

Première publication le : 28-06-2023 17:15:10
Dernière modification le : 28-06-2023 19:27:43

Description :
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.

CVE ID : CVE-2023-2625
Source : cybersecurity@hitachienergy.com
Score CVSS : 9.0

Références :
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch | source : cybersecurity@hitachienergy.com

Vulnérabilité : CWE-78


(11) Vulnérabilité(s) HIGH [7.0, 8.9]

Vulnérabilité ID : CVE-2023-21517

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

CVE ID : CVE-2023-21517
Source : mobile.security@samsung.com
Score CVSS : 8.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 | source : mobile.security@samsung.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-32223

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.

CVE ID : CVE-2023-32223
Source : cna@cyber.gov.il
Score CVSS : 8.8

Références :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il


Vulnérabilité ID : CVE-2023-20006

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.

CVE ID : CVE-2023-20006
Source : ykramarz@cisco.com
Score CVSS : 8.6

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6 | source : ykramarz@cisco.com

Vulnérabilité : CWE-681


Vulnérabilité ID : CVE-2023-3243

Première publication le : 28-06-2023 21:15:10
Dernière modification le : 28-06-2023 21:15:10

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.

CVE ID : CVE-2023-3243
Source : psirt@honeywell.com
Score CVSS : 8.3

Références :
https://www.honeywell.com/us/en/product-security | source : psirt@honeywell.com

Vulnérabilité : CWE-290Vulnérabilité : CWE-326


Vulnérabilité ID : CVE-2021-31937

Première publication le : 28-06-2023 18:15:11
Dernière modification le : 28-06-2023 19:27:43

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2021-31937
Source : secure@microsoft.com
Score CVSS : 8.2

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36467

Première publication le : 28-06-2023 14:15:09
Dernière modification le : 28-06-2023 15:25:24

Description :
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.

CVE ID : CVE-2023-36467
Source : security-advisories@github.com
Score CVSS : 8.0

Références :
https://github.com/awslabs/aws-dataall/pull/472 | source : security-advisories@github.com
https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2 | source : security-advisories@github.com
https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4 | source : security-advisories@github.com
https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr | source : security-advisories@github.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-1295

Première publication le : 28-06-2023 12:15:09
Dernière modification le : 28-06-2023 12:34:43

Description :
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

CVE ID : CVE-2023-1295
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93 | source : cve-coordination@google.com
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2 | source : cve-coordination@google.com
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb | source : cve-coordination@google.com
https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93 | source : cve-coordination@google.com
https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2 | source : cve-coordination@google.com

Vulnérabilité : CWE-367


Vulnérabilité ID : CVE-2023-20178

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

CVE ID : CVE-2023-20178
Source : ykramarz@cisco.com
Score CVSS : 7.8

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw | source : ykramarz@cisco.com

Vulnérabilité : CWE-276


Vulnérabilité ID : CVE-2023-3090

Première publication le : 28-06-2023 20:15:09
Dernière modification le : 28-06-2023 20:15:09

Description :
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

CVE ID : CVE-2023-3090
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e | source : cve-coordination@google.com
https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e | source : cve-coordination@google.com

Vulnérabilité : CWE-787


Vulnérabilité ID : CVE-2023-3390

Première publication le : 28-06-2023 21:15:10
Dernière modification le : 28-06-2023 21:15:10

Description :
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.

CVE ID : CVE-2023-3390
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 | source : cve-coordination@google.com
https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-20108

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.

CVE ID : CVE-2023-20108
Source : ykramarz@cisco.com
Score CVSS : 7.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT | source : ykramarz@cisco.com

Vulnérabilité : CWE-789


(19) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Vulnérabilité ID : CVE-2023-20116

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

CVE ID : CVE-2023-20116
Source : ykramarz@cisco.com
Score CVSS : 6.8

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD | source : ykramarz@cisco.com

Vulnérabilité : CWE-835


Vulnérabilité ID : CVE-2023-2232

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

CVE ID : CVE-2023-2232
Source : cve@gitlab.com
Score CVSS : 6.5

Références :
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.json | source : cve@gitlab.com
https://gitlab.com/gitlab-org/gitlab/-/issues/408352 | source : cve@gitlab.com
https://hackerone.com/reports/1934802 | source : cve@gitlab.com


Vulnérabilité ID : CVE-2022-4143

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

CVE ID : CVE-2022-4143
Source : cve@gitlab.com
Score CVSS : 6.4

Références :
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json | source : cve@gitlab.com
https://gitlab.com/gitlab-org/gitlab/-/issues/383776 | source : cve@gitlab.com
https://hackerone.com/reports/1767639 | source : cve@gitlab.com


Vulnérabilité ID : CVE-2023-27866

Première publication le : 28-06-2023 16:15:19
Dernière modification le : 28-06-2023 19:27:43

Description :
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

CVE ID : CVE-2023-27866
Source : psirt@us.ibm.com
Score CVSS : 6.3

Références :
https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7007615 | source : psirt@us.ibm.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-20199

Première publication le : 28-06-2023 15:15:10
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.

CVE ID : CVE-2023-20199
Source : ykramarz@cisco.com
Score CVSS : 6.2

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx | source : ykramarz@cisco.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-21513

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.

CVE ID : CVE-2023-21513
Source : mobile.security@samsung.com
Score CVSS : 6.1

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-3449

Première publication le : 28-06-2023 18:15:16
Dernière modification le : 28-06-2023 19:27:43

Description :
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3449
Source : cna@vuldb.com
Score CVSS : 5.5

Références :
https://github.com/MinimoAgoni/cve/blob/main/iboa%20oa.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.232546 | source : cna@vuldb.com
https://vuldb.com/?id.232546 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3389

Première publication le : 28-06-2023 20:15:09
Dernière modification le : 28-06-2023 20:15:09

Description :
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.

CVE ID : CVE-2023-3389
Source : cve-coordination@google.com
Score CVSS : 5.5

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04 | source : cve-coordination@google.com
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663 | source : cve-coordination@google.com
https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663 | source : cve-coordination@google.com
https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-3427

Première publication le : 28-06-2023 02:15:49
Dernière modification le : 28-06-2023 12:34:43

Description :
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-3427
Source : security@wordfence.com
Score CVSS : 5.4

Références :
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Customers.php?rev=2779160#L68 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2931406%40salon-booking-system&new=2931406%40salon-booking-system&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-20028

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVE ID : CVE-2023-20028
Source : ykramarz@cisco.com
Score CVSS : 5.4

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq | source : ykramarz@cisco.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-20119

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVE ID : CVE-2023-20119
Source : ykramarz@cisco.com
Score CVSS : 5.4

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq | source : ykramarz@cisco.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-20120

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVE ID : CVE-2023-20120
Source : ykramarz@cisco.com
Score CVSS : 5.4

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq | source : ykramarz@cisco.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-20188

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.

CVE ID : CVE-2023-20188
Source : ykramarz@cisco.com
Score CVSS : 4.8

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-sxss-OPYJZUmE | source : ykramarz@cisco.com

Vulnérabilité : CWE-87


Vulnérabilité ID : CVE-2023-3034

Première publication le : 28-06-2023 09:15:09
Dernière modification le : 28-06-2023 12:34:43

Description :
Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44

CVE ID : CVE-2023-3034
Source : vulnerability@ncsc.ch
Score CVSS : 4.7

Références :
https://igs.bkg.bund.de/ntrip/bkgcaster | source : vulnerability@ncsc.ch
https://igs.bkg.bund.de/root_ftp/NTRIP/software/NTRIPCASTER_CHANGELOG | source : vulnerability@ncsc.ch

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-3450

Première publication le : 28-06-2023 18:15:16
Dernière modification le : 28-06-2023 19:27:43

Description :
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3450
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/RCEraser/cve/blob/main/RG-BCR860.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.232547 | source : cna@vuldb.com
https://vuldb.com/?id.232547 | source : cna@vuldb.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-21518

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

CVE ID : CVE-2023-21518
Source : mobile.security@samsung.com
Score CVSS : 4.4

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=06 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-1844

Première publication le : 28-06-2023 03:15:09
Dernière modification le : 28-06-2023 12:34:43

Description :
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.

CVE ID : CVE-2023-1844
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://plugins.trac.wordpress.org/browser/subscribe2/trunk/admin/send-email.php#L12 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2930676 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c34ce601-5cf9-433f-bc9d-5c705eba6b08?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-3407

Première publication le : 28-06-2023 03:15:09
Dernière modification le : 28-06-2023 12:34:43

Description :
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-3407
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://plugins.trac.wordpress.org/browser/subscribe2/trunk/admin/send-email.php#L12 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2930676 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/92b4d800-2895-4f7b-8b3b-ee6df75a7908?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-20136

Première publication le : 28-06-2023 15:15:09
Dernière modification le : 28-06-2023 15:25:19

Description :
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.

CVE ID : CVE-2023-20136
Source : ykramarz@cisco.com
Score CVSS : 4.3

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX | source : ykramarz@cisco.com

Vulnérabilité : CWE-648


(2) Vulnérabilité(s) LOW [0.1, 3.9]

Vulnérabilité ID : CVE-2023-3445

Première publication le : 28-06-2023 14:15:10
Dernière modification le : 28-06-2023 15:25:19

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.

CVE ID : CVE-2023-3445
Source : security@huntr.dev
Score CVSS : 3.5

Références :
https://github.com/spinacms/spina/commit/9adfe7b4807b3cc10dbb7351a26cc32f5d8c14a3 | source : security@huntr.dev
https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-21512

Première publication le : 28-06-2023 21:15:09
Dernière modification le : 28-06-2023 21:15:09

Description :
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.

CVE ID : CVE-2023-21512
Source : mobile.security@samsung.com
Score CVSS : 2.4

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.