Dernières vulnérabilités du Vendredi 4 Août 2023

Dernières vulnérabilités du Vendredi 4 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 04/08/2023 à 23:58:04

(8) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Source : github.com

Vulnérabilité ID : CVE-2023-37470

Première publication le : 04-08-2023 16:15:09
Dernière modification le : 04-08-2023 17:10:50

Description :
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.

CVE ID : CVE-2023-37470
Source : security-advisories@github.com
Score CVSS : 10.0

Références :
https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 | source : security-advisories@github.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-39344

Première publication le : 04-08-2023 20:15:10
Dernière modification le : 04-08-2023 20:15:10

Description :
social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.

CVE ID : CVE-2023-39344
Source : security-advisories@github.com
Score CVSS : 10.0

Références :
https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1 | source : security-advisories@github.com
https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfh | source : security-advisories@github.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-38702

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 04-08-2023 19:15:10

Description :
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.

CVE ID : CVE-2023-38702
Source : security-advisories@github.com
Score CVSS : 9.9

Références :
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-36480

Première publication le : 04-08-2023 15:15:10
Dernière modification le : 04-08-2023 15:27:24

Description :
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue.

CVE ID : CVE-2023-36480
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900 | source : security-advisories@github.com
https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597 | source : security-advisories@github.com

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-38692

Première publication le : 04-08-2023 18:15:14
Dernière modification le : 04-08-2023 18:53:22

Description :
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.

CVE ID : CVE-2023-38692
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java | source : security-advisories@github.com
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1 | source : security-advisories@github.com
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5w | source : security-advisories@github.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-38686

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.

CVE ID : CVE-2023-38686
Source : security-advisories@github.com
Score CVSS : 9.3

Références :
https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations | source : security-advisories@github.com
https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/pull/574 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/releases/tag/v2.5.6 | source : security-advisories@github.com
https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g | source : security-advisories@github.com
https://github.com/python/cpython/issues/91826 | source : security-advisories@github.com
https://peps.python.org/pep-0476/ | source : security-advisories@github.com

Vulnérabilité : CWE-295


Vulnérabilité ID : CVE-2023-38699

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.

CVE ID : CVE-2023-38699
Source : security-advisories@github.com
Score CVSS : 9.1

Références :
https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0 | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw | source : security-advisories@github.com

Vulnérabilité : CWE-311


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4159

Première publication le : 04-08-2023 18:15:18
Dernière modification le : 04-08-2023 18:53:22

Description :
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4159
Source : security@huntr.dev
Score CVSS : 9.9

Références :
https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8 | source : security@huntr.dev
https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c | source : security@huntr.dev

Vulnérabilité : CWE-434


(9) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : github.com

Vulnérabilité ID : CVE-2023-39346

Première publication le : 04-08-2023 21:15:11
Dernière modification le : 04-08-2023 21:15:11

Description :
LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.

CVE ID : CVE-2023-39346
Source : security-advisories@github.com
Score CVSS : 8.8

Références :
https://github.com/bjrjk/LinuxASMCallGraph/commit/20dba06bd1a3cf260612d4f21547c25002121cd5 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/issues/6 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/issues/8 | source : security-advisories@github.com
https://github.com/bjrjk/LinuxASMCallGraph/security/advisories/GHSA-63c3-r9qm-c2wx | source : security-advisories@github.com

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-38689

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.

CVE ID : CVE-2023-38689
Source : security-advisories@github.com
Score CVSS : 8.1

Références :
https://github.com/RS485/LogisticsPipes/commit/39a90b8f2d1a2bcc512ec68c3e139f1dac07aa56 | source : security-advisories@github.com
https://github.com/RS485/LogisticsPipes/commit/527c4f4fb028e9afab29d4e639935010ad7be9e7 | source : security-advisories@github.com
https://github.com/RS485/LogisticsPipes/security/advisories/GHSA-mcp7-xf3v-25x3 | source : security-advisories@github.com

Vulnérabilité : CWE-502


Vulnérabilité ID : CVE-2023-38497

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.

CVE ID : CVE-2023-38497
Source : security-advisories@github.com
Score CVSS : 7.9

Références :
https://en.wikipedia.org/wiki/Umask | source : security-advisories@github.com
https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff | source : security-advisories@github.com
https://github.com/rust-lang/cargo/pull/12443 | source : security-advisories@github.com
https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 | source : security-advisories@github.com
https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 | source : security-advisories@github.com
https://www.rust-lang.org/policies/security | source : security-advisories@github.com

Vulnérabilité : CWE-278


Vulnérabilité ID : CVE-2023-37896

Première publication le : 04-08-2023 16:15:09
Dernière modification le : 04-08-2023 17:10:50

Description :
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.

CVE ID : CVE-2023-37896
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/projectdiscovery/nuclei/pull/3927 | source : security-advisories@github.com
https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.9 | source : security-advisories@github.com
https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-2xx4-jj5v-6mff | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38688

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

CVE ID : CVE-2023-38688
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23 | source : security-advisories@github.com
https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a | source : security-advisories@github.com
https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx | source : security-advisories@github.com

Vulnérabilité : CWE-311


Source : wordfence.com

Vulnérabilité ID : CVE-2023-4141

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.

CVE ID : CVE-2023-4141
Source : security@wordfence.com
Score CVSS : 8.0

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-4142

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.

CVE ID : CVE-2023-4142
Source : security@wordfence.com
Score CVSS : 8.0

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-94


Vulnérabilité ID : CVE-2023-4139

Première publication le : 04-08-2023 03:15:13
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.

CVE ID : CVE-2023-4139
Source : security@wordfence.com
Score CVSS : 7.5

Références :
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-200


Source : yd.MitsubishiElectric.co.jp

Vulnérabilité ID : CVE-2023-0525

Première publication le : 04-08-2023 00:15:10
Dernière modification le : 04-08-2023 02:45:53

Description :
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

CVE ID : CVE-2023-0525
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 7.5

Références :
https://jvn.jp/vu/JVNVU95285923/index.html | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-261


(21) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : wordfence.com

Vulnérabilité ID : CVE-2023-4140

Première publication le : 04-08-2023 03:15:14
Dernière modification le : 04-08-2023 15:27:24

Description :
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.

CVE ID : CVE-2023-4140
Source : security@wordfence.com
Score CVSS : 6.6

Références :
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-269


Source : github.com

Vulnérabilité ID : CVE-2023-38487

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.

CVE ID : CVE-2023-38487
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/hedgedoc/hedgedoc/pull/4476/commits/781263ab84255885e1fe60c7e92e2f8d611664d2 | source : security-advisories@github.com
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg | source : security-advisories@github.com

Vulnérabilité : CWE-289


Vulnérabilité ID : CVE-2023-38695

Première publication le : 04-08-2023 18:15:14
Dernière modification le : 04-08-2023 18:53:22

Description :
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.

CVE ID : CVE-2023-38695
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/issues/15 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2 | source : security-advisories@github.com
https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38708

Première publication le : 04-08-2023 01:15:09
Dernière modification le : 04-08-2023 02:45:45

Description :
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.

CVE ID : CVE-2023-38708
Source : security-advisories@github.com
Score CVSS : 6.3

Références :
https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c | source : security-advisories@github.com
https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-38494

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.

CVE ID : CVE-2023-38494
Source : security-advisories@github.com
Score CVSS : 5.9

Références :
https://github.com/metersphere/metersphere/commit/a23f75d93b666901fd148d834df9384f6f24cf28 | source : security-advisories@github.com
https://github.com/metersphere/metersphere/security/advisories/GHSA-fjp5-95pv-5253 | source : security-advisories@github.com

Vulnérabilité : CWE-200


Vulnérabilité ID : CVE-2023-38690

Première publication le : 04-08-2023 17:15:10
Dernière modification le : 04-08-2023 18:53:28

Description :
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.

CVE ID : CVE-2023-38690
Source : security-advisories@github.com
Score CVSS : 5.8

Références :
https://github.com/matrix-org/matrix-appservice-irc/commit/0afb064635d37e039067b5b3d6423448b93026d3 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-3pmj-jqqp-2mj3 | source : security-advisories@github.com

Vulnérabilité : CWE-20
Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-38697

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.

CVE ID : CVE-2023-38697
Source : security-advisories@github.com
Score CVSS : 5.8

Références :
https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd | source : security-advisories@github.com
https://github.com/socketry/protocol-http1/pull/20 | source : security-advisories@github.com
https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj | source : security-advisories@github.com
https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding | source : security-advisories@github.com

Vulnérabilité : CWE-444


Vulnérabilité ID : CVE-2023-38691

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 04-08-2023 18:53:28

Description :
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.

CVE ID : CVE-2023-38691
Source : security-advisories@github.com
Score CVSS : 5.0

Références :
https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x | source : security-advisories@github.com

Vulnérabilité : CWE-287


Vulnérabilité ID : CVE-2023-38698

Première publication le : 04-08-2023 18:15:15
Dernière modification le : 04-08-2023 18:53:22

Description :
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.

CVE ID : CVE-2023-38698
Source : security-advisories@github.com
Score CVSS : 4.9

Références :
https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171 | source : security-advisories@github.com
https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca | source : security-advisories@github.com
https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3 | source : security-advisories@github.com

Vulnérabilité : CWE-190


Vulnérabilité ID : CVE-2023-39343

Première publication le : 04-08-2023 01:15:10
Dernière modification le : 04-08-2023 02:45:45

Description :
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

CVE ID : CVE-2023-39343
Source : security-advisories@github.com
Score CVSS : 4.3

Références :
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b | source : security-advisories@github.com
https://github.com/sulu/sulu/releases/tag/2.5.10 | source : security-advisories@github.com
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr | source : security-advisories@github.com

Vulnérabilité : CWE-204


Source : cisco.com

Vulnérabilité ID : CVE-2020-26064

Première publication le : 04-08-2023 21:15:09
Dernière modification le : 04-08-2023 21:15:09

Description :
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.

CVE ID : CVE-2020-26064
Source : ykramarz@cisco.com
Score CVSS : 6.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2020-26065

Première publication le : 04-08-2023 21:15:10
Dernière modification le : 04-08-2023 21:15:10

Description :
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

CVE ID : CVE-2020-26065
Source : ykramarz@cisco.com
Score CVSS : 6.5

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS | source : ykramarz@cisco.com


Vulnérabilité ID : CVE-2020-26082

Première publication le : 04-08-2023 21:15:10
Dernière modification le : 04-08-2023 21:15:10

Description :
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

CVE ID : CVE-2020-26082
Source : ykramarz@cisco.com
Score CVSS : 5.8

Références :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg | source : ykramarz@cisco.com


Source : huntr.dev

Vulnérabilité ID : CVE-2023-4158

Première publication le : 04-08-2023 18:15:17
Dernière modification le : 04-08-2023 18:53:22

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4158
Source : security@huntr.dev
Score CVSS : 6.4

Références :
https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8 | source : security@huntr.dev
https://huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-4157

Première publication le : 04-08-2023 18:15:17
Dernière modification le : 04-08-2023 18:53:22

Description :
Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.

CVE ID : CVE-2023-4157
Source : security@huntr.dev
Score CVSS : 5.2

Références :
https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63 | source : security@huntr.dev
https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014 | source : security@huntr.dev

Vulnérabilité : CWE-20


Source : redhat.com

Vulnérabilité ID : CVE-2023-4135

Première publication le : 04-08-2023 14:15:12
Dernière modification le : 04-08-2023 15:27:24

Description :
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

CVE ID : CVE-2023-4135
Source : secalert@redhat.com
Score CVSS : 6.0

Références :
https://access.redhat.com/security/cve/CVE-2023-4135 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | source : secalert@redhat.com
https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 | source : secalert@redhat.com


Source : yd.MitsubishiElectric.co.jp

Vulnérabilité ID : CVE-2023-3373

Première publication le : 04-08-2023 00:15:14
Dernière modification le : 04-08-2023 02:45:45

Description :
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

CVE ID : CVE-2023-3373
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 5.9

Références :
https://jvn.jp/vu/JVNVU92167394/index.html | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-342


Source : gitlab.com

Vulnérabilité ID : CVE-2023-4002

Première publication le : 04-08-2023 01:15:10
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.

CVE ID : CVE-2023-4002
Source : cve@gitlab.com
Score CVSS : 5.3

Références :
https://gitlab.com/gitlab-org/gitlab/-/issues/416647 | source : cve@gitlab.com

Vulnérabilité : CWE-284


Source : vmware.com

Vulnérabilité ID : CVE-2023-34037

Première publication le : 04-08-2023 12:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.

CVE ID : CVE-2023-34037
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0017.html | source : security@vmware.com


Vulnérabilité ID : CVE-2023-34038

Première publication le : 04-08-2023 12:15:10
Dernière modification le : 04-08-2023 15:27:24

Description :
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

CVE ID : CVE-2023-34038
Source : security@vmware.com
Score CVSS : 5.3

Références :
https://www.vmware.com/security/advisories/VMSA-2023-0017.html | source : security@vmware.com


Source : mitre.org

Vulnérabilité ID : CVE-2023-29505

Première publication le : 04-08-2023 15:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

CVE ID : CVE-2023-29505
Source : cve@mitre.org
Score CVSS : 4.3

Références :
https://excellium-services.com/cert-xlm-advisory/CVE-2023-29505 | source : cve@mitre.org
https://www.manageengine.com/network-monitoring/help/read-me-complete.html#build_127131 | source : cve@mitre.org


(1) Vulnérabilité(s) LOW [0.1, 3.9]

Source : github.com

Vulnérabilité ID : CVE-2023-38700

Première publication le : 04-08-2023 19:15:09
Dernière modification le : 04-08-2023 19:15:09

Description :
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.

CVE ID : CVE-2023-38700
Source : security-advisories@github.com
Score CVSS : 3.5

Références :
https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1 | source : security-advisories@github.com
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q | source : security-advisories@github.com

Vulnérabilité : CWE-200


(38) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Source : mitre.org

Vulnérabilité ID : CVE-2023-30297

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.

CVE ID : CVE-2023-30297
Source : cve@mitre.org
Score CVSS : /

Références :
https://status.n-able.com/2023/07/27/cve-2023-30297-release-note/ | source : cve@mitre.org
https://www.n-able.com/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33665

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 04-08-2023 02:45:45

Description :
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

CVE ID : CVE-2023-33665
Source : cve@mitre.org
Score CVSS : /

Références :
https://security.friendsofpresta.org/modules/2023/08/01/aitable.html | source : cve@mitre.org
https://www.boutique.ai-dev.fr/en/ergonomie/56-table-attributes.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36131

Première publication le : 04-08-2023 00:15:11
Dernière modification le : 04-08-2023 02:45:45

Description :
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.

CVE ID : CVE-2023-36131
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36132

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.

CVE ID : CVE-2023-36132
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36133

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.

CVE ID : CVE-2023-36133
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/availability-booking-calendar/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36134

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

CVE ID : CVE-2023-36134
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36135

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

CVE ID : CVE-2023-36135
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36137

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.

CVE ID : CVE-2023-36137
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/class-scheduling-system | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36138

Première publication le : 04-08-2023 00:15:12
Dernière modification le : 04-08-2023 02:45:45

Description :
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.

CVE ID : CVE-2023-36138
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36139

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

CVE ID : CVE-2023-36139
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36141

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

CVE ID : CVE-2023-36141
Source : cve@mitre.org
Score CVSS : /

Références :
https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 | source : cve@mitre.org
https://www.phpjabbers.com/cleaning-business-software/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36158

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.

CVE ID : CVE-2023-36158
Source : cve@mitre.org
Score CVSS : /

Références :
http://toll.com | source : cve@mitre.org
https://cyberredteam.tech/posts/cve-2023-36158/ | source : cve@mitre.org
https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md | source : cve@mitre.org
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36159

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

CVE ID : CVE-2023-36159
Source : cve@mitre.org
Score CVSS : /

Références :
http://lost.com | source : cve@mitre.org
https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38941

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.

CVE ID : CVE-2023-38941
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Ehco1996/django-sspanel | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38991

Première publication le : 04-08-2023 00:15:13
Dernière modification le : 04-08-2023 02:45:45

Description :
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

CVE ID : CVE-2023-38991
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/thinkgem/jeesite/issues/520 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-30146

Première publication le : 04-08-2023 01:15:09
Dernière modification le : 04-08-2023 02:45:45

Description :
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.

CVE ID : CVE-2023-30146
Source : cve@mitre.org
Score CVSS : /

Références :
https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras/ | source : cve@mitre.org
https://github.com/L1-0/CVE-2023-30146 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-29689

Première publication le : 04-08-2023 15:15:10
Dernière modification le : 04-08-2023 15:27:24

Description :
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

CVE ID : CVE-2023-29689
Source : cve@mitre.org
Score CVSS : /

Références :
https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38964

Première publication le : 04-08-2023 16:15:10
Dernière modification le : 04-08-2023 17:10:50

Description :
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2023-38964
Source : cve@mitre.org
Score CVSS : /

Références :
https://vida03.gitbook.io/redteam/web/cve-2023-38964 | source : cve@mitre.org


Vulnérabilité ID : CVE-2022-41401

Première publication le : 04-08-2023 17:15:09
Dernière modification le : 04-08-2023 18:53:28

Description :
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

CVE ID : CVE-2022-41401
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180 | source : cve@mitre.org
https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103 | source : cve@mitre.org
https://github.com/ixSly/CVE-2022-41401 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39112

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 04-08-2023 18:53:28

Description :
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.

CVE ID : CVE-2023-39112
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Luci4n555/vul_report/blob/master/vul_1.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39143

Première publication le : 04-08-2023 17:15:11
Dernière modification le : 04-08-2023 18:53:22

Description :
PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.

CVE ID : CVE-2023-39143
Source : cve@mitre.org
Score CVSS : /

Références :
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ | source : cve@mitre.org
https://www.papercut.com/kb/Main/securitybulletinjuly2023/ | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33372

Première publication le : 04-08-2023 18:15:11
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

CVE ID : CVE-2023-33372
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33372 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33373

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.

CVE ID : CVE-2023-33373
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33373 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33374

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.

CVE ID : CVE-2023-33374
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33374 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33375

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices.

CVE ID : CVE-2023-33375
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33375 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33376

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33376
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33376 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33377

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33377
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33377 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33378

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

CVE ID : CVE-2023-33378
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33378 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-33379

Première publication le : 04-08-2023 18:15:12
Dernière modification le : 04-08-2023 18:53:22

Description :
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.

CVE ID : CVE-2023-33379
Source : cve@mitre.org
Score CVSS : /

Références :
https://claroty.com/team82/disclosure-dashboard/cve-2023-33379 | source : cve@mitre.org
https://www.connectedio.com/products/routers | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-38332

Première publication le : 04-08-2023 18:15:13
Dernière modification le : 04-08-2023 18:53:22

Description :
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.

CVE ID : CVE-2023-38332
Source : cve@mitre.org
Score CVSS : /

Références :
https://manageengine.com | source : cve@mitre.org
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38332.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39107

Première publication le : 04-08-2023 18:15:16
Dernière modification le : 04-08-2023 18:53:22

Description :
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.

CVE ID : CVE-2023-39107
Source : cve@mitre.org
Score CVSS : /

Références :
https://kb.nomachine.com/SU07U00247 | source : cve@mitre.org
https://kb.nomachine.com/TR07U10948 | source : cve@mitre.org
https://www.ns-echo.com/posts/nomachine_afo.html | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39551

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 04-08-2023 19:15:10

Description :
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

CVE ID : CVE-2023-39551
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-39552

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 04-08-2023 19:15:10

Description :
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).

CVE ID : CVE-2023-39552
Source : cve@mitre.org
Score CVSS : /

Références :
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md | source : cve@mitre.org


Source : jpcert.or.jp

Vulnérabilité ID : CVE-2023-39379

Première publication le : 04-08-2023 10:15:09
Dernière modification le : 04-08-2023 15:27:24

Description :
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

CVE ID : CVE-2023-39379
Source : vultures@jpcert.or.jp
Score CVSS : /

Références :
https://jvn.jp/en/jp/JVN38847224/ | source : vultures@jpcert.or.jp
https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en | source : vultures@jpcert.or.jp


Source : redhat.com

Vulnérabilité ID : CVE-2023-0264

Première publication le : 04-08-2023 18:15:11
Dernière modification le : 04-08-2023 18:53:22

Description :
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

CVE ID : CVE-2023-0264
Source : secalert@redhat.com
Score CVSS : /

Références :
https://access.redhat.com/security/cve/CVE-2023-0264 | source : secalert@redhat.com


Source : github.com

Vulnérabilité ID : CVE-2023-38707

Première publication le : 04-08-2023 19:15:10
Dernière modification le : 04-08-2023 19:15:10

Description :
** REJECT ** This CVE has been rejected because of [CNA rule 7.4.7](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules): ``` 7.4.7 CNAs SHOULD NOT assign CVE IDs to vulnerabilities in products that are not publicly available or licensable. ``` The repository with the vulnerable code is private, and therefore the product is not publicly available.

CVE ID : CVE-2023-38707
Source : security-advisories@github.com
Score CVSS : /

Références :


Vulnérabilité ID : CVE-2023-38696

Première publication le : 04-08-2023 20:15:09
Dernière modification le : 04-08-2023 20:15:09

Description :
** REJECT ** This CVE has been rejected because it is unclear whether the issue rests in the original repository `microsoft/ContosoAir`, the forked repository `Apetree100122/ContosoAir`, or both. If the Microsoft repository is vulnerable, [Microsoft](https://www.cve.org/PartnerInformation/ListofPartners/partner/microsoft) is the appropriate CVE Numbering Authority.

CVE ID : CVE-2023-38696
Source : security-advisories@github.com
Score CVSS : /

Références :


Source : google.com

Vulnérabilité ID : CVE-2022-4955

Première publication le : 04-08-2023 20:15:09
Dernière modification le : 04-08-2023 20:15:09

Description :
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE ID : CVE-2022-4955
Source : chrome-cve-admin@google.com
Score CVSS : /

Références :
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html | source : chrome-cve-admin@google.com
https://crbug.com/1349146 | source : chrome-cve-admin@google.com


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.