Dernières vulnérabilités du Mercredi 6 Septembre 2023

Dernières vulnérabilités du Mercredi 6 Septembre 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 06/09/2023 à 23:58:01

(9) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : cisco.com

Vulnérabilité ID : CVE-2023-20238

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.

CVE ID : CVE-2023-20238
Source : ykramarz@cisco.com
Score CVSS : 10.0

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX | source : ykramarz@cisco.com


Source : github.com

Vulnérabilité ID : CVE-2023-39967

Première publication le : 06-09-2023 21:15:13
Dernière modification le : 06-09-2023 21:15:13

Description :
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.

CVE ID : CVE-2023-39967
Source : security-advisories@github.com
Score CVSS : 10.0

Références :
https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc | source : security-advisories@github.com

Vulnérabilité : CWE-918


Vulnérabilité ID : CVE-2023-41330

Première publication le : 06-09-2023 18:15:09
Dernière modification le : 06-09-2023 18:15:09

Description :
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.

CVE ID : CVE-2023-41330
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/KnpLabs/snappy/commit/d3b742d61a68bf93866032c2c0a7f1486128b67e | source : security-advisories@github.com
https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj | source : security-advisories@github.com
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc | source : security-advisories@github.com

Vulnérabilité : CWE-502


Source : hq.dhs.gov

Vulnérabilité ID : CVE-2023-4485

Première publication le : 06-09-2023 00:15:07
Dernière modification le : 06-09-2023 00:15:07

Description :
ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.

CVE ID : CVE-2023-4485
Source : ics-cert@hq.dhs.gov
Score CVSS : 9.8

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-89


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4634

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

CVE ID : CVE-2023-4634
Source : security@wordfence.com
Score CVSS : 9.8

Références :
https://github.com/Patrowl/CVE-2023-4634/ | source : security@wordfence.com
https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz | source : security@wordfence.com
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-73


Source : incibe.es

Vulnérabilité ID : CVE-2023-4589

Première publication le : 06-09-2023 12:15:07
Dernière modification le : 06-09-2023 12:15:07

Description :
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

CVE ID : CVE-2023-4589
Source : cve-coordination@incibe.es
Score CVSS : 9.1

Références :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server | source : cve-coordination@incibe.es

Vulnérabilité : CWE-345


Source : adobe.com

Vulnérabilité ID : CVE-2021-36021

Première publication le : 06-09-2023 14:15:08
Dernière modification le : 06-09-2023 14:15:08

Description :
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system.

CVE ID : CVE-2021-36021
Source : psirt@adobe.com
Score CVSS : 9.1

Références :
https://helpx.adobe.com/security/products/magento/apsb21-64.html | source : psirt@adobe.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2021-36023

Première publication le : 06-09-2023 14:15:08
Dernière modification le : 06-09-2023 14:15:08

Description :
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

CVE ID : CVE-2021-36023
Source : psirt@adobe.com
Score CVSS : 9.1

Références :
https://helpx.adobe.com/security/products/magento/apsb21-64.html | source : psirt@adobe.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2021-36036

Première publication le : 06-09-2023 14:15:09
Dernière modification le : 06-09-2023 14:15:09

Description :
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution.

CVE ID : CVE-2021-36036
Source : psirt@adobe.com
Score CVSS : 9.1

Références :
https://helpx.adobe.com/security/products/magento/apsb21-64.html | source : psirt@adobe.com

Vulnérabilité : CWE-284


(31) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : github.com

Vulnérabilité ID : CVE-2023-41319

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.

CVE ID : CVE-2023-41319
Source : security-advisories@github.com
Score CVSS : 8.8

Références :
https://github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a | source : security-advisories@github.com
https://github.com/ethyca/fides/security/advisories/GHSA-p6p2-qq95-vq5h | source : security-advisories@github.com

Vulnérabilité : CWE-693
Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-40591

Première publication le : 06-09-2023 19:15:44
Dernière modification le : 06-09-2023 19:15:44

Description :
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-40591
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://geth.ethereum.org/docs/developers/geth-developer/disclosures | source : security-advisories@github.com
https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1 | source : security-advisories@github.com
https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm | source : security-advisories@github.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-23623

Première publication le : 06-09-2023 21:15:08
Dernière modification le : 06-09-2023 21:15:08

Description :
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.

CVE ID : CVE-2023-23623
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | source : security-advisories@github.com

Vulnérabilité : CWE-670


Source : gg.jp.panasonic.com

Vulnérabilité ID : CVE-2023-3471

Première publication le : 06-09-2023 05:15:42
Dernière modification le : 06-09-2023 05:15:42

Description :
Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

CVE ID : CVE-2023-3471
Source : product-security@gg.jp.panasonic.com
Score CVSS : 8.6

Références :
https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp | source : product-security@gg.jp.panasonic.com
https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp | source : product-security@gg.jp.panasonic.com

Vulnérabilité : CWE-119


Vulnérabilité ID : CVE-2023-3472

Première publication le : 06-09-2023 05:15:42
Dernière modification le : 06-09-2023 05:15:42

Description :
Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

CVE ID : CVE-2023-3472
Source : product-security@gg.jp.panasonic.com
Score CVSS : 8.6

Références :
https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp | source : product-security@gg.jp.panasonic.com
https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp | source : product-security@gg.jp.panasonic.com

Vulnérabilité : CWE-416


Source : cisco.com

Vulnérabilité ID : CVE-2023-20243

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.

CVE ID : CVE-2023-20243
Source : ykramarz@cisco.com
Score CVSS : 8.6

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt | source : ykramarz@cisco.com


Source : samsung.com

Vulnérabilité ID : CVE-2023-30710

Première publication le : 06-09-2023 04:15:12
Dernière modification le : 06-09-2023 04:15:12

Description :
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30710
Source : mobile.security@samsung.com
Score CVSS : 8.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30729

Première publication le : 06-09-2023 04:15:16
Dernière modification le : 06-09-2023 04:15:16

Description :
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information.

CVE ID : CVE-2023-30729
Source : mobile.security@samsung.com
Score CVSS : 8.1

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-295


Vulnérabilité ID : CVE-2023-30709

Première publication le : 06-09-2023 04:15:11
Dernière modification le : 06-09-2023 04:15:11

Description :
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

CVE ID : CVE-2023-30709
Source : mobile.security@samsung.com
Score CVSS : 7.9

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30706

Première publication le : 06-09-2023 04:15:11
Dernière modification le : 06-09-2023 04:15:11

Description :
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

CVE ID : CVE-2023-30706
Source : mobile.security@samsung.com
Score CVSS : 7.5

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-285


Source : hpe.com

Vulnérabilité ID : CVE-2023-38484

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.

CVE ID : CVE-2023-38484
Source : security-alert@hpe.com
Score CVSS : 8.0

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt | source : security-alert@hpe.com


Vulnérabilité ID : CVE-2023-38485

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.

CVE ID : CVE-2023-38485
Source : security-alert@hpe.com
Score CVSS : 8.0

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt | source : security-alert@hpe.com


Vulnérabilité ID : CVE-2023-38486

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

CVE ID : CVE-2023-38486
Source : security-alert@hpe.com
Score CVSS : 7.7

Références :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt | source : security-alert@hpe.com


Source : trendmicro.com

Vulnérabilité ID : CVE-2023-32162

Première publication le : 06-09-2023 05:15:42
Dernière modification le : 06-09-2023 05:15:42

Description :
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.

CVE ID : CVE-2023-32162
Source : zdi-disclosures@trendmicro.com
Score CVSS : 7.8

Références :
https://www.zerodayinitiative.com/advisories/ZDI-23-741 | source : zdi-disclosures@trendmicro.com

Vulnérabilité : CWE-732


Vulnérabilité ID : CVE-2023-32163

Première publication le : 06-09-2023 05:15:42
Dernière modification le : 06-09-2023 05:15:42

Description :
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.

CVE ID : CVE-2023-32163
Source : zdi-disclosures@trendmicro.com
Score CVSS : 7.8

Références :
https://www.zerodayinitiative.com/advisories/ZDI-23-742 | source : zdi-disclosures@trendmicro.com

Vulnérabilité : CWE-59


Source : adobe.com

Vulnérabilité ID : CVE-2021-21088

Première publication le : 06-09-2023 14:15:08
Dernière modification le : 06-09-2023 14:15:08

Description :
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2021-21088
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2021-28644

Première publication le : 06-09-2023 14:15:08
Dernière modification le : 06-09-2023 14:15:08

Description :
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2021-28644
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html | source : psirt@adobe.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2021-35980

Première publication le : 06-09-2023 14:15:08
Dernière modification le : 06-09-2023 14:15:08

Description :
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2021-35980
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html | source : psirt@adobe.com

Vulnérabilité : CWE-22


Source : google.com

Vulnérabilité ID : CVE-2023-3777

Première publication le : 06-09-2023 14:15:10
Dernière modification le : 06-09-2023 14:15:10

Description :
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

CVE ID : CVE-2023-3777
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 | source : cve-coordination@google.com
https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4015

Première publication le : 06-09-2023 14:15:11
Dernière modification le : 06-09-2023 14:15:11

Description :
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.

CVE ID : CVE-2023-4015
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2 | source : cve-coordination@google.com
https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4206

Première publication le : 06-09-2023 14:15:11
Dernière modification le : 06-09-2023 14:15:11

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.

CVE ID : CVE-2023-4206
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 | source : cve-coordination@google.com
https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4207

Première publication le : 06-09-2023 14:15:11
Dernière modification le : 06-09-2023 14:15:11

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.

CVE ID : CVE-2023-4207
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec | source : cve-coordination@google.com
https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4208

Première publication le : 06-09-2023 14:15:11
Dernière modification le : 06-09-2023 14:15:11

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.

CVE ID : CVE-2023-4208
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 | source : cve-coordination@google.com
https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4244

Première publication le : 06-09-2023 14:15:11
Dernière modification le : 06-09-2023 14:15:11

Description :
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.

CVE ID : CVE-2023-4244
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8 | source : cve-coordination@google.com
https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4622

Première publication le : 06-09-2023 14:15:12
Dernière modification le : 06-09-2023 14:15:12

Description :
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

CVE ID : CVE-2023-4622
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c | source : cve-coordination@google.com
https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-4623

Première publication le : 06-09-2023 14:15:12
Dernière modification le : 06-09-2023 14:15:12

Description :
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

CVE ID : CVE-2023-4623
Source : cve-coordination@google.com
Score CVSS : 7.8

Références :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f | source : cve-coordination@google.com
https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f | source : cve-coordination@google.com

Vulnérabilité : CWE-416


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4719

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 02:15:09

Description :
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link.

CVE ID : CVE-2023-4719
Source : security@wordfence.com
Score CVSS : 7.2

Références :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/simple-membership/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : patchstack.com

Vulnérabilité ID : CVE-2023-29441

Première publication le : 06-09-2023 08:15:43
Dernière modification le : 06-09-2023 08:15:43

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1 versions.

CVE ID : CVE-2023-29441
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/weblibrarian/wordpress-weblibrarian-plugin-3-5-8-1-multiple-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-30497

Première publication le : 06-09-2023 09:15:07
Dernière modification le : 06-09-2023 09:15:07

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions.

CVE ID : CVE-2023-30497
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wp-line-notify/wordpress-wordpress-line-notify-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40554

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.

CVE ID : CVE-2023-40554
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/blog2social/wordpress-blog2social-plugin-7-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40601

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.

CVE ID : CVE-2023-40601
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/estatik-mortgage-calculator/wordpress-mortgage-calculator-estatik-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


(47) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : samsung.com

Vulnérabilité ID : CVE-2023-30712

Première publication le : 06-09-2023 04:15:13
Dernière modification le : 06-09-2023 04:15:13

Description :
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

CVE ID : CVE-2023-30712
Source : mobile.security@samsung.com
Score CVSS : 6.8

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30713

Première publication le : 06-09-2023 04:15:13
Dernière modification le : 06-09-2023 04:15:13

Description :
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.

CVE ID : CVE-2023-30713
Source : mobile.security@samsung.com
Score CVSS : 6.2

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-30722

Première publication le : 06-09-2023 04:15:15
Dernière modification le : 06-09-2023 04:15:15

Description :
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.

CVE ID : CVE-2023-30722
Source : mobile.security@samsung.com
Score CVSS : 5.5

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-693


Vulnérabilité ID : CVE-2023-30723

Première publication le : 06-09-2023 04:15:15
Dernière modification le : 06-09-2023 04:15:15

Description :
Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege.

CVE ID : CVE-2023-30723
Source : mobile.security@samsung.com
Score CVSS : 5.5

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30725

Première publication le : 06-09-2023 04:15:16
Dernière modification le : 06-09-2023 04:15:16

Description :
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.

CVE ID : CVE-2023-30725
Source : mobile.security@samsung.com
Score CVSS : 5.1

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-30720

Première publication le : 06-09-2023 04:15:15
Dernière modification le : 06-09-2023 04:15:15

Description :
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

CVE ID : CVE-2023-30720
Source : mobile.security@samsung.com
Score CVSS : 4.7

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30726

Première publication le : 06-09-2023 04:15:16
Dernière modification le : 06-09-2023 04:15:16

Description :
PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data.

CVE ID : CVE-2023-30726
Source : mobile.security@samsung.com
Score CVSS : 4.7

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30708

Première publication le : 06-09-2023 04:15:11
Dernière modification le : 06-09-2023 04:15:11

Description :
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.

CVE ID : CVE-2023-30708
Source : mobile.security@samsung.com
Score CVSS : 4.6

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-30714

Première publication le : 06-09-2023 04:15:13
Dernière modification le : 06-09-2023 04:15:13

Description :
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

CVE ID : CVE-2023-30714
Source : mobile.security@samsung.com
Score CVSS : 4.6

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-285


Vulnérabilité ID : CVE-2023-30721

Première publication le : 06-09-2023 04:15:15
Dernière modification le : 06-09-2023 04:15:15

Description :
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

CVE ID : CVE-2023-30721
Source : mobile.security@samsung.com
Score CVSS : 4.4

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-532


Vulnérabilité ID : CVE-2023-30728

Première publication le : 06-09-2023 04:15:16
Dernière modification le : 06-09-2023 04:15:16

Description :
Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.

CVE ID : CVE-2023-30728
Source : mobile.security@samsung.com
Score CVSS : 4.4

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-285


Vulnérabilité ID : CVE-2023-30707

Première publication le : 06-09-2023 04:15:11
Dernière modification le : 06-09-2023 04:15:11

Description :
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.

CVE ID : CVE-2023-30707
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-30711

Première publication le : 06-09-2023 04:15:12
Dernière modification le : 06-09-2023 04:15:12

Description :
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.

CVE ID : CVE-2023-30711
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-30715

Première publication le : 06-09-2023 04:15:14
Dernière modification le : 06-09-2023 04:15:14

Description :
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

CVE ID : CVE-2023-30715
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-30716

Première publication le : 06-09-2023 04:15:14
Dernière modification le : 06-09-2023 04:15:14

Description :
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

CVE ID : CVE-2023-30716
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-30717

Première publication le : 06-09-2023 04:15:14
Dernière modification le : 06-09-2023 04:15:14

Description :
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

CVE ID : CVE-2023-30717
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-30718

Première publication le : 06-09-2023 04:15:14
Dernière modification le : 06-09-2023 04:15:14

Description :
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.

CVE ID : CVE-2023-30718
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-926


Vulnérabilité ID : CVE-2023-30719

Première publication le : 06-09-2023 04:15:14
Dernière modification le : 06-09-2023 04:15:14

Description :
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

CVE ID : CVE-2023-30719
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-30724

Première publication le : 06-09-2023 04:15:15
Dernière modification le : 06-09-2023 04:15:15

Description :
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

CVE ID : CVE-2023-30724
Source : mobile.security@samsung.com
Score CVSS : 4.0

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-287


Source : trendmicro.com

Vulnérabilité ID : CVE-2023-35719

Première publication le : 06-09-2023 05:15:42
Dernière modification le : 06-09-2023 05:15:42

Description :
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.

CVE ID : CVE-2023-35719
Source : zdi-disclosures@trendmicro.com
Score CVSS : 6.8

Références :
https://www.zerodayinitiative.com/advisories/ZDI-23-891 | source : zdi-disclosures@trendmicro.com

Vulnérabilité : CWE-345


Source : incibe.es

Vulnérabilité ID : CVE-2023-4588

Première publication le : 06-09-2023 12:15:07
Dernière modification le : 06-09-2023 12:15:07

Description :
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.

CVE ID : CVE-2023-4588
Source : cve-coordination@incibe.es
Score CVSS : 6.8

Références :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server | source : cve-coordination@incibe.es

Vulnérabilité : CWE-552


Source : github.com

Vulnérabilité ID : CVE-2023-41050

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-41050
Source : security-advisories@github.com
Score CVSS : 6.8

Références :
https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 | source : security-advisories@github.com
https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-39511

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.

CVE ID : CVE-2023-39511
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42 | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-39956

Première publication le : 06-09-2023 21:15:13
Dernière modification le : 06-09-2023 21:15:13

Description :
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.

CVE ID : CVE-2023-39956
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5 | source : security-advisories@github.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-29198

Première publication le : 06-09-2023 21:15:11
Dernière modification le : 06-09-2023 21:15:11

Description :
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.

CVE ID : CVE-2023-29198
Source : security-advisories@github.com
Score CVSS : 6.0

Références :
https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7 | source : security-advisories@github.com
https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support | source : security-advisories@github.com

Vulnérabilité : CWE-754


Vulnérabilité ID : CVE-2023-41327

Première publication le : 06-09-2023 21:15:14
Dernière modification le : 06-09-2023 21:15:14

Description :
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.

CVE ID : CVE-2023-41327
Source : security-advisories@github.com
Score CVSS : 4.6

Références :
https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15 | source : security-advisories@github.com
https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7 | source : security-advisories@github.com
https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses | source : security-advisories@github.com

Vulnérabilité : CWE-918


Vulnérabilité ID : CVE-2023-41328

Première publication le : 06-09-2023 18:15:09
Dernière modification le : 06-09-2023 18:15:09

Description :
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.

CVE ID : CVE-2023-41328
Source : security-advisories@github.com
Score CVSS : 4.2

Références :
https://github.com/frappe/frappe/releases/tag/v13.46.1 | source : security-advisories@github.com
https://github.com/frappe/frappe/releases/tag/v14.20.0 | source : security-advisories@github.com
https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 | source : security-advisories@github.com

Vulnérabilité : CWE-89


Source : apache.org

Vulnérabilité ID : CVE-2023-37941

Première publication le : 06-09-2023 14:15:10
Dernière modification le : 06-09-2023 14:15:10

Description :
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.

CVE ID : CVE-2023-37941
Source : security@apache.org
Score CVSS : 6.6

Références :
https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h | source : security@apache.org

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-36387

Première publication le : 06-09-2023 13:15:08
Dernière modification le : 06-09-2023 13:15:08

Description :
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

CVE ID : CVE-2023-36387
Source : security@apache.org
Score CVSS : 5.4

Références :
https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3 | source : security@apache.org

Vulnérabilité : CWE-918


Vulnérabilité ID : CVE-2023-27523

Première publication le : 06-09-2023 13:15:08
Dernière modification le : 06-09-2023 13:15:08

Description :
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

CVE ID : CVE-2023-27523
Source : security@apache.org
Score CVSS : 5.0

Références :
https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h | source : security@apache.org

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-27526

Première publication le : 06-09-2023 13:15:08
Dernière modification le : 06-09-2023 13:15:08

Description :
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.

CVE ID : CVE-2023-27526
Source : security@apache.org
Score CVSS : 4.3

Références :
https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv | source : security@apache.org

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-36388

Première publication le : 06-09-2023 13:15:08
Dernière modification le : 06-09-2023 13:15:08

Description :
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

CVE ID : CVE-2023-36388
Source : security@apache.org
Score CVSS : 4.3

Références :
https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs | source : security@apache.org

Vulnérabilité : CWE-918


Vulnérabilité ID : CVE-2023-39264

Première publication le : 06-09-2023 13:15:08
Dernière modification le : 06-09-2023 13:15:08

Description :
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVE ID : CVE-2023-39264
Source : security@apache.org
Score CVSS : 4.3

Références :
https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75 | source : security@apache.org

Vulnérabilité : CWE-209


Vulnérabilité ID : CVE-2023-32672

Première publication le : 06-09-2023 14:15:10
Dernière modification le : 06-09-2023 14:15:10

Description :
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

CVE ID : CVE-2023-32672
Source : security@apache.org
Score CVSS : 4.3

Références :
https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp | source : security@apache.org

Vulnérabilité : CWE-863


Source : cisco.com

Vulnérabilité ID : CVE-2023-20250

Première publication le : 06-09-2023 17:15:50
Dernière modification le : 06-09-2023 17:15:50

Description :
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.

CVE ID : CVE-2023-20250
Source : ykramarz@cisco.com
Score CVSS : 6.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2023-20269

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.

CVE ID : CVE-2023-20269
Source : ykramarz@cisco.com
Score CVSS : 5.0

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2023-20263

Première publication le : 06-09-2023 18:15:08
Dernière modification le : 06-09-2023 18:15:08

Description :
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

CVE ID : CVE-2023-20263
Source : ykramarz@cisco.com
Score CVSS : 4.7

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF | source : ykramarz@cisco.com


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4773

Première publication le : 06-09-2023 04:15:17
Dernière modification le : 06-09-2023 04:15:17

Description :
The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4773
Source : security@wordfence.com
Score CVSS : 6.4

Références :
https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4779

Première publication le : 06-09-2023 07:15:09
Dernière modification le : 06-09-2023 07:15:09

Description :
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4779
Source : security@wordfence.com
Score CVSS : 6.4

Références :
https://plugins.trac.wordpress.org/changeset/2961841 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : patchstack.com

Vulnérabilité ID : CVE-2023-40007

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwol Bastakoti CT Commerce plugin <= 2.0.1 versions.

CVE ID : CVE-2023-40007
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/ct-commerce/wordpress-ct-commerce-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40328

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions.

CVE ID : CVE-2023-40328
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/carrrot/wordpress-carrot-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40329

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions.

CVE ID : CVE-2023-40329
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/custom-admin-login-styler-wpzest/wordpress-custom-admin-login-page-wpzest-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40552

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions.

CVE ID : CVE-2023-40552
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/fitness-calculators/wordpress-fitness-calculators-plugin-plugin-2-0-7-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40560

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

CVE ID : CVE-2023-40560
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40553

Première publication le : 06-09-2023 09:15:08
Dernière modification le : 06-09-2023 09:15:08

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausible.Io Plausible Analytics plugin <= 1.3.3 versions.

CVE ID : CVE-2023-40553
Source : audit@patchstack.com
Score CVSS : 5.8

Références :
https://patchstack.com/database/vulnerability/plausible-analytics/wordpress-plausible-analytics-plugin-1-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Source : adobe.com

Vulnérabilité ID : CVE-2021-36060

Première publication le : 06-09-2023 14:15:09
Dernière modification le : 06-09-2023 14:15:09

Description :
Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2021-36060
Source : psirt@adobe.com
Score CVSS : 5.5

Références :
https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html | source : psirt@adobe.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2021-39859

Première publication le : 06-09-2023 14:15:09
Dernière modification le : 06-09-2023 14:15:09

Description :
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2021-39859
Source : psirt@adobe.com
Score CVSS : 5.5

Références :
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


(4) Vulnérabilité(s) LOW [0.1, 3.9]

Source : github.com

Vulnérabilité ID : CVE-2023-41329

Première publication le : 06-09-2023 21:15:14
Dernière modification le : 06-09-2023 21:15:14

Description :
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.

CVE ID : CVE-2023-41329
Source : security-advisories@github.com
Score CVSS : 3.9

Références :
https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4 | source : security-advisories@github.com
https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses | source : security-advisories@github.com

Vulnérabilité : CWE-290


Vulnérabilité ID : CVE-2023-41053

Première publication le : 06-09-2023 21:15:14
Dernière modification le : 06-09-2023 21:15:14

Description :
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-41053
Source : security-advisories@github.com
Score CVSS : 3.3

Références :
https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 | source : security-advisories@github.com
https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc | source : security-advisories@github.com

Vulnérabilité : CWE-269


Source : apache.org

Vulnérabilité ID : CVE-2023-39265

Première publication le : 06-09-2023 14:15:10
Dernière modification le : 06-09-2023 14:15:10

Description :
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVE ID : CVE-2023-39265
Source : security@apache.org
Score CVSS : 3.8

Références :
https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy | source : security@apache.org

Vulnérabilité : CWE-20


Source : samsung.com

Vulnérabilité ID : CVE-2023-30730

Première publication le : 06-09-2023 04:15:17
Dernière modification le : 06-09-2023 04:15:17

Description :
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file.

CVE ID : CVE-2023-30730
Source : mobile.security@samsung.com
Score CVSS : 3.3

Références :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 | source : mobile.security@samsung.com

Vulnérabilité : CWE-285


(71) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : apple.com

Vulnérabilité ID : CVE-2022-32920

Première publication le : 06-09-2023 02:15:07
Dernière modification le : 06-09-2023 02:15:07

Description :
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.

CVE ID : CVE-2022-32920
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213883 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-27950

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:09

Description :
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

CVE ID : CVE-2023-27950
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28187

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:09

Description :
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service.

CVE ID : CVE-2023-28187
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28188

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:09

Description :
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.

CVE ID : CVE-2023-28188
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28195

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:09

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.

CVE ID : CVE-2023-28195
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28208

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 02:15:08

Description :
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

CVE ID : CVE-2023-28208
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213605 | source : product-security@apple.com
https://support.apple.com/en-us/HT213606 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28209

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:10

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28209
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28210

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:10

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28210
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28211

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:10

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28211
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28212

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:10

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28212
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28213

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:11

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28213
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28214

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:11

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28214
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-28215

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:11

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-28215
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-29166

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 02:15:08

Description :
A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges.

CVE ID : CVE-2023-29166
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213882 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32356

Première publication le : 06-09-2023 02:15:08
Dernière modification le : 06-09-2023 21:15:11

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-32356
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32362

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 21:15:11

Description :
Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.

CVE ID : CVE-2023-32362
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32370

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 02:15:09

Description :
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

CVE ID : CVE-2023-32370
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32379

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 08:15:43

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-32379
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/kb/HT213758 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32425

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 08:15:43

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.

CVE ID : CVE-2023-32425
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213757 | source : product-security@apple.com
https://support.apple.com/en-us/HT213764 | source : product-security@apple.com
https://support.apple.com/kb/HT213757 | source : product-security@apple.com
https://support.apple.com/kb/HT213764 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32426

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 21:15:12

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.

CVE ID : CVE-2023-32426
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/kb/HT213670 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32428

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 08:15:43

Description :
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

CVE ID : CVE-2023-32428
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213757 | source : product-security@apple.com
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/en-us/HT213761 | source : product-security@apple.com
https://support.apple.com/en-us/HT213764 | source : product-security@apple.com
https://support.apple.com/kb/HT213757 | source : product-security@apple.com
https://support.apple.com/kb/HT213758 | source : product-security@apple.com
https://support.apple.com/kb/HT213761 | source : product-security@apple.com
https://support.apple.com/kb/HT213764 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32432

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 08:15:43

Description :
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-32432
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213757 | source : product-security@apple.com
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/en-us/HT213761 | source : product-security@apple.com
https://support.apple.com/en-us/HT213764 | source : product-security@apple.com
https://support.apple.com/kb/HT213757 | source : product-security@apple.com
https://support.apple.com/kb/HT213758 | source : product-security@apple.com
https://support.apple.com/kb/HT213761 | source : product-security@apple.com
https://support.apple.com/kb/HT213764 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32438

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 02:15:09

Description :
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.

CVE ID : CVE-2023-32438
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213599 | source : product-security@apple.com
https://support.apple.com/en-us/HT213601 | source : product-security@apple.com
https://support.apple.com/en-us/HT213605 | source : product-security@apple.com
https://support.apple.com/en-us/HT213606 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-34352

Première publication le : 06-09-2023 02:15:09
Dernière modification le : 06-09-2023 08:15:44

Description :
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

CVE ID : CVE-2023-34352
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213757 | source : product-security@apple.com
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/en-us/HT213761 | source : product-security@apple.com
https://support.apple.com/en-us/HT213764 | source : product-security@apple.com
https://support.apple.com/kb/HT213757 | source : product-security@apple.com
https://support.apple.com/kb/HT213758 | source : product-security@apple.com
https://support.apple.com/kb/HT213761 | source : product-security@apple.com
https://support.apple.com/kb/HT213764 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38605

Première publication le : 06-09-2023 21:15:12
Dernière modification le : 06-09-2023 21:15:12

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.

CVE ID : CVE-2023-38605
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38616

Première publication le : 06-09-2023 21:15:13
Dernière modification le : 06-09-2023 21:15:13

Description :
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-38616
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-40392

Première publication le : 06-09-2023 21:15:13
Dernière modification le : 06-09-2023 21:15:13

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.

CVE ID : CVE-2023-40392
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-40397

Première publication le : 06-09-2023 21:15:13
Dernière modification le : 06-09-2023 21:15:13

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.

CVE ID : CVE-2023-40397
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Source : redhat.com

Vulnérabilité ID : CVE-2023-4705

Première publication le : 06-09-2023 08:15:44
Dernière modification le : 06-09-2023 08:15:44

Description :
** REJECT ** CVE-2023-4705 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

CVE ID : CVE-2023-4705
Source : secalert@redhat.com
Score CVSS : /

Références :


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-31188

Première publication le : 06-09-2023 10:15:13
Dernière modification le : 06-09-2023 10:15:13

Description :
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.

CVE ID : CVE-2023-31188
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c55/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-32619

Première publication le : 06-09-2023 10:15:13
Dernière modification le : 06-09-2023 10:15:13

Description :
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

CVE ID : CVE-2023-32619
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c55/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-36489

Première publication le : 06-09-2023 10:15:13
Dernière modification le : 06-09-2023 10:15:13

Description :
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.

CVE ID : CVE-2023-36489
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-37284

Première publication le : 06-09-2023 10:15:13
Dernière modification le : 06-09-2023 10:15:13

Description :
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

CVE ID : CVE-2023-37284
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38563

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-38563
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c1200/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c9/v3/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38568

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-38568
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-a10/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38588

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-38588
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c3150/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-39224

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.

CVE ID : CVE-2023-39224
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-39935

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-39935
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-c5400/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40193

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-40193
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/deco-m4/v2/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40357

Première publication le : 06-09-2023 10:15:14
Dernière modification le : 06-09-2023 10:15:14

Description :
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

CVE ID : CVE-2023-40357
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-a10/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40531

Première publication le : 06-09-2023 10:15:15
Dernière modification le : 06-09-2023 10:15:15

Description :
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVE ID : CVE-2023-40531
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/vu/JVNVU99392903/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax6000/v1/#Firmware | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-41149

Première publication le : 06-09-2023 13:15:09
Dernière modification le : 06-09-2023 13:15:09

Description :
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running.

CVE ID : CVE-2023-41149
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
http://jvn.jp/en/jp/JVN78113802/ | source : vultures@jpcert.or.jp
https://f-revocrm.jp/2023/08/9394/ | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-41150

Première publication le : 06-09-2023 13:15:09
Dernière modification le : 06-09-2023 13:15:09

Description :
F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

CVE ID : CVE-2023-41150
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
http://jvn.jp/en/jp/JVN78113802/ | source : vultures@jpcert.or.jp
https://f-revocrm.jp/2023/08/9394/ | source : vultures@jpcert.or.jp


Source : googlegroups.com

Vulnérabilité ID : CVE-2023-41930

Première publication le : 06-09-2023 13:15:09
Dernière modification le : 06-09-2023 15:15:16

Description :
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin.

CVE ID : CVE-2023-41930
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41931

Première publication le : 06-09-2023 13:15:09
Dernière modification le : 06-09-2023 15:15:16

Description :
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2023-41931
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41932

Première publication le : 06-09-2023 13:15:09
Dernière modification le : 06-09-2023 15:15:16

Description :
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.

CVE ID : CVE-2023-41932
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41933

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:16

Description :
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE ID : CVE-2023-41933
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41934

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:16

Description :
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

CVE ID : CVE-2023-41934
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41935

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:17

Description :
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

CVE ID : CVE-2023-41935
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41936

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:18

Description :
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.

CVE ID : CVE-2023-41936
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3228 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41937

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:19

Description :
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.

CVE ID : CVE-2023-41937
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3165 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41938

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:21

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.

CVE ID : CVE-2023-41938
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3093 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41939

Première publication le : 06-09-2023 13:15:10
Dernière modification le : 06-09-2023 15:15:21

Description :
Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.

CVE ID : CVE-2023-41939
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3064 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41940

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.

CVE ID : CVE-2023-41940
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3190 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41941

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

CVE ID : CVE-2023-41941
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1) | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41942

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

CVE ID : CVE-2023-41942
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41943

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

CVE ID : CVE-2023-41943
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41944

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.

CVE ID : CVE-2023-41944
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3102 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41945

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

CVE ID : CVE-2023-41945
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41946

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.

CVE ID : CVE-2023-41946
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082 | source : jenkinsci-cert@googlegroups.com


Vulnérabilité ID : CVE-2023-41947

Première publication le : 06-09-2023 13:15:11
Dernière modification le : 06-09-2023 15:15:21

Description :
A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.

CVE ID : CVE-2023-41947
Source : jenkinsci-cert@googlegroups.com
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/09/06/9 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082 | source : jenkinsci-cert@googlegroups.com


Source : google.com

Vulnérabilité ID : CVE-2023-4621

Première publication le : 06-09-2023 14:15:12
Dernière modification le : 06-09-2023 14:15:12

Description :
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4569.

CVE ID : CVE-2023-4621
Source : cve-coordination@google.com
Score CVSS : /

Références :


Source : mitre.org

Vulnérabilité ID : CVE-2021-36646

Première publication le : 06-09-2023 17:15:49
Dernière modification le : 06-09-2023 17:15:49

Description :
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.

CVE ID : CVE-2021-36646
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/kalcaddle/KodExplorer/issues/482 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41601

Première publication le : 06-09-2023 20:15:07
Dernière modification le : 06-09-2023 20:15:07

Description :
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.

CVE ID : CVE-2023-41601
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/al3zx/csz_cms_1_3_0_xss_in_install_page/blob/main/README.md | source : cve@mitre.org
https://www.cszcms.com/ | source : cve@mitre.org


Source : cert.org

Vulnérabilité ID : CVE-2023-4498

Première publication le : 06-09-2023 17:15:50
Dernière modification le : 06-09-2023 17:15:50

Description :
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only

CVE ID : CVE-2023-4498
Source : cret@cert.org
Score CVSS : /

Références :
https://kb.cert.org/vuls/id/304455 | source : cret@cert.org

Vulnérabilité : CWE-305


Vulnérabilité ID : CVE-2023-0925

Première publication le : 06-09-2023 18:15:07
Dernière modification le : 06-09-2023 18:15:07

Description :
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.

CVE ID : CVE-2023-0925
Source : cret@cert.org
Score CVSS : /

Références :
https://www.softwareag.com/en_corporate/platform/integration-apis/webmethods-integration.html | source : cret@cert.org

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2020-10129

Première publication le : 06-09-2023 19:15:43
Dernière modification le : 06-09-2023 19:15:43

Description :
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.

CVE ID : CVE-2020-10129
Source : cret@cert.org
Score CVSS : /

Références :
https://developer.searchblox.com/v9.2/changelog/version-91 | source : cret@cert.org

Vulnérabilité : CWE-266


Vulnérabilité ID : CVE-2020-10130

Première publication le : 06-09-2023 19:15:43
Dernière modification le : 06-09-2023 19:15:43

Description :
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.

CVE ID : CVE-2020-10130
Source : cret@cert.org
Score CVSS : /

Références :
https://developer.searchblox.com/v9.2/changelog/version-91 | source : cret@cert.org

Vulnérabilité : CWE-639


Vulnérabilité ID : CVE-2020-10131

Première publication le : 06-09-2023 19:15:43
Dernière modification le : 06-09-2023 19:15:43

Description :
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

CVE ID : CVE-2020-10131
Source : cret@cert.org
Score CVSS : /

Références :
https://developer.searchblox.com/v9.2/changelog/version-921 | source : cret@cert.org

Vulnérabilité : CWE-1236


Vulnérabilité ID : CVE-2020-10132

Première publication le : 06-09-2023 19:15:43
Dernière modification le : 06-09-2023 19:15:43

Description :
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

CVE ID : CVE-2020-10132
Source : cret@cert.org
Score CVSS : /

Références :
https://developer.searchblox.com/v9.2/changelog/version-91 | source : cret@cert.org

Vulnérabilité : CWE-79


Source : freebsd.org

Vulnérabilité ID : CVE-2023-4809

Première publication le : 06-09-2023 20:15:08
Dernière modification le : 06-09-2023 20:15:08

Description :
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

CVE ID : CVE-2023-4809
Source : secteam@freebsd.org
Score CVSS : /

Références :
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc | source : secteam@freebsd.org

Vulnérabilité : CWE-167


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.