Dernières vulnérabilités du Vendredi 11 Août 2023

Dernières vulnérabilités du Vendredi 11 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 11/08/2023 à 23:58:02

(2) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-40256

Première publication le : 11-08-2023 05:15:42
Dernière modification le : 11-08-2023 12:58:22

Description :
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.

CVE ID : CVE-2023-40256
Source : cve@mitre.org
Score CVSS : 9.8

Références :
https://www.veritas.com/content/support/en_US/security/VTS23-011 | source : cve@mitre.org


Source : php.net

Vulnérabilité ID : CVE-2023-3824

Première publication le : 11-08-2023 06:15:10
Dernière modification le : 11-08-2023 12:58:22

Description :
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.

CVE ID : CVE-2023-3824
Source : security@php.net
Score CVSS : 9.4

Références :
https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv | source : security@php.net

Vulnérabilité : CWE-119


(36) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : intel.com

Vulnérabilité ID : CVE-2023-28380

Première publication le : 11-08-2023 03:15:24
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE ID : CVE-2023-28380
Source : secure@intel.com
Score CVSS : 8.8

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-36392

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.

CVE ID : CVE-2022-36392
Source : secure@intel.com
Score CVSS : 8.6

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-27635

Première publication le : 11-08-2023 03:15:11
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-27635
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-46329

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-46329
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28385

Première publication le : 11-08-2023 03:15:24
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

CVE ID : CVE-2023-28385
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28714

Première publication le : 11-08-2023 03:15:25
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28714
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32617

Première publication le : 11-08-2023 03:15:32
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-32617
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-34086

Première publication le : 11-08-2023 03:15:33
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-34086
Source : secure@intel.com
Score CVSS : 8.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-29887

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE ID : CVE-2022-29887
Source : secure@intel.com
Score CVSS : 8.1

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27515

Première publication le : 11-08-2023 03:15:24
Dernière modification le : 11-08-2023 03:44:51

Description :
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.

CVE ID : CVE-2023-27515
Source : secure@intel.com
Score CVSS : 8.1

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-37336

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-37336
Source : secure@intel.com
Score CVSS : 7.9

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-40964

Première publication le : 11-08-2023 03:15:14
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-40964
Source : secure@intel.com
Score CVSS : 7.9

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-26587

Première publication le : 11-08-2023 03:15:19
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-26587
Source : secure@intel.com
Score CVSS : 7.8

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-36372

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-36372
Source : secure@intel.com
Score CVSS : 7.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22449

Première publication le : 11-08-2023 03:15:17
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-22449
Source : secure@intel.com
Score CVSS : 7.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-25773

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-25773
Source : secure@intel.com
Score CVSS : 7.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-29494

Première publication le : 11-08-2023 03:15:30
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-29494
Source : secure@intel.com
Score CVSS : 7.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-34438

Première publication le : 11-08-2023 03:15:34
Dernière modification le : 11-08-2023 03:44:51

Description :
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-34438
Source : secure@intel.com
Score CVSS : 7.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-45112

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-45112
Source : secure@intel.com
Score CVSS : 7.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-25757

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.

CVE ID : CVE-2023-25757
Source : secure@intel.com
Score CVSS : 7.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-37343

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-37343
Source : secure@intel.com
Score CVSS : 7.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-38102

Première publication le : 11-08-2023 03:15:14
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

CVE ID : CVE-2022-38102
Source : secure@intel.com
Score CVSS : 7.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-41804

Première publication le : 11-08-2023 03:15:15
Dernière modification le : 11-08-2023 03:44:51

Description :
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-41804
Source : secure@intel.com
Score CVSS : 7.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html | source : secure@intel.com


Source : opennms.com

Vulnérabilité ID : CVE-2023-0871

Première publication le : 11-08-2023 17:15:08
Dernière modification le : 11-08-2023 17:20:56

Description :
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

CVE ID : CVE-2023-0871
Source : security@opennms.com
Score CVSS : 8.8

Références :
https://docs.opennms.com/horizon/32/releasenotes/changelog.html | source : security@opennms.com
https://github.com/OpenNMS/opennms/pull/6355 | source : security@opennms.com

Vulnérabilité : CWE-611


Source : php.net

Vulnérabilité ID : CVE-2023-3823

Première publication le : 11-08-2023 06:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.

CVE ID : CVE-2023-3823
Source : security@php.net
Score CVSS : 8.6

Références :
https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr | source : security@php.net


Source : github.com

Vulnérabilité ID : CVE-2023-39945

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.

CVE ID : CVE-2023-39945
Source : security-advisories@github.com
Score CVSS : 8.2

Références :
https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap | source : security-advisories@github.com
https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 | source : security-advisories@github.com

Vulnérabilité : CWE-248


Vulnérabilité ID : CVE-2023-39946

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.

CVE ID : CVE-2023-39946
Source : security-advisories@github.com
Score CVSS : 8.2

Références :
https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx | source : security-advisories@github.com

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2023-39947

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.

CVE ID : CVE-2023-39947
Source : security-advisories@github.com
Score CVSS : 8.2

Références :
https://github.com/eProsima/Fast-DDS/commit/349227005827e8a67a0406b823138b5068cc47dc | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv | source : security-advisories@github.com

Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2023-39534

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.

CVE ID : CVE-2023-39534
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp | source : security-advisories@github.com

Vulnérabilité : CWE-617


Vulnérabilité ID : CVE-2023-39948

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.

CVE ID : CVE-2023-39948
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/issues/3422 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f | source : security-advisories@github.com

Vulnérabilité : CWE-248


Vulnérabilité ID : CVE-2023-39949

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.

CVE ID : CVE-2023-39949
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/issues/3236 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg | source : security-advisories@github.com

Vulnérabilité : CWE-617


Source : mitre.org

Vulnérabilité ID : CVE-2021-28427

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

CVE ID : CVE-2021-28427
Source : cve@mitre.org
Score CVSS : 7.8

Références :
https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-28835

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

CVE ID : CVE-2021-28835
Source : cve@mitre.org
Score CVSS : 7.8

Références :
https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679 | source : cve@mitre.org
https://www.xnview.com/en/xnview/#changelog | source : cve@mitre.org


Source : redhat.com

Vulnérabilité ID : CVE-2023-39417

Première publication le : 11-08-2023 13:15:09
Dernière modification le : 11-08-2023 15:18:19

Description :
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

CVE ID : CVE-2023-39417
Source : secalert@redhat.com
Score CVSS : 7.5

Références :
https://access.redhat.com/security/cve/CVE-2023-39417 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2228111 | source : secalert@redhat.com
https://www.postgresql.org/support/security/CVE-2023-39417 | source : secalert@redhat.com


Source : krcert.or.kr

Vulnérabilité ID : CVE-2023-40254

Première publication le : 11-08-2023 07:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

CVE ID : CVE-2023-40254
Source : vuln@krcert.or.kr
Score CVSS : 7.4

Références :
https://www.genians.co.kr/notice/2023 | source : vuln@krcert.or.kr

Vulnérabilité : CWE-494


Source : snowsoftware.com

Vulnérabilité ID : CVE-2023-3864

Première publication le : 11-08-2023 12:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

CVE ID : CVE-2023-3864
Source : security@snowsoftware.com
Score CVSS : 7.2

Références :
https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC | source : security@snowsoftware.com

Vulnérabilité : CWE-89


(57) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : intel.com

Vulnérabilité ID : CVE-2022-44611

Première publication le : 11-08-2023 03:15:15
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.

CVE ID : CVE-2022-44611
Source : secure@intel.com
Score CVSS : 6.9

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-25864

Première publication le : 11-08-2023 03:15:10
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-25864
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-29470

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-29470
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-29871

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-29871
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-43456

Première publication le : 11-08-2023 03:15:15
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-43456
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22841

Première publication le : 11-08-2023 03:15:17
Dernière modification le : 11-08-2023 03:44:51

Description :
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-22841
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-23577

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-23577
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-24016

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-24016
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-25944

Première publication le : 11-08-2023 03:15:19
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-25944
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27391

Première publication le : 11-08-2023 03:15:21
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-27391
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27505

Première publication le : 11-08-2023 03:15:23
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-27505
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28405

Première publication le : 11-08-2023 03:15:24
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28405
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28658

Première publication le : 11-08-2023 03:15:25
Dernière modification le : 11-08-2023 03:44:51

Description :
Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28658
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28823

Première publication le : 11-08-2023 03:15:26
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28823
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-29151

Première publication le : 11-08-2023 03:15:27
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-29151
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-31246

Première publication le : 11-08-2023 03:15:31
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-31246
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32543

Première publication le : 11-08-2023 03:15:31
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-32543
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32547

Première publication le : 11-08-2023 03:15:32
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-32547
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32663

Première publication le : 11-08-2023 03:15:32
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-32663
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-34355

Première publication le : 11-08-2023 03:15:34
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-34355
Source : secure@intel.com
Score CVSS : 6.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27509

Première publication le : 11-08-2023 03:15:23
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.

CVE ID : CVE-2023-27509
Source : secure@intel.com
Score CVSS : 6.6

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-40982

Première publication le : 11-08-2023 03:15:14
Dernière modification le : 11-08-2023 20:15:09

Description :
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE ID : CVE-2022-40982
Source : secure@intel.com
Score CVSS : 6.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html | source : secure@intel.com
https://access.redhat.com/solutions/7027704 | source : secure@intel.com
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/ | source : secure@intel.com
https://downfall.page | source : secure@intel.com
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html | source : secure@intel.com
https://xenbits.xen.org/xsa/advisory-435.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22276

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.

CVE ID : CVE-2023-22276
Source : secure@intel.com
Score CVSS : 6.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-38083

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2022-38083
Source : secure@intel.com
Score CVSS : 6.1

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27887

Première publication le : 11-08-2023 03:15:24
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-27887
Source : secure@intel.com
Score CVSS : 6.1

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-34657

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2022-34657
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22330

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-22330
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22356

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-22356
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22444

Première publication le : 11-08-2023 03:15:17
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-22444
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-23908

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-23908
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32285

Première publication le : 11-08-2023 03:15:31
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

CVE ID : CVE-2023-32285
Source : secure@intel.com
Score CVSS : 6.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28736

Première publication le : 11-08-2023 03:15:25
Dernière modification le : 11-08-2023 03:44:51

Description :
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28736
Source : secure@intel.com
Score CVSS : 5.7

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-25775

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE ID : CVE-2023-25775
Source : secure@intel.com
Score CVSS : 5.6

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-44612

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.

CVE ID : CVE-2022-44612
Source : secure@intel.com
Score CVSS : 5.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27506

Première publication le : 11-08-2023 03:15:23
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-27506
Source : secure@intel.com
Score CVSS : 5.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28711

Première publication le : 11-08-2023 03:15:25
Dernière modification le : 11-08-2023 03:44:51

Description :
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

CVE ID : CVE-2023-28711
Source : secure@intel.com
Score CVSS : 5.5

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-27879

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2022-27879
Source : secure@intel.com
Score CVSS : 5.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-29500

Première publication le : 11-08-2023 03:15:31
Dernière modification le : 11-08-2023 03:44:51

Description :
Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-29500
Source : secure@intel.com
Score CVSS : 5.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32656

Première publication le : 11-08-2023 03:15:32
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-32656
Source : secure@intel.com
Score CVSS : 5.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-34427

Première publication le : 11-08-2023 03:15:34
Dernière modification le : 11-08-2023 03:44:51

Description :
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-34427
Source : secure@intel.com
Score CVSS : 5.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-32609

Première publication le : 11-08-2023 03:15:32
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-32609
Source : secure@intel.com
Score CVSS : 5.0

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-34349

Première publication le : 11-08-2023 03:15:34
Dernière modification le : 11-08-2023 03:44:51

Description :
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-34349
Source : secure@intel.com
Score CVSS : 4.6

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-41984

Première publication le : 11-08-2023 03:15:15
Dernière modification le : 11-08-2023 03:44:51

Description :
Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.

CVE ID : CVE-2022-41984
Source : secure@intel.com
Score CVSS : 4.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22338

Première publication le : 11-08-2023 03:15:16
Dernière modification le : 11-08-2023 03:44:51

Description :
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-22338
Source : secure@intel.com
Score CVSS : 4.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-27392

Première publication le : 11-08-2023 03:15:23
Dernière modification le : 11-08-2023 03:44:51

Description :
Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-27392
Source : secure@intel.com
Score CVSS : 4.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-29243

Première publication le : 11-08-2023 03:15:27
Dernière modification le : 11-08-2023 03:44:51

Description :
Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.

CVE ID : CVE-2023-29243
Source : secure@intel.com
Score CVSS : 4.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-33867

Première publication le : 11-08-2023 03:15:33
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-33867
Source : secure@intel.com
Score CVSS : 4.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-36351

Première publication le : 11-08-2023 03:15:12
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE ID : CVE-2022-36351
Source : secure@intel.com
Score CVSS : 4.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-25182

Première publication le : 11-08-2023 03:15:18
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-25182
Source : secure@intel.com
Score CVSS : 4.2

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-43505

Première publication le : 11-08-2023 03:15:15
Dernière modification le : 11-08-2023 03:44:51

Description :
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CVE ID : CVE-2022-43505
Source : secure@intel.com
Score CVSS : 4.1

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html | source : secure@intel.com


Source : mattermost.com

Vulnérabilité ID : CVE-2023-4107

Première publication le : 11-08-2023 07:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

CVE ID : CVE-2023-4107
Source : responsibledisclosure@mattermost.com
Score CVSS : 6.7

Références :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnérabilité : CWE-863


Vulnérabilité ID : CVE-2023-4106

Première publication le : 11-08-2023 07:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

CVE ID : CVE-2023-4106
Source : responsibledisclosure@mattermost.com
Score CVSS : 6.3

Références :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-4108

Première publication le : 11-08-2023 07:15:10
Dernière modification le : 11-08-2023 12:58:22

Description :
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged

CVE ID : CVE-2023-4108
Source : responsibledisclosure@mattermost.com
Score CVSS : 4.5

Références :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnérabilité : CWE-532


Source : solarwinds.com

Vulnérabilité ID : CVE-2023-35179

Première publication le : 11-08-2023 00:15:09
Dernière modification le : 11-08-2023 03:44:51

Description :
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.

CVE ID : CVE-2023-35179
Source : psirt@solarwinds.com
Score CVSS : 6.6

Références :
https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-Hotfix-1?language=en_US | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35179 | source : psirt@solarwinds.com

Vulnérabilité : CWE-284


Source : opentext.com

Vulnérabilité ID : CVE-2023-32267

Première publication le : 11-08-2023 14:15:13
Dernière modification le : 11-08-2023 15:18:01

Description :
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.

CVE ID : CVE-2023-32267
Source : security@opentext.com
Score CVSS : 6.4

Références :
https://portal.microfocus.com/s/article/KM000020296?language=en_US | source : security@opentext.com


Source : snowsoftware.com

Vulnérabilité ID : CVE-2023-3937

Première publication le : 11-08-2023 12:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

CVE ID : CVE-2023-3937
Source : security@snowsoftware.com
Score CVSS : 4.8

Références :
https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC | source : security@snowsoftware.com

Vulnérabilité : CWE-79


Source : krcert.or.kr

Vulnérabilité ID : CVE-2023-40253

Première publication le : 11-08-2023 06:15:10
Dernière modification le : 11-08-2023 12:58:22

Description :
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

CVE ID : CVE-2023-40253
Source : vuln@krcert.or.kr
Score CVSS : 4.4

Références :
https://www.genians.co.kr/notice/2023 | source : vuln@krcert.or.kr

Vulnérabilité : CWE-287


(12) Vulnérabilité(s) LOW [0.1, 3.9]

Source : huntr.dev

Vulnérabilité ID : CVE-2023-4304

Première publication le : 11-08-2023 01:15:09
Dernière modification le : 11-08-2023 03:44:51

Description :
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

CVE ID : CVE-2023-4304
Source : security@huntr.dev
Score CVSS : 3.8

Références :
https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597 | source : security@huntr.dev
https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9 | source : security@huntr.dev

Vulnérabilité : CWE-840


Source : intel.com

Vulnérabilité ID : CVE-2022-38076

Première publication le : 11-08-2023 03:15:13
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2022-38076
Source : secure@intel.com
Score CVSS : 3.8

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-28938

Première publication le : 11-08-2023 03:15:27
Dernière modification le : 11-08-2023 03:44:51

Description :
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

CVE ID : CVE-2023-28938
Source : secure@intel.com
Score CVSS : 3.4

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html | source : secure@intel.com


Vulnérabilité ID : CVE-2022-38973

Première publication le : 11-08-2023 03:15:14
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.

CVE ID : CVE-2022-38973
Source : secure@intel.com
Score CVSS : 3.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-22840

Première publication le : 11-08-2023 03:15:17
Dernière modification le : 11-08-2023 03:44:51

Description :
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.

CVE ID : CVE-2023-22840
Source : secure@intel.com
Score CVSS : 3.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-30760

Première publication le : 11-08-2023 03:15:31
Dernière modification le : 11-08-2023 03:44:51

Description :
Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVE ID : CVE-2023-30760
Source : secure@intel.com
Score CVSS : 3.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Vulnérabilité ID : CVE-2023-33877

Première publication le : 11-08-2023 03:15:33
Dernière modification le : 11-08-2023 03:44:51

Description :
Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-33877
Source : secure@intel.com
Score CVSS : 3.3

Références :
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html | source : secure@intel.com


Source : hcl.com

Vulnérabilité ID : CVE-2023-37511

Première publication le : 11-08-2023 01:15:08
Dernière modification le : 11-08-2023 03:44:51

Description :
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.

CVE ID : CVE-2023-37511
Source : psirt@hcl.com
Score CVSS : 3.5

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106690 | source : psirt@hcl.com


Vulnérabilité ID : CVE-2023-37512

Première publication le : 11-08-2023 01:15:09
Dernière modification le : 11-08-2023 03:44:51

Description :
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

CVE ID : CVE-2023-37512
Source : psirt@hcl.com
Score CVSS : 3.3

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106691 | source : psirt@hcl.com


Vulnérabilité ID : CVE-2023-37513

Première publication le : 11-08-2023 01:15:09
Dernière modification le : 11-08-2023 03:44:51

Description :
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

CVE ID : CVE-2023-37513
Source : psirt@hcl.com
Score CVSS : 3.3

Références :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106692 | source : psirt@hcl.com


Source : mattermost.com

Vulnérabilité ID : CVE-2023-4105

Première publication le : 11-08-2023 07:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

CVE ID : CVE-2023-4105
Source : responsibledisclosure@mattermost.com
Score CVSS : 3.1

Références :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnérabilité : CWE-862


Source : redhat.com

Vulnérabilité ID : CVE-2023-39418

Première publication le : 11-08-2023 13:15:09
Dernière modification le : 11-08-2023 15:18:19

Description :
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CVE ID : CVE-2023-39418
Source : secalert@redhat.com
Score CVSS : 3.1

Références :
https://access.redhat.com/security/cve/CVE-2023-39418 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2228112 | source : secalert@redhat.com
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 | source : secalert@redhat.com
https://www.postgresql.org/support/security/CVE-2023-39418/ | source : secalert@redhat.com


(50) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-40260

Première publication le : 11-08-2023 06:15:10
Dernière modification le : 11-08-2023 12:58:22

Description :
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.

CVE ID : CVE-2023-40260
Source : cve@mitre.org
Score CVSS : /

Références :
https://seclists.org/fulldisclosure/2023/Aug/3 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40267

Première publication le : 11-08-2023 07:15:09
Dernière modification le : 11-08-2023 12:58:22

Description :
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

CVE ID : CVE-2023-40267
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd | source : cve@mitre.org
https://github.com/gitpython-developers/GitPython/pull/1609 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-19952

Première publication le : 11-08-2023 14:15:09
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

CVE ID : CVE-2020-19952
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 | source : cve@mitre.org
https://github.com/jbt/markdown-editor/issues/106 | source : cve@mitre.org
https://github.com/jbt/markdown-editor/pull/110 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-20523

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

CVE ID : CVE-2020-20523
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/GilaCMS/gila/issues/41 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-23595

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.

CVE ID : CVE-2020-23595
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/yzmcms/yzmcms/issues/47 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24075

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

CVE ID : CVE-2020-24075
Source : cve@mitre.org
Score CVSS : /

Références :
https://documentation.laborator.co/kb/kalium/kalium-changelog/#version-3-0-4-jun-23-2020 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24187

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).

CVE ID : CVE-2020-24187
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Aurorainfinity/Poc/tree/master/jerryscript/NULL-dereference-ecma_get_lex_env_type | source : cve@mitre.org
https://github.com/jerryscript-project/jerryscript/issues/4076 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24221

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

CVE ID : CVE-2020-24221
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/miniupnp/ngiflib/issues/17 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24222

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

CVE ID : CVE-2020-24222
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/rockcarry/ffjpeg/issues/31 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24804

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

CVE ID : CVE-2020-24804
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/cms-dev/cms/issues/1160 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24872

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.

CVE ID : CVE-2020-24872
Source : cve@mitre.org
Score CVSS : /

Références :
https://lepton-cms.org/posts/new-security-release-144.php | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24904

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

CVE ID : CVE-2020-24904
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/davesteele/gnome-gmail/issues/84 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24922

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

CVE ID : CVE-2020-24922
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/xuxueli/xxl-job/issues/1921 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-24950

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:19

Description :
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

CVE ID : CVE-2020-24950
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/daylightstudio/FUEL-CMS/issues/562 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-25915

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:06

Description :
Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

CVE ID : CVE-2020-25915
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/thinkcmf/thinkcmf/issues/675 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-27449

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:06

Description :
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

CVE ID : CVE-2020-27449
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugbounty.zoho.com/bb/#/bug/101000003619211 | source : cve@mitre.org
https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-27514

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:06

Description :
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).

CVE ID : CVE-2020-27514
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/94fzb/zrlog/issues/66 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-27544

Première publication le : 11-08-2023 14:15:10
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.

CVE ID : CVE-2020-27544
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FoldingAtHome/fah-control/commit/9b619ae64443997948a36dda01b420578de1af77 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-28717

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

CVE ID : CVE-2020-28717
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/kindsoft/kindeditor/issues/321 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-28840

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).

CVE ID : CVE-2020-28840
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820 | source : cve@mitre.org
https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2 | source : cve@mitre.org
https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da | source : cve@mitre.org
https://github.com/Matthias-Wandel/jhead/issues/8 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-28848

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.

CVE ID : CVE-2020-28848
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/ChurchCRM/CRM/issues/5465 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-28849

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

CVE ID : CVE-2020-28849
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/ChurchCRM/CRM/issues/5477 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-35139

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

CVE ID : CVE-2020-35139
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/faucetsdn/ryu/issues/118 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-35141

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

CVE ID : CVE-2020-35141
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/faucetsdn/ryu/issues/118 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-35990

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

CVE ID : CVE-2020-35990
Source : cve@mitre.org
Score CVSS : /

Références :
http://foxit.com | source : cve@mitre.org
https://www.foxitsoftware.com/support/security-bulletins.php | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36023

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVE ID : CVE-2020-36023
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36024

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

CVE ID : CVE-2020-36024
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36034

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

CVE ID : CVE-2020-36034
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/TCSWT/School-Faculty-Scheduling-System | source : cve@mitre.org
https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code | source : cve@mitre.org
https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36037

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

CVE ID : CVE-2020-36037
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/wuzhicms/wuzhicms/issues/192 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36082

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

CVE ID : CVE-2020-36082
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/alexlang24/bloofoxCMS/issues/7 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36136

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.

CVE ID : CVE-2020-36136
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/cskaza/cszcms/issues/26 | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-36138

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

CVE ID : CVE-2020-36138
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97 | source : cve@mitre.org
https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-November/272001.html | source : cve@mitre.org
https://trac.ffmpeg.org/ticket/8960 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-25786

Première publication le : 11-08-2023 14:15:11
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE ID : CVE-2021-25786
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/qpdf/qpdf/issues/492 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-25856

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:06

Description :
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.

CVE ID : CVE-2021-25856
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/pcmt/superMicro-CMS/issues/1 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-25857

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.

CVE ID : CVE-2021-25857
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/pcmt/superMicro-CMS/issues/2 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-26504

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.

CVE ID : CVE-2021-26504
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Foddy/node-red-contrib-huemagic/issues/217 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-26505

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.

CVE ID : CVE-2021-26505
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/MrSwitch/hello.js/issues/634 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-27523

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.

CVE ID : CVE-2021-27523
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/open-falcon/dashboard/issues/153 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-27524

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.

CVE ID : CVE-2021-27524
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/margox/braft-editor/issues/880 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-28025

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

CVE ID : CVE-2021-28025
Source : cve@mitre.org
Score CVSS : /

Références :
https://bugreports.qt.io/browse/QTBUG-91507 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-28411

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.

CVE ID : CVE-2021-28411
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lerry903/RuoYi/issues/20 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-28429

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.

CVE ID : CVE-2021-28429
Source : cve@mitre.org
Score CVSS : /

Références :
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c94875471e3ba3dc396c6919ff3ec9b14539cd71 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-29057

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.

CVE ID : CVE-2021-29057
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/SUCHMOKUO/node-worker-threads-pool/issues/20 | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-29378

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.

CVE ID : CVE-2021-29378
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-3236

Première publication le : 11-08-2023 14:15:12
Dernière modification le : 11-08-2023 15:18:01

Description :
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

CVE ID : CVE-2021-3236
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/vim/vim/issues/7674 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-22955

Première publication le : 11-08-2023 20:15:14
Dernière modification le : 11-08-2023 20:15:14

Description :
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

CVE ID : CVE-2023-22955
Source : cve@mitre.org
Score CVSS : /

Références :
https://syss.de | source : cve@mitre.org
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-055.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-22956

Première publication le : 11-08-2023 20:15:14
Dernière modification le : 11-08-2023 20:15:14

Description :
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

CVE ID : CVE-2023-22956
Source : cve@mitre.org
Score CVSS : /

Références :
https://syss.de | source : cve@mitre.org
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-054.txt | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-22957

Première publication le : 11-08-2023 20:15:14
Dernière modification le : 11-08-2023 20:15:14

Description :
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.

CVE ID : CVE-2023-22957
Source : cve@mitre.org
Score CVSS : /

Références :
https://syss.de | source : cve@mitre.org
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-052.txt | source : cve@mitre.org


Source : apache.org

Vulnérabilité ID : CVE-2023-39553

Première publication le : 11-08-2023 08:15:09
Dernière modification le : 11-08-2023 15:15:10

Description :
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

CVE ID : CVE-2023-39553
Source : security@apache.org
Score CVSS : /

Références :
http://www.openwall.com/lists/oss-security/2023/08/11/1 | source : security@apache.org
https://github.com/apache/airflow/pull/33074 | source : security@apache.org
https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf | source : security@apache.org

Vulnérabilité : CWE-20


Source : wordfence.com

Vulnérabilité ID : CVE-2022-3403

Première publication le : 11-08-2023 13:15:09
Dernière modification le : 11-08-2023 13:15:09

Description :
** REJECT ** Duplicate, please use CVE-2023-28931 instead.

CVE ID : CVE-2022-3403
Source : security@wordfence.com
Score CVSS : /

Références :


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.