Dernières vulnérabilités du Vendredi 14 Juillet 2023

Dernières vulnérabilités du Vendredi 14 Juillet 2023
{{titre}}

Dernière mise à jour efféctuée le 14/07/2023 à 15:32:12

(2) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : github.com

Vulnérabilité ID : CVE-2023-37466

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.

CVE ID : CVE-2023-37466
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 | source : security-advisories@github.com

Vulnérabilité : CWE-94


Source : huntr.dev

Vulnérabilité ID : CVE-2023-3668

Première publication le : 14-07-2023 01:15:08
Dernière modification le : 14-07-2023 12:47:21

Description :
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.

CVE ID : CVE-2023-3668
Source : security@huntr.dev
Score CVSS : 9.1

Références :
https://github.com/froxlor/froxlor/commit/03b5a921ff308eeab21bf9d240f27783c8591965 | source : security@huntr.dev
https://huntr.dev/bounties/df8cccf4-a340-440e-a7e0-1b42e757d66e | source : security@huntr.dev

Vulnérabilité : CWE-116


(4) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : starlabs.sg

Vulnérabilité ID : CVE-2023-3513

Première publication le : 14-07-2023 05:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

CVE ID : CVE-2023-3513
Source : info@starlabs.sg
Score CVSS : 7.8

Références :
https://starlabs.sg/advisories/23/23-3513/ | source : info@starlabs.sg

Vulnérabilité : CWE-269Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-3514

Première publication le : 14-07-2023 05:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.

CVE ID : CVE-2023-3514
Source : info@starlabs.sg
Score CVSS : 7.8

Références :
https://starlabs.sg/advisories/23/23-3514/ | source : info@starlabs.sg

Vulnérabilité : CWE-269


Source : huntr.dev

Vulnérabilité ID : CVE-2023-3672

Première publication le : 14-07-2023 10:15:08
Dernière modification le : 14-07-2023 12:47:21

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.

CVE ID : CVE-2023-3672
Source : security@huntr.dev
Score CVSS : 7.3

Références :
https://github.com/plaidweb/webmention.js/commit/3551b66b3e40da37fee89ecf72930c5efdc53011 | source : security@huntr.dev
https://huntr.dev/bounties/75cfb7ad-a75f-45ff-8688-32a9c55179aa | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3673

Première publication le : 14-07-2023 13:15:09
Dernière modification le : 14-07-2023 13:15:09

Description :
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

CVE ID : CVE-2023-3673
Source : security@huntr.dev
Score CVSS : 7.2

Références :
https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9 | source : security@huntr.dev
https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9 | source : security@huntr.dev

Vulnérabilité : CWE-89


(5) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : wordfence.com

Vulnérabilité ID : CVE-2023-2082

Première publication le : 14-07-2023 05:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.

CVE ID : CVE-2023-2082
Source : security@wordfence.com
Score CVSS : 6.4

Références :
https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/admin/class-buy-me-a-coffee-admin.php?rev=2816542 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/buymeacoffee/trunk/includes/class-buy-me-a-coffee.php?rev=2319979#L162 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=%2Fbuymeacoffee%2Ftags%2F3.6&old=2922493&new_path=%2Fbuymeacoffee%2Ftags%2F3.7&new=2922493&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : blacklanternsecurity.com

Vulnérabilité ID : CVE-2023-3433

Première publication le : 14-07-2023 13:15:09
Dernière modification le : 14-07-2023 13:15:09

Description :
The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application.

CVE ID : CVE-2023-3433
Source : cves@blacklanternsecurity.com
Score CVSS : 5.5

Références :
https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities | source : cves@blacklanternsecurity.com
https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10 | source : cves@blacklanternsecurity.com
https://review.jami.net/c/jami-daemon/+/23575 | source : cves@blacklanternsecurity.com

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-3434

Première publication le : 14-07-2023 13:15:09
Dernière modification le : 14-07-2023 13:15:09

Description :
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.

CVE ID : CVE-2023-3434
Source : cves@blacklanternsecurity.com
Score CVSS : 4.4

Références :
https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities | source : cves@blacklanternsecurity.com
https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10 | source : cves@blacklanternsecurity.com
https://review.jami.net/c/jami-client-qt/+/23569 | source : cves@blacklanternsecurity.com

Vulnérabilité : CWE-20


Source : gitlab.com

Vulnérabilité ID : CVE-2023-3648

Première publication le : 14-07-2023 07:15:08
Dernière modification le : 14-07-2023 12:47:21

Description :
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2023-3648
Source : cve@gitlab.com
Score CVSS : 5.3

Références :
https://gitlab.com/wireshark/wireshark/-/issues/19105 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2023-21.html | source : cve@gitlab.com

Vulnérabilité : CWE-762


Vulnérabilité ID : CVE-2023-3649

Première publication le : 14-07-2023 07:15:08
Dernière modification le : 14-07-2023 12:47:21

Description :
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2023-3649
Source : cve@gitlab.com
Score CVSS : 5.3

Références :
https://gitlab.com/wireshark/wireshark/-/issues/19164 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2023-22.html | source : cve@gitlab.com

Vulnérabilité : CWE-126


(0) Vulnérabilité(s) LOW [0.1, 3.9]

(11) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-37714

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.

CVE ID : CVE-2023-37714
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromRouteStatic/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37715

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.

CVE ID : CVE-2023-37715
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fmL7ProtForm/reprot.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37716

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

CVE ID : CVE-2023-37716
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37717

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

CVE ID : CVE-2023-37717
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37718

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.

CVE ID : CVE-2023-37718
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromSafeClientFilter/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37719

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.

CVE ID : CVE-2023-37719
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromP2pListFilter/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37721

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.

CVE ID : CVE-2023-37721
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromSafeMacFilter/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37722

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.

CVE ID : CVE-2023-37722
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromSafeUrlFilter/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37723

Première publication le : 14-07-2023 00:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.

CVE ID : CVE-2023-37723
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromqossetting/report.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38286

Première publication le : 14-07-2023 05:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

CVE ID : CVE-2023-38286
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI | source : cve@mitre.org


Source : openssl.org

Vulnérabilité ID : CVE-2023-2975

Première publication le : 14-07-2023 12:15:09
Dernière modification le : 14-07-2023 12:47:21

Description :
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.

CVE ID : CVE-2023-2975
Source : openssl-security@openssl.org
Score CVSS : /

Références :
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598 | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc | source : openssl-security@openssl.org
https://www.openssl.org/news/secadv/20230714.txt | source : openssl-security@openssl.org


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.