Dernières vulnérabilités du Mercredi 9 Août 2023

Dernières vulnérabilités du Mercredi 9 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 09/08/2023 à 23:58:03

(3) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : adobe.com

Vulnérabilité ID : CVE-2023-38208

Première publication le : 09-08-2023 08:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-38208
Source : psirt@adobe.com
Score CVSS : 9.1

Références :
https://helpx.adobe.com/security/products/magento/apsb23-42.html | source : psirt@adobe.com

Vulnérabilité : CWE-78


Source : usom.gov.tr

Vulnérabilité ID : CVE-2023-3632

Première publication le : 09-08-2023 09:15:14
Dernière modification le : 09-08-2023 12:46:39

Description :
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.

CVE ID : CVE-2023-3632
Source : cve@usom.gov.tr
Score CVSS : 9.0

Références :
https://www.usom.gov.tr/bildirim/tr-23-0446 | source : cve@usom.gov.tr

Vulnérabilité : CWE-321


Source : github.com

Vulnérabilité ID : CVE-2023-39969

Première publication le : 09-08-2023 16:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code within a binary without changing its Authenticode hash, making it appear valid from uthenticode's perspective. Versions of uthenticode prior to 1.0.9 are not vulnerable to this attack, nor are versions in the 2.x series. By design, uthenticode does not perform full-chain validation. However, the malleability of signature verification introduced in 1.0.9 was an unintended oversight. The 2.x series addresses the vulnerability. Versions prior to 1.0.9 are also not vulnerable, but users are encouraged to upgrade rather than downgrade. There are no workarounds to this vulnerability.

CVE ID : CVE-2023-39969
Source : security-advisories@github.com
Score CVSS : 9.0

Références :
https://github.com/trailofbits/uthenticode/commit/8670b7bb9154d79c276483dcb7c9e9fd5e66455b | source : security-advisories@github.com
https://github.com/trailofbits/uthenticode/pull/84 | source : security-advisories@github.com
https://github.com/trailofbits/uthenticode/security/advisories/GHSA-rc7g-99x7-4p9g | source : security-advisories@github.com

Vulnérabilité : CWE-347


(40) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : wordfence.com

Vulnérabilité ID : CVE-2023-4239

Première publication le : 09-08-2023 03:15:45
Dernière modification le : 09-08-2023 12:46:53

Description :
The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

CVE ID : CVE-2023-4239
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-4243

Première publication le : 09-08-2023 04:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.

CVE ID : CVE-2023-4243
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Plugin.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/full-customer/tags/2.2.1/app/api/PluginInstallation.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-285


Source : cert.vde.com

Vulnérabilité ID : CVE-2023-37861

Première publication le : 09-08-2023 07:15:11
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

CVE ID : CVE-2023-37861
Source : info@cert.vde.com
Score CVSS : 8.8

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-37860

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.

CVE ID : CVE-2023-37860
Source : info@cert.vde.com
Score CVSS : 8.6

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-37862

Première publication le : 09-08-2023 07:15:11
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

CVE ID : CVE-2023-37862
Source : info@cert.vde.com
Score CVSS : 8.2

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-37859

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

CVE ID : CVE-2023-37859
Source : info@cert.vde.com
Score CVSS : 7.2

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-269


Vulnérabilité ID : CVE-2023-37863

Première publication le : 09-08-2023 07:15:11
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

CVE ID : CVE-2023-37863
Source : info@cert.vde.com
Score CVSS : 7.2

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-37864

Première publication le : 09-08-2023 07:15:11
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

CVE ID : CVE-2023-37864
Source : info@cert.vde.com
Score CVSS : 7.2

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-494


Source : securifera.com

Vulnérabilité ID : CVE-2022-48580

Première publication le : 09-08-2023 18:15:10
Dernière modification le : 09-08-2023 18:53:15

Description :
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

CVE ID : CVE-2022-48580
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48580/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48581

Première publication le : 09-08-2023 18:15:10
Dernière modification le : 09-08-2023 18:53:15

Description :
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

CVE ID : CVE-2022-48581
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48581/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48582

Première publication le : 09-08-2023 18:15:11
Dernière modification le : 09-08-2023 18:53:15

Description :
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

CVE ID : CVE-2022-48582
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48582/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48583

Première publication le : 09-08-2023 18:15:11
Dernière modification le : 09-08-2023 18:53:15

Description :
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

CVE ID : CVE-2022-48583
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48583/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48584

Première publication le : 09-08-2023 18:15:11
Dernière modification le : 09-08-2023 18:53:15

Description :
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

CVE ID : CVE-2022-48584
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48584/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48585

Première publication le : 09-08-2023 18:15:11
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48585
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48585/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48586

Première publication le : 09-08-2023 18:15:11
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48586
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48586/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48587

Première publication le : 09-08-2023 18:15:12
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48587
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48587/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48588

Première publication le : 09-08-2023 18:15:12
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48588
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48588/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48589

Première publication le : 09-08-2023 18:15:12
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48589
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48589/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48590

Première publication le : 09-08-2023 18:15:12
Dernière modification le : 09-08-2023 18:53:15

Description :
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48590
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48590/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48591

Première publication le : 09-08-2023 19:15:12
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48591
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48591/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48592

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48592
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48592/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48593

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48593
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48593/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48594

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48594
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48594/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48595

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48595
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48595/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48596

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48596
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48596/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48597

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:16

Description :
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48597
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48597/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48598

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48598
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48598/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48599

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48599
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48599/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48600

Première publication le : 09-08-2023 19:15:13
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48600
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48600/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48601

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48601
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48601/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48602

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48602
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48602/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48603

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48603
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48603/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2022-48604

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE ID : CVE-2022-48604
Source : contact@securifera.com
Score CVSS : 8.8

Références :
https://www.securifera.com/advisories/cve-2022-48604/ | source : contact@securifera.com

Vulnérabilité : CWE-78


Source : adobe.com

Vulnérabilité ID : CVE-2023-38211

Première publication le : 09-08-2023 09:15:13
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-38211
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/dimension/apsb23-44.html | source : psirt@adobe.com

Vulnérabilité : CWE-416


Vulnérabilité ID : CVE-2023-38212

Première publication le : 09-08-2023 09:15:14
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-38212
Source : psirt@adobe.com
Score CVSS : 7.8

Références :
https://helpx.adobe.com/security/products/dimension/apsb23-44.html | source : psirt@adobe.com

Vulnérabilité : CWE-122


Source : google.com

Vulnérabilité ID : CVE-2023-33953

Première publication le : 09-08-2023 13:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…

CVE ID : CVE-2023-33953
Source : cve-coordination@google.com
Score CVSS : 7.5

Références :
https://cloud.google.com/support/bulletins#gcp-2023-022 | source : cve-coordination@google.com

Vulnérabilité : CWE-789
Vulnérabilité : CWE-834


Source : oppo.com

Vulnérabilité ID : CVE-2023-26310

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
There is a command injection problem in the old version of the mobile phone backup app.

CVE ID : CVE-2023-26310
Source : security@oppo.com
Score CVSS : 7.4

Références :
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632 | source : security@oppo.com

Vulnérabilité : CWE-88


Source : hashicorp.com

Vulnérabilité ID : CVE-2023-3518

Première publication le : 09-08-2023 16:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

CVE ID : CVE-2023-3518
Source : security@hashicorp.com
Score CVSS : 7.4

Références :
https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004 | source : security@hashicorp.com

Vulnérabilité : CWE-285


Source : nozominetworks.com

Vulnérabilité ID : CVE-2023-22378

Première publication le : 09-08-2023 09:15:13
Dernière modification le : 09-08-2023 12:46:39

Description :
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

CVE ID : CVE-2023-22378
Source : prodsec@nozominetworks.com
Score CVSS : 7.1

Références :
https://security.nozominetworks.com/NN-2023:2-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-23574

Première publication le : 09-08-2023 09:15:13
Dernière modification le : 09-08-2023 12:46:39

Description :
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

CVE ID : CVE-2023-23574
Source : prodsec@nozominetworks.com
Score CVSS : 7.1

Références :
https://security.nozominetworks.com/NN-2023:3-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-89


(17) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : adobe.com

Vulnérabilité ID : CVE-2023-38209

Première publication le : 09-08-2023 08:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-38209
Source : psirt@adobe.com
Score CVSS : 6.5

Références :
https://helpx.adobe.com/security/products/magento/apsb23-42.html | source : psirt@adobe.com

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-38213

Première publication le : 09-08-2023 09:15:14
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-38213
Source : psirt@adobe.com
Score CVSS : 5.5

Références :
https://helpx.adobe.com/security/products/dimension/apsb23-44.html | source : psirt@adobe.com

Vulnérabilité : CWE-125


Vulnérabilité ID : CVE-2023-38207

Première publication le : 09-08-2023 08:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-38207
Source : psirt@adobe.com
Score CVSS : 5.3

Références :
https://helpx.adobe.com/security/products/magento/apsb23-42.html | source : psirt@adobe.com

Vulnérabilité : CWE-91


Source : nozominetworks.com

Vulnérabilité ID : CVE-2023-24471

Première publication le : 09-08-2023 09:15:13
Dernière modification le : 09-08-2023 12:46:39

Description :
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

CVE ID : CVE-2023-24471
Source : prodsec@nozominetworks.com
Score CVSS : 6.5

Références :
https://security.nozominetworks.com/NN-2023:5-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-22843

Première publication le : 09-08-2023 09:15:13
Dernière modification le : 09-08-2023 12:46:39

Description :
An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim's session.

CVE ID : CVE-2023-22843
Source : prodsec@nozominetworks.com
Score CVSS : 6.4

Références :
https://security.nozominetworks.com/NN-2023:4-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-24477

Première publication le : 09-08-2023 08:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.

CVE ID : CVE-2023-24477
Source : prodsec@nozominetworks.com
Score CVSS : 5.0

Références :
https://security.nozominetworks.com/NN-2023:8-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-384


Vulnérabilité ID : CVE-2023-23903

Première publication le : 09-08-2023 10:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

CVE ID : CVE-2023-23903
Source : prodsec@nozominetworks.com
Score CVSS : 4.9

Références :
https://security.nozominetworks.com/NN-2023:7-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-24015

Première publication le : 09-08-2023 10:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

CVE ID : CVE-2023-24015
Source : prodsec@nozominetworks.com
Score CVSS : 4.3

Références :
https://security.nozominetworks.com/NN-2023:6-01 | source : prodsec@nozominetworks.com

Vulnérabilité : CWE-20


Source : github.com

Vulnérabilité ID : CVE-2023-39531

Première publication le : 09-08-2023 17:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed.

CVE ID : CVE-2023-39531
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/getsentry/sentry/security/advisories/GHSA-hgj4-h2x3-rfx4 | source : security-advisories@github.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-40012

Première publication le : 09-08-2023 16:15:10
Dernière modification le : 09-08-2023 18:05:18

Description :
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a "signed" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.

CVE ID : CVE-2023-40012
Source : security-advisories@github.com
Score CVSS : 5.9

Références :
https://github.com/trailofbits/uthenticode/commit/caeb1eb62412605f71bd96ce9bb9420644b6db53 | source : security-advisories@github.com
https://github.com/trailofbits/uthenticode/pull/78 | source : security-advisories@github.com
https://github.com/trailofbits/uthenticode/security/advisories/GHSA-gm2f-j4rj-6xqj | source : security-advisories@github.com

Vulnérabilité : CWE-325
Vulnérabilité : CWE-347


Source : hcl.com

Vulnérabilité ID : CVE-2023-23346

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.

CVE ID : CVE-2023-23346
Source : psirt@hcl.com
Score CVSS : 6.4

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670 | source : psirt@hcl.com


Vulnérabilité ID : CVE-2023-23347

Première publication le : 09-08-2023 20:15:09
Dernière modification le : 09-08-2023 20:15:09

Description :
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.

CVE ID : CVE-2023-23347
Source : psirt@hcl.com
Score CVSS : 6.4

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106674 | source : psirt@hcl.com


Source : redhat.com

Vulnérabilité ID : CVE-2023-4273

Première publication le : 09-08-2023 15:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.

CVE ID : CVE-2023-4273
Source : secalert@redhat.com
Score CVSS : 6.0

Références :
https://access.redhat.com/security/cve/CVE-2023-4273 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2221609 | source : secalert@redhat.com


Source : se.com

Vulnérabilité ID : CVE-2023-3953

Première publication le : 09-08-2023 15:15:09
Dernière modification le : 09-08-2023 18:05:18

Description :
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.

CVE ID : CVE-2023-3953
Source : cybersecurity@se.com
Score CVSS : 5.3

Références :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf | source : cybersecurity@se.com

Vulnérabilité : CWE-119


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4242

Première publication le : 09-08-2023 04:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.

CVE ID : CVE-2023-4242
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-287


Source : cert.vde.com

Vulnérabilité ID : CVE-2023-37855

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.

CVE ID : CVE-2023-37855
Source : info@cert.vde.com
Score CVSS : 4.3

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-610


Vulnérabilité ID : CVE-2023-37856

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .

CVE ID : CVE-2023-37856
Source : info@cert.vde.com
Score CVSS : 4.3

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-610


(2) Vulnérabilité(s) LOW [0.1, 3.9]

Source : cert.vde.com

Vulnérabilité ID : CVE-2023-37857

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).

CVE ID : CVE-2023-37857
Source : info@cert.vde.com
Score CVSS : 3.8

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-798


Vulnérabilité ID : CVE-2023-37858

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

CVE ID : CVE-2023-37858
Source : info@cert.vde.com
Score CVSS : 3.8

Références :
https://cert.vde.com/en/advisories/VDE-2023-018/ | source : info@cert.vde.com

Vulnérabilité : CWE-798


(31) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-39341

Première publication le : 09-08-2023 03:15:43
Dernière modification le : 09-08-2023 12:47:02

Description :
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

CVE ID : CVE-2023-39341
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN42527152/ | source : vultures@jpcert.or.jp
https://www.ffri.jp/security-info/index.htm | source : vultures@jpcert.or.jp
https://www.skyseaclientview.net/news/230807_01/ | source : vultures@jpcert.or.jp
https://www.soliton.co.jp/support/zerona_notice_2023.html | source : vultures@jpcert.or.jp
https://www.sourcenext.com/support/i/2023/230718_01 | source : vultures@jpcert.or.jp
https://www.support.nec.co.jp/View.aspx?id=3140109240 | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38751

Première publication le : 09-08-2023 04:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.

CVE ID : CVE-2023-38751
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN83334799/ | source : vultures@jpcert.or.jp
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-38752

Première publication le : 09-08-2023 04:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.

CVE ID : CVE-2023-38752
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN83334799/ | source : vultures@jpcert.or.jp
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnérabilité ID : CVE-2023-39910

Première publication le : 09-08-2023 03:15:44
Dernière modification le : 09-08-2023 12:46:53

Description :
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.

CVE ID : CVE-2023-39910
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cpp#L44 | source : cve@mitre.org
https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cpp#L78 | source : cve@mitre.org
https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78 | source : cve@mitre.org
https://milksad.info/disclosure.html | source : cve@mitre.org
https://news.ycombinator.com/item?id=37054862 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31448

Première publication le : 09-08-2023 12:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.

CVE ID : CVE-2023-31448
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31449

Première publication le : 09-08-2023 12:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.

CVE ID : CVE-2023-31449
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31450

Première publication le : 09-08-2023 12:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.

CVE ID : CVE-2023-31450
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31452

Première publication le : 09-08-2023 12:15:09
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.

CVE ID : CVE-2023-31452
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-32781

Première publication le : 09-08-2023 12:15:10
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.

CVE ID : CVE-2023-32781
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-32782

Première publication le : 09-08-2023 12:15:10
Dernière modification le : 09-08-2023 12:46:39

Description :
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.

CVE ID : CVE-2023-32782
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 | source : cve@mitre.org
https://www.paessler.com/prtg/history/stable | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-34545

Première publication le : 09-08-2023 14:15:10
Dernière modification le : 09-08-2023 18:05:18

Description :
A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.

CVE ID : CVE-2023-34545
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/komomon/24d3ea391af6f067c044fa47cb6c20d8 | source : cve@mitre.org
https://www.cszcms.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38997

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

CVE ID : CVE-2023-38997
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/448762d440b51574f1906c0ec2f5ea6dc4f16eb2 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38998

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

CVE ID : CVE-2023-38998
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/6bc025af1705dcdd8ef22ff5d4fcb986fa4e45f8 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38999

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE ID : CVE-2023-38999
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/5d68f43d1f254144831881fc87d885eed120cf3c | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39000

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.

CVE ID : CVE-2023-39000
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/d1f350ce70e477adc86d445f5cda9b24f9ff0168 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39001

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.

CVE ID : CVE-2023-39001
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39002

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-39002
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/a4f6a8f8d604271f81984cfcbba0471af58e34dc | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39003

Première publication le : 09-08-2023 19:15:14
Dernière modification le : 09-08-2023 20:12:10

Description :
OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp.

CVE ID : CVE-2023-39003
Source : cve@mitre.org
Score CVSS : /

Références :
http://opnsense.com | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39004

Première publication le : 09-08-2023 19:15:15
Dernière modification le : 09-08-2023 20:12:10

Description :
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

CVE ID : CVE-2023-39004
Source : cve@mitre.org
Score CVSS : /

Références :
http://opnsense.com | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39005

Première publication le : 09-08-2023 19:15:15
Dernière modification le : 09-08-2023 20:12:10

Description :
Insecure permissions exist for configd.socket in OPNsense before 23.7.

CVE ID : CVE-2023-39005
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/issues/6647 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39006

Première publication le : 09-08-2023 19:15:15
Dernière modification le : 09-08-2023 20:12:10

Description :
The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization.

CVE ID : CVE-2023-39006
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/1c05a19d9d52c7bfa4ac52114935d9fe76d5d181 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39007

Première publication le : 09-08-2023 19:15:15
Dernière modification le : 09-08-2023 20:12:10

Description :
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.

CVE ID : CVE-2023-39007
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39008

Première publication le : 09-08-2023 19:15:15
Dernière modification le : 09-08-2023 20:12:10

Description :
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.

CVE ID : CVE-2023-39008
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5 | source : cve@mitre.org
https://logicaltrust.net/blog/2023/08/opnsense.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33468

Première publication le : 09-08-2023 20:15:10
Dernière modification le : 09-08-2023 20:15:10

Description :
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.

CVE ID : CVE-2023-33468
Source : cve@mitre.org
Score CVSS : /

Références :
http://kramerav.com | source : cve@mitre.org
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33469

Première publication le : 09-08-2023 20:15:10
Dernière modification le : 09-08-2023 20:15:10

Description :
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

CVE ID : CVE-2023-33469
Source : cve@mitre.org
Score CVSS : /

Références :
http://kramerav.com | source : cve@mitre.org
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37068

Première publication le : 09-08-2023 20:15:10
Dernière modification le : 09-08-2023 20:15:10

Description :
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

CVE ID : CVE-2023-37068
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38347

Première publication le : 09-08-2023 20:15:10
Dernière modification le : 09-08-2023 20:15:10

Description :
An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.

CVE ID : CVE-2023-38347
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.sebastianschmitt.eu/security/xss-in-benno-mailarchiv-web-app-benno-rest-lib-cve-2023-38347/ | source : cve@mitre.org
https://wiki.benno-mailarchiv.de/doku.php | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38348

Première publication le : 09-08-2023 20:15:10
Dernière modification le : 09-08-2023 20:15:10

Description :
A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.

CVE ID : CVE-2023-38348
Source : cve@mitre.org
Score CVSS : /

Références :
https://blog.sebastianschmitt.eu/security/xsrf-in-benno-mailarchiv-web-app-benno-web-2-10-2-cve-2023-38348/ | source : cve@mitre.org
https://wiki.benno-mailarchiv.de/doku.php | source : cve@mitre.org


Source : takeonme.org

Vulnérabilité ID : CVE-2023-2905

Première publication le : 09-08-2023 05:15:40
Dernière modification le : 09-08-2023 12:46:53

Description :
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.

CVE ID : CVE-2023-2905
Source : cve@takeonme.org
Score CVSS : /

Références :
https://github.com/cesanta/mongoose/pull/2274 | source : cve@takeonme.org
https://github.com/cesanta/mongoose/releases/tag/7.11 | source : cve@takeonme.org
https://takeonme.org/cves/CVE-2023-2905.html | source : cve@takeonme.org

Vulnérabilité : CWE-122


Source : apache.org

Vulnérabilité ID : CVE-2022-47185

Première publication le : 09-08-2023 07:15:09
Dernière modification le : 09-08-2023 12:46:53

Description :
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

CVE ID : CVE-2022-47185
Source : security@apache.org
Score CVSS : /

Références :
https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc | source : security@apache.org

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-33934

Première publication le : 09-08-2023 07:15:10
Dernière modification le : 09-08-2023 12:46:53

Description :
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

CVE ID : CVE-2023-33934
Source : security@apache.org
Score CVSS : /

Références :
https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc | source : security@apache.org

Vulnérabilité : CWE-20


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.