Dernières vulnérabilités du Vendredi 28 Juillet 2023

Dernières vulnérabilités du Vendredi 28 Juillet 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 28/07/2023 à 21:47:38

(0) Vulnérabilité(s) CRITICAL [9.0, 10.0]

(3) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-3985

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3985
Source : cna@vuldb.com
Score CVSS : 7.3

Références :
https://github.com/MaxLiu98/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20login.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235606 | source : cna@vuldb.com
https://vuldb.com/?id.235606 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Source : cert.vde.com

Vulnérabilité ID : CVE-2023-3670

Première publication le : 28-07-2023 08:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CVE ID : CVE-2023-3670
Source : info@cert.vde.com
Score CVSS : 7.3

Références :
https://cert.vde.com/en/advisories/VDE-2023-024 | source : info@cert.vde.com

Vulnérabilité : CWE-668


Source : ch.abb.com

Vulnérabilité ID : CVE-2023-2685

Première publication le : 28-07-2023 12:15:09
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1

CVE ID : CVE-2023-2685
Source : cybersecurity@ch.abb.com
Score CVSS : 7.2

Références :
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch | source : cybersecurity@ch.abb.com

Vulnérabilité : CWE-428


(11) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : github.com

Vulnérabilité ID : CVE-2023-37467

Première publication le : 28-07-2023 15:15:10
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.

CVE ID : CVE-2023-37467
Source : security-advisories@github.com
Score CVSS : 6.8

Références :
https://github.com/discourse/discourse/commit/0976c8fad6970b6182e7837bf87de07709407f25 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-gr5h-hm62-jr3j | source : security-advisories@github.com

Vulnérabilité : CWE-323


Vulnérabilité ID : CVE-2023-38684

Première publication le : 28-07-2023 16:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-38684
Source : security-advisories@github.com
Score CVSS : 5.3

Références :
https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf | source : security-advisories@github.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-37906

Première publication le : 28-07-2023 16:15:11
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-37906
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c | source : security-advisories@github.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-38498

Première publication le : 28-07-2023 16:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.

CVE ID : CVE-2023-38498
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j | source : security-advisories@github.com

Vulnérabilité : CWE-400
Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-38685

Première publication le : 28-07-2023 16:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.

CVE ID : CVE-2023-38685
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5 | source : security-advisories@github.com

Vulnérabilité : CWE-200


Source : vuldb.com

Vulnérabilité ID : CVE-2023-3984

Première publication le : 28-07-2023 03:15:09
Dernière modification le : 28-07-2023 13:44:36

Description :
A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability.

CVE ID : CVE-2023-3984
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.235605 | source : cna@vuldb.com
https://vuldb.com/?id.235605 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3987

Première publication le : 28-07-2023 06:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.

CVE ID : CVE-2023-3987
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/SQL%20Injection | source : cna@vuldb.com
https://vuldb.com/?ctiid.235608 | source : cna@vuldb.com
https://vuldb.com/?id.235608 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3988

Première publication le : 28-07-2023 06:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability.

CVE ID : CVE-2023-3988
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/excuses0217/CveHub/blob/main/Cafe%20Billing%20System%20index.php%20has%20Sqlinjection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.235609 | source : cna@vuldb.com
https://vuldb.com/?id.235609 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Source : hashicorp.com

Vulnérabilité ID : CVE-2023-3774

Première publication le : 28-07-2023 01:15:09
Dernière modification le : 28-07-2023 13:44:36

Description :
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.

CVE ID : CVE-2023-3774
Source : security@hashicorp.com
Score CVSS : 4.9

Références :
https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617 | source : security@hashicorp.com

Vulnérabilité : CWE-703


Source : wordfence.com

Vulnérabilité ID : CVE-2023-0958

Première publication le : 28-07-2023 05:15:09
Dernière modification le : 28-07-2023 13:44:36

Description :
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.

CVE ID : CVE-2023-0958
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-3977

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-3977
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


(5) Vulnérabilité(s) LOW [0.1, 3.9]

Source : silabs.com

Vulnérabilité ID : CVE-2023-3488

Première publication le : 28-07-2023 16:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.

CVE ID : CVE-2023-3488
Source : product-security@silabs.com
Score CVSS : 3.8

Références :
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1 | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk/releases | source : product-security@silabs.com

Vulnérabilité : CWE-908


Source : vuldb.com

Vulnérabilité ID : CVE-2023-3989

Première publication le : 28-07-2023 07:15:09
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3989
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://github.com/zouzuo1994321/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20add_customer.php%20has%20Cross%20Site%20Scripting(Xss)%20vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.235610 | source : cna@vuldb.com
https://vuldb.com/?id.235610 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3990

Première publication le : 28-07-2023 07:15:09
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

CVE ID : CVE-2023-3990
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://gitee.com/mingSoft/MCMS/issues/I7K4DQ | source : cna@vuldb.com
https://vuldb.com/?ctiid.235611 | source : cna@vuldb.com
https://vuldb.com/?id.235611 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3986

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.

CVE ID : CVE-2023-3986
Source : cna@vuldb.com
Score CVSS : 2.4

Références :
https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS | source : cna@vuldb.com
https://vuldb.com/?ctiid.235607 | source : cna@vuldb.com
https://vuldb.com/?id.235607 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Source : github.com

Vulnérabilité ID : CVE-2023-37904

Première publication le : 28-07-2023 16:15:11
Dernière modification le : 28-07-2023 16:41:43

Description :
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

CVE ID : CVE-2023-37904
Source : security-advisories@github.com
Score CVSS : 2.6

Références :
https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg | source : security-advisories@github.com

Vulnérabilité : CWE-362


(37) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2022-31454

Première publication le : 28-07-2023 02:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.

CVE ID : CVE-2022-31454
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@rohitgautam26/cve-2022-31454-8e8555c31fd3 | source : cve@mitre.org
https://www.acunetix.com/vulnerabilities/web/cross-site-scripting/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38331

Première publication le : 28-07-2023 02:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.

CVE ID : CVE-2023-38331
Source : cve@mitre.org
Score CVSS : /

Références :
https://manageengine.com | source : cve@mitre.org
https://www.manageengine.com/products/service-desk/CVE-2023-38331.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31932

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.

CVE ID : CVE-2023-31932
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug5-SQL-Injection-viewid.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31933

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.

CVE ID : CVE-2023-31933
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug4-SQL-Injection-editid2.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31934

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.

CVE ID : CVE-2023-31934
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31935

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.

CVE ID : CVE-2023-31935
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md | source : cve@mitre.org
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug2-XSS-in-Email-address.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31936

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.

CVE ID : CVE-2023-31936
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug6-SQL-Injection-viewid2.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-31937

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:51:32

Description :
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.

CVE ID : CVE-2023-31937
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug3-SQL-Injection-editid.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-37754

Première publication le : 28-07-2023 15:15:11
Dernière modification le : 28-07-2023 16:41:43

Description :
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.

CVE ID : CVE-2023-37754
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/PowerJob/PowerJob/ | source : cve@mitre.org
https://github.com/PowerJob/PowerJob/issues/675 | source : cve@mitre.org
https://novysodope.github.io/2023/07/02/100/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38992

Première publication le : 28-07-2023 15:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.

CVE ID : CVE-2023-38992
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/jeecgboot/jeecg-boot/issues/5173 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39010

Première publication le : 28-07-2023 15:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.

CVE ID : CVE-2023-39010
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/lessthanoptimal/BoofCV/issues/406 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39013

Première publication le : 28-07-2023 15:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.

CVE ID : CVE-2023-39013
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/larsga/Duke/issues/273 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39015

Première publication le : 28-07-2023 15:15:12
Dernière modification le : 28-07-2023 16:41:43

Description :
webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.

CVE ID : CVE-2023-39015
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/code4craft/webmagic/issues/1122 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39016

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39016
Source : cve@mitre.org
Score CVSS : /

Références :
https://gitee.com/bboss/bboss/issues/I7MH08 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39017

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39017
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/quartz-scheduler/quartz/issues/943 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39018

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39018
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/bramp/ffmpeg-cli-wrapper/issues/291 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39020

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39020
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/LetianYuan/My-CVE-Public-References/tree/main/edu_stanford_nlp_stanford-parser | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39021

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39021
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/LetianYuan/My-CVE-Public-References/tree/main/com_wix_wix-embedded-mysql | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39022

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39022
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/LetianYuan/My-CVE-Public-References/tree/main/opensymphony_oscore | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39023

Première publication le : 28-07-2023 15:15:13
Dernière modification le : 28-07-2023 16:41:43

Description :
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.

CVE ID : CVE-2023-39023
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/LetianYuan/My-CVE-Public-References/tree/main/org_compass-project_compass | source : cve@mitre.org


Source : apple.com

Vulnérabilité ID : CVE-2023-28203

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.

CVE ID : CVE-2023-28203
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213833 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32427

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.

CVE ID : CVE-2023-32427
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213833 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32444

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.

CVE ID : CVE-2023-32444
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32445

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.

CVE ID : CVE-2023-32445
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213847 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-32654

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:36

Description :
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.

CVE ID : CVE-2023-32654
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-34425

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-34425
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-36495

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-36495
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-37285

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-37285
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38571

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.

CVE ID : CVE-2023-38571
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38590

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

CVE ID : CVE-2023-38590
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38592

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-38592
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38598

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-38598
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38599

Première publication le : 28-07-2023 05:15:10
Dernière modification le : 28-07-2023 13:44:31

Description :
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

CVE ID : CVE-2023-38599
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213847 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38601

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.

CVE ID : CVE-2023-38601
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38604

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-38604
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnérabilité ID : CVE-2023-38609

Première publication le : 28-07-2023 05:15:11
Dernière modification le : 28-07-2023 13:44:31

Description :
An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.

CVE ID : CVE-2023-38609
Source : product-security@apple.com
Score CVSS : /

Références :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Source : redhat.com

Vulnérabilité ID : CVE-2023-39190

Première publication le : 28-07-2023 14:15:10
Dernière modification le : 28-07-2023 14:15:10

Description :
** REJECT ** CVE-2023-39190 was found to be a duplicate of CVE-2023-31436. Please see https://access.redhat.com/security/cve/CVE-2023-31436 for information about affected products and security errata.

CVE ID : CVE-2023-39190
Source : secalert@redhat.com
Score CVSS : /

Références :


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.