Dernières vulnérabilités du Vendredi 25 Août 2023

Dernières vulnérabilités du Vendredi 25 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 25/08/2023 à 23:58:08

(2) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : cert.org.tw

Vulnérabilité ID : CVE-2023-32757

Première publication le : 25-08-2023 08:15:07
Dernière modification le : 25-08-2023 12:47:00

Description :
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

CVE ID : CVE-2023-32757
Source : twcert@cert.org.tw
Score CVSS : 9.8

Références :
https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-434


Source : github.com

Vulnérabilité ID : CVE-2023-40571

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.

CVE ID : CVE-2023-40571
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/dream0x01/weblogic-framework/releases/tag/v0.2.4 | source : security-advisories@github.com
https://github.com/dream0x01/weblogic-framework/security/advisories/GHSA-hjwj-4f3q-44h3 | source : security-advisories@github.com

Vulnérabilité : CWE-502


(12) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : github.com

Vulnérabilité ID : CVE-2023-40580

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.

CVE ID : CVE-2023-40580
Source : security-advisories@github.com
Score CVSS : 8.1

Références :
https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee | source : security-advisories@github.com
https://github.com/stellar/freighter/pull/948 | source : security-advisories@github.com
https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-40031

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.

CVE ID : CVE-2023-40031
Source : security-advisories@github.com
Score CVSS : 7.8

Références :
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ | source : security-advisories@github.com

Vulnérabilité : CWE-120
Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2023-40577

Première publication le : 25-08-2023 01:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.

CVE ID : CVE-2023-40577
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-40583

Première publication le : 25-08-2023 21:15:09
Dernière modification le : 25-08-2023 21:15:09

Description :
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.

CVE ID : CVE-2023-40583
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/libp2p/go-libp2p/commit/45d3c6fff662ddd6938982e7e9309ad5fa2ad8dd | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/releases/tag/v0.27.4 | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/releases/tag/v0.27.7 | source : security-advisories@github.com
https://github.com/libp2p/go-libp2p/security/advisories/GHSA-gcq9-qqwx-rgj3 | source : security-advisories@github.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-40586

Première publication le : 25-08-2023 21:15:09
Dernière modification le : 25-08-2023 21:15:09

Description :
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.

CVE ID : CVE-2023-40586
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c | source : security-advisories@github.com
https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h | source : security-advisories@github.com

Vulnérabilité : CWE-400


Vulnérabilité ID : CVE-2023-40585

Première publication le : 25-08-2023 21:15:09
Dernière modification le : 25-08-2023 21:15:09

Description :
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.

CVE ID : CVE-2023-40585
Source : security-advisories@github.com
Score CVSS : 7.3

Références :
https://github.com/metal3-io/ironic-image/commit/f64bb6ce0945bbfb30d9965f98149ea183311de9 | source : security-advisories@github.com
https://github.com/metal3-io/ironic-image/security/advisories/GHSA-jwpr-9fwh-m4g7 | source : security-advisories@github.com

Vulnérabilité : CWE-306


Source : m-files.com

Vulnérabilité ID : CVE-2023-3406

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server

CVE ID : CVE-2023-3406
Source : security@m-files.com
Score CVSS : 7.7

Références :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406 | source : security@m-files.com

Vulnérabilité : CWE-22


Source : cert.org.tw

Vulnérabilité ID : CVE-2023-32756

Première publication le : 25-08-2023 08:15:07
Dernière modification le : 25-08-2023 12:47:00

Description :
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service.

CVE ID : CVE-2023-32756
Source : twcert@cert.org.tw
Score CVSS : 7.5

Références :
https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-22


Source : patchstack.com

Vulnérabilité ID : CVE-2023-32518

Première publication le : 25-08-2023 09:15:07
Dernière modification le : 25-08-2023 12:47:00

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions.

CVE ID : CVE-2023-32518
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wp-chinese-conversion/wordpress-wp-chinese-conversion-plugin-1-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32598

Première publication le : 25-08-2023 12:15:07
Dernière modification le : 25-08-2023 12:47:00

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.

CVE ID : CVE-2023-32598
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/featured-image-pro/wordpress-featured-image-pro-post-grid-plugin-5-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32603

Première publication le : 25-08-2023 12:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.

CVE ID : CVE-2023-32603
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32797

Première publication le : 25-08-2023 12:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.

CVE ID : CVE-2023-32797
Source : audit@patchstack.com
Score CVSS : 7.1

Références :
https://patchstack.com/database/vulnerability/wp-responsive-video-gallery-with-lightbox/wordpress-video-carousel-slider-with-lightbox-plugin-1-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


(26) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : zte.com.cn

Vulnérabilité ID : CVE-2023-25649

Première publication le : 25-08-2023 10:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

CVE ID : CVE-2023-25649
Source : psirt@zte.com.cn
Score CVSS : 6.8

Références :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544 | source : psirt@zte.com.cn

Vulnérabilité : CWE-77


Source : patchstack.com

Vulnérabilité ID : CVE-2023-32576

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.

CVE ID : CVE-2023-32576
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-25981

Première publication le : 25-08-2023 10:15:09
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.

CVE ID : CVE-2023-25981
Source : audit@patchstack.com
Score CVSS : 6.5

Références :
https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32577

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.

CVE ID : CVE-2023-32577
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/devbuddy-twitter-feed/wordpress-devbuddy-twitter-feed-plugin-4-0-0-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32584

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.

CVE ID : CVE-2023-32584
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/ebecas/wordpress-ebecas-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32591

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.

CVE ID : CVE-2023-32591
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/d-bargain/wordpress-dbargain-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-24394

Première publication le : 25-08-2023 11:15:07
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

CVE ID : CVE-2023-24394
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/iframe-popup/wordpress-iframe-popup-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32575

Première publication le : 25-08-2023 11:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.

CVE ID : CVE-2023-32575
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32595

Première publication le : 25-08-2023 11:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.

CVE ID : CVE-2023-32595
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/fast-search-powered-by-solr/wordpress-sunny-search-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-32596

Première publication le : 25-08-2023 11:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.

CVE ID : CVE-2023-32596
Source : audit@patchstack.com
Score CVSS : 5.9

Références :
https://patchstack.com/database/vulnerability/weebotlite/wordpress-weebotlite-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnérabilité : CWE-79


Source : m-files.com

Vulnérabilité ID : CVE-2023-3425

Première publication le : 25-08-2023 09:15:08
Dernière modification le : 25-08-2023 12:47:00

Description :
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

CVE ID : CVE-2023-3425
Source : security@m-files.com
Score CVSS : 6.5

Références :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425 | source : security@m-files.com

Vulnérabilité : CWE-125


Source : redhat.com

Vulnérabilité ID : CVE-2023-38201

Première publication le : 25-08-2023 17:15:08
Dernière modification le : 25-08-2023 17:51:53

Description :
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

CVE ID : CVE-2023-38201
Source : secalert@redhat.com
Score CVSS : 6.5

Références :
https://access.redhat.com/security/cve/CVE-2023-38201 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2222693 | source : secalert@redhat.com
https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a | source : secalert@redhat.com
https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww | source : secalert@redhat.com


Source : github.com

Vulnérabilité ID : CVE-2023-40579

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.

CVE ID : CVE-2023-40579
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/openfga/openfga/releases/tag/v1.3.1 | source : security-advisories@github.com
https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp | source : security-advisories@github.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-32678

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.

CVE ID : CVE-2023-32678
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj | source : security-advisories@github.com
https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3 | source : security-advisories@github.com

Vulnérabilité : CWE-285


Vulnérabilité ID : CVE-2023-40036

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

CVE ID : CVE-2023-40036
Source : security-advisories@github.com
Score CVSS : 5.5

Références :
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ | source : security-advisories@github.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-40164

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

CVE ID : CVE-2023-40164
Source : security-advisories@github.com
Score CVSS : 5.5

Références :
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ | source : security-advisories@github.com

Vulnérabilité : CWE-120


Vulnérabilité ID : CVE-2023-40166

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

CVE ID : CVE-2023-40166
Source : security-advisories@github.com
Score CVSS : 5.5

Références :
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ | source : security-advisories@github.com

Vulnérabilité : CWE-120
Vulnérabilité : CWE-122


Vulnérabilité ID : CVE-2023-40179

Première publication le : 25-08-2023 01:15:08
Dernière modification le : 25-08-2023 03:55:07

Description :
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.

CVE ID : CVE-2023-40179
Source : security-advisories@github.com
Score CVSS : 5.3

Références :
https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-789j-chfj-58hr | source : security-advisories@github.com

Vulnérabilité : CWE-204


Vulnérabilité ID : CVE-2023-40570

Première publication le : 25-08-2023 01:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.

CVE ID : CVE-2023-40570
Source : security-advisories@github.com
Score CVSS : 5.3

Références :
https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74 | source : security-advisories@github.com
https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq | source : security-advisories@github.com

Vulnérabilité : CWE-213


Vulnérabilité ID : CVE-2023-40587

Première publication le : 25-08-2023 21:15:09
Dernière modification le : 25-08-2023 21:15:09

Description :
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.

CVE ID : CVE-2023-40587
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 | source : security-advisories@github.com
https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 | source : security-advisories@github.com
https://github.com/python/cpython/issues/106242 | source : security-advisories@github.com
https://github.com/python/cpython/pull/106816 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4520

Première publication le : 25-08-2023 03:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.

CVE ID : CVE-2023-4520
Source : security@wordfence.com
Score CVSS : 5.4

Références :
https://plugins.trac.wordpress.org/browser/fv-wordpress-flowplayer/tags/7.5.36.7212/models/custom-videos.php#L341 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2957322/fv-wordpress-flowplayer#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-79


Source : cert.org.tw

Vulnérabilité ID : CVE-2023-32755

Première publication le : 25-08-2023 07:15:08
Dernière modification le : 25-08-2023 12:47:05

Description :
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.

CVE ID : CVE-2023-32755
Source : twcert@cert.org.tw
Score CVSS : 5.3

Références :
https://www.twcert.org.tw/tw/cp-132-7328-d4112-1.html | source : twcert@cert.org.tw

Vulnérabilité : CWE-209


Source : esri.com

Vulnérabilité ID : CVE-2023-25848

Première publication le : 25-08-2023 19:15:08
Dernière modification le : 25-08-2023 19:15:08

Description :
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.

CVE ID : CVE-2023-25848
Source : psirt@esri.com
Score CVSS : 5.3

Références :
https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-map-and-feature-service-security-2023-update-1-patch/ | source : psirt@esri.com

Vulnérabilité : CWE-319


Source : jetbrains.com

Vulnérabilité ID : CVE-2023-41248

Première publication le : 25-08-2023 13:15:07
Dernière modification le : 25-08-2023 13:15:24

Description :
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

CVE ID : CVE-2023-41248
Source : security@jetbrains.com
Score CVSS : 4.6

Références :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : security@jetbrains.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-41249

Première publication le : 25-08-2023 13:15:07
Dernière modification le : 25-08-2023 13:15:24

Description :
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

CVE ID : CVE-2023-41249
Source : security@jetbrains.com
Score CVSS : 4.6

Références :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : security@jetbrains.com

Vulnérabilité : CWE-79


Source : mattermost.com

Vulnérabilité ID : CVE-2023-4478

Première publication le : 25-08-2023 10:15:09
Dernière modification le : 25-08-2023 12:47:00

Description :
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

CVE ID : CVE-2023-4478
Source : responsibledisclosure@mattermost.com
Score CVSS : 4.3

Références :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnérabilité : CWE-74


(3) Vulnérabilité(s) LOW [0.1, 3.9]

Source : github.com

Vulnérabilité ID : CVE-2023-40182

Première publication le : 25-08-2023 01:15:08
Dernière modification le : 25-08-2023 03:55:07

Description :
Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

CVE ID : CVE-2023-40182
Source : security-advisories@github.com
Score CVSS : 3.7

Références :
https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-9684-6j5x-ccx9 | source : security-advisories@github.com

Vulnérabilité : CWE-208


Source : jetbrains.com

Vulnérabilité ID : CVE-2023-41250

Première publication le : 25-08-2023 13:15:07
Dernière modification le : 25-08-2023 13:15:24

Description :
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

CVE ID : CVE-2023-41250
Source : security@jetbrains.com
Score CVSS : 3.5

Références :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : security@jetbrains.com

Vulnérabilité : CWE-79


Source : vuldb.com

Vulnérabilité ID : CVE-2023-4534

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4534
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.238026 | source : cna@vuldb.com
https://vuldb.com/?id.238026 | source : cna@vuldb.com

Vulnérabilité : CWE-79


(36) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-39699

Première publication le : 25-08-2023 00:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.

CVE ID : CVE-2023-39699
Source : cve@mitre.org
Score CVSS : /

Références :
https://cwe.mitre.org/data/definitions/98.html | source : cve@mitre.org
https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU | source : cve@mitre.org
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39700

Première publication le : 25-08-2023 00:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

CVE ID : CVE-2023-39700
Source : cve@mitre.org
Score CVSS : /

Références :
https://cwe.mitre.org/data/definitions/79.html | source : cve@mitre.org
https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y | source : cve@mitre.org
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38973

Première publication le : 25-08-2023 01:15:08
Dernière modification le : 25-08-2023 03:55:07

Description :
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

CVE ID : CVE-2023-38973
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/anh91/uasoft-indonesia--badaso/blob/main/xss5.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38974

Première publication le : 25-08-2023 01:15:08
Dernière modification le : 25-08-2023 03:55:07

Description :
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.

CVE ID : CVE-2023-38974
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS4.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40217

Première publication le : 25-08-2023 01:15:09
Dernière modification le : 25-08-2023 03:55:07

Description :
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVE ID : CVE-2023-40217
Source : cve@mitre.org
Score CVSS : /

Références :
https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ | source : cve@mitre.org
https://www.python.org/dev/security/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41173

Première publication le : 25-08-2023 07:15:09
Dernière modification le : 25-08-2023 12:47:00

Description :
AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

CVE ID : CVE-2023-41173
Source : cve@mitre.org
Score CVSS : /

Références :
https://adguard-dns.io/en/versions.html#2.2 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39742

Première publication le : 25-08-2023 14:15:09
Dernière modification le : 25-08-2023 14:45:01

Description :
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

CVE ID : CVE-2023-39742
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084 | source : cve@mitre.org
https://sourceforge.net/p/giflib/bugs/166/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-41167

Première publication le : 25-08-2023 14:15:10
Dernière modification le : 25-08-2023 14:45:01

Description :
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads.

CVE ID : CVE-2023-41167
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6 | source : cve@mitre.org
https://webiny.com | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40799

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.

CVE ID : CVE-2023-40799
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/blob/main/Tenda/AC23/sub_450A4C | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40800

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.

CVE ID : CVE-2023-40800
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40801

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn

CVE ID : CVE-2023-40801
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_451784 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40802

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn

CVE ID : CVE-2023-40802
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/get_parentControl_list_Info | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40915

Première publication le : 25-08-2023 15:15:09
Dernière modification le : 25-08-2023 17:51:53

Description :
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

CVE ID : CVE-2023-40915
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Korey0sh1/IoT_vuln/blob/main/Tenda/AX3/form_fast_setting_wifi_set.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2020-11711

Première publication le : 25-08-2023 16:15:07
Dernière modification le : 25-08-2023 17:51:53

Description :
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

CVE ID : CVE-2020-11711
Source : cve@mitre.org
Score CVSS : /

Références :
https://advisories.stormshield.eu/2020-011/ | source : cve@mitre.org
https://twitter.com/_ACKNAK_ | source : cve@mitre.org
https://www.digitemis.com/category/blog/actualite/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40796

Première publication le : 25-08-2023 16:15:08
Dernière modification le : 25-08-2023 17:51:53

Description :
Phicomm k2 v22.6.529.216 is vulnerable to command injection.

CVE ID : CVE-2023-40796
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Phicomm/k2 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40797

Première publication le : 25-08-2023 16:15:08
Dernière modification le : 25-08-2023 17:51:53

Description :
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.

CVE ID : CVE-2023-40797
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-40798

Première publication le : 25-08-2023 16:15:08
Dernière modification le : 25-08-2023 17:51:53

Description :
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.

CVE ID : CVE-2023-40798
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter | source : cve@mitre.org


Vulnérabilité ID : CVE-2021-27932

Première publication le : 25-08-2023 20:15:07
Dernière modification le : 25-08-2023 20:15:07

Description :
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.

CVE ID : CVE-2021-27932
Source : cve@mitre.org
Score CVSS : /

Références :
https://advisories.stormshield.eu | source : cve@mitre.org
https://advisories.stormshield.eu/2021-004/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-24620

Première publication le : 25-08-2023 20:15:07
Dernière modification le : 25-08-2023 20:15:07

Description :
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

CVE ID : CVE-2023-24620
Source : cve@mitre.org
Score CVSS : /

Références :
https://contrastsecurity.com | source : cve@mitre.org
https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md | source : cve@mitre.org
https://github.com/EsotericSoftware | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-24621

Première publication le : 25-08-2023 20:15:07
Dernière modification le : 25-08-2023 20:15:07

Description :
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.

CVE ID : CVE-2023-24621
Source : cve@mitre.org
Score CVSS : /

Références :
https://contrastsecurity.com | source : cve@mitre.org
https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md | source : cve@mitre.org
https://github.com/EsotericSoftware | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36198

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.

CVE ID : CVE-2023-36198
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/skalenetwork/sgxwallet/issues/419 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36199

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.

CVE ID : CVE-2023-36199
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/skalenetwork/sgxwallet/issues/419 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37249

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.

CVE ID : CVE-2023-37249
Source : cve@mitre.org
Score CVSS : /

Références :
https://community.infoblox.com/t5/trending-kb-articles/nios-is-vulnerable-to-cve-2023-37249/ba-p/32190 | source : cve@mitre.org
https://infoblox.com | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39600

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

CVE ID : CVE-2023-39600
Source : cve@mitre.org
Score CVSS : /

Références :
http://icewrap.com | source : cve@mitre.org
https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39707

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.

CVE ID : CVE-2023-39707
Source : cve@mitre.org
Score CVSS : /

Références :
https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707 | source : cve@mitre.org
https://www.sourcecodester.com/ | source : cve@mitre.org
https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38710

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.

CVE ID : CVE-2023-38710
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/libreswan/libreswan/tags | source : cve@mitre.org
https://libreswan.org/security/CVE-2023-38710/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38711

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.

CVE ID : CVE-2023-38711
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/libreswan/libreswan/tags | source : cve@mitre.org
https://libreswan.org/security/CVE-2023-38711/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38712

Première publication le : 25-08-2023 21:15:08
Dernière modification le : 25-08-2023 21:15:08

Description :
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

CVE ID : CVE-2023-38712
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/libreswan/libreswan/tags | source : cve@mitre.org
https://libreswan.org/security/CVE-2023-38712/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-40599

Première publication le : 25-08-2023 03:15:08
Dernière modification le : 25-08-2023 03:55:07

Description :
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.

CVE ID : CVE-2023-40599
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN86484824/ | source : vultures@jpcert.or.jp
https://www.synck.com/blogs/news/newsroom/detail_1691668841.html | source : vultures@jpcert.or.jp


Vulnérabilité ID : CVE-2023-40530

Première publication le : 25-08-2023 04:15:10
Dernière modification le : 25-08-2023 12:47:05

Description :
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

CVE ID : CVE-2023-40530
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478 | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN03447226/ | source : vultures@jpcert.or.jp
https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto | source : vultures@jpcert.or.jp


Source : google.com

Vulnérabilité ID : CVE-2022-4452

Première publication le : 25-08-2023 15:15:08
Dernière modification le : 25-08-2023 17:51:53

Description :
Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2022-4452
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://bugs.chromium.org/p/chromium/issues/detail?id=1372457 | source : chrome-cve-admin@google.com
https://crbug.com/1372457 | source : chrome-cve-admin@google.com


Vulnérabilité ID : CVE-2019-13689

Première publication le : 25-08-2023 19:15:07
Dernière modification le : 25-08-2023 19:15:07

Description :
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

CVE ID : CVE-2019-13689
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://bugs.chromium.org/p/chromium/issues/detail?id=960109 | source : chrome-cve-admin@google.com
https://crbug.com/960109 | source : chrome-cve-admin@google.com


Vulnérabilité ID : CVE-2019-13690

Première publication le : 25-08-2023 19:15:08
Dernière modification le : 25-08-2023 19:15:08

Description :
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

CVE ID : CVE-2019-13690
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://bugs.chromium.org/p/chromium/issues/detail?id=960111 | source : chrome-cve-admin@google.com
https://crbug.com/960111 | source : chrome-cve-admin@google.com


Source : github.com

Vulnérabilité ID : CVE-2023-40568

Première publication le : 25-08-2023 20:15:08
Dernière modification le : 25-08-2023 20:15:08

Description :
** REJECT ** GitHub has been informed that the requestor is working with another CNA for these vulnerabilities.

CVE ID : CVE-2023-40568
Source : security-advisories@github.com
Score CVSS : /

Références :


Source : takeonme.org

Vulnérabilité ID : CVE-2023-2906

Première publication le : 25-08-2023 21:15:07
Dernière modification le : 25-08-2023 21:15:07

Description :
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

CVE ID : CVE-2023-2906
Source : cve@takeonme.org
Score CVSS : /

Références :
https://gitlab.com/wireshark/wireshark/-/issues/19229 | source : cve@takeonme.org
https://takeonme.org/cves/CVE-2023-2906.html | source : cve@takeonme.org

Vulnérabilité : CWE-369


Source : apache.org

Vulnérabilité ID : CVE-2023-41080

Première publication le : 25-08-2023 21:15:09
Dernière modification le : 25-08-2023 21:15:09

Description :
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.

CVE ID : CVE-2023-41080
Source : security@apache.org
Score CVSS : /

Références :
https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f | source : security@apache.org

Vulnérabilité : CWE-601


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.