Dernières vulnérabilités du Samedi 2 Septembre 2023

Dernières vulnérabilités du Samedi 2 Septembre 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 02/09/2023 à 23:58:02

(1) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : moxa.com

Vulnérabilité ID : CVE-2023-39979

Première publication le : 02-09-2023 13:15:44
Dernière modification le : 02-09-2023 13:15:44

Description :
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.

CVE ID : CVE-2023-39979
Source : psirt@moxa.com
Score CVSS : 9.8

Références :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities | source : psirt@moxa.com

Vulnérabilité : CWE-334


(6) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : huntr.dev

Vulnérabilité ID : CVE-2023-4734

Première publication le : 02-09-2023 18:15:17
Dernière modification le : 02-09-2023 18:15:17

Description :
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVE ID : CVE-2023-4734
Source : security@huntr.dev
Score CVSS : 7.8

Références :
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 | source : security@huntr.dev
https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217 | source : security@huntr.dev

Vulnérabilité : CWE-190


Vulnérabilité ID : CVE-2023-4736

Première publication le : 02-09-2023 19:15:44
Dernière modification le : 02-09-2023 19:15:44

Description :
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVE ID : CVE-2023-4736
Source : security@huntr.dev
Score CVSS : 7.8

Références :
https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c | source : security@huntr.dev
https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71 | source : security@huntr.dev

Vulnérabilité : CWE-426


Vulnérabilité ID : CVE-2023-4738

Première publication le : 02-09-2023 20:15:07
Dernière modification le : 02-09-2023 20:15:07

Description :
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

CVE ID : CVE-2023-4738
Source : security@huntr.dev
Score CVSS : 7.8

Références :
https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 | source : security@huntr.dev
https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612 | source : security@huntr.dev

Vulnérabilité : CWE-122


Source : moxa.com

Vulnérabilité ID : CVE-2023-39981

Première publication le : 02-09-2023 13:15:45
Dernière modification le : 02-09-2023 13:15:45

Description :
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.

CVE ID : CVE-2023-39981
Source : psirt@moxa.com
Score CVSS : 7.5

Références :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities | source : psirt@moxa.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-39982

Première publication le : 02-09-2023 13:15:45
Dernière modification le : 02-09-2023 13:15:45

Description :
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.

CVE ID : CVE-2023-39982
Source : psirt@moxa.com
Score CVSS : 7.5

Références :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities | source : psirt@moxa.com

Vulnérabilité : CWE-798


Vulnérabilité ID : CVE-2023-39980

Première publication le : 02-09-2023 13:15:45
Dernière modification le : 02-09-2023 13:15:45

Description :
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.

CVE ID : CVE-2023-39980
Source : psirt@moxa.com
Score CVSS : 7.1

Références :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities | source : psirt@moxa.com

Vulnérabilité : CWE-89


(3) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : wordfence.com

Vulnérabilité ID : CVE-2023-4718

Première publication le : 02-09-2023 04:15:09
Dernière modification le : 02-09-2023 04:15:09

Description :
The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4718
Source : security@wordfence.com
Score CVSS : 6.4

Références :
https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L197 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L214 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : moxa.com

Vulnérabilité ID : CVE-2023-39983

Première publication le : 02-09-2023 13:15:45
Dernière modification le : 02-09-2023 13:15:45

Description :
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

CVE ID : CVE-2023-39983
Source : psirt@moxa.com
Score CVSS : 5.3

Références :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities | source : psirt@moxa.com

Vulnérabilité : CWE-915


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4735

Première publication le : 02-09-2023 18:15:20
Dernière modification le : 02-09-2023 18:15:20

Description :
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE ID : CVE-2023-4735
Source : security@huntr.dev
Score CVSS : 4.8

Références :
https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 | source : security@huntr.dev
https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51 | source : security@huntr.dev

Vulnérabilité : CWE-787


(0) Vulnérabilité(s) LOW [0.1, 3.9]

(0) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.