Last Vulnerabilities 2023-06-20-CRITICAL

Last Vulnerabilities 2023-06-20-CRITICAL

Vuln ID : CVE-2023-27992

Publie le 2023-06-19T12:15:09.433

Derniere modification : 2023-06-20T07:12:55.493

Description :
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

CVE ID: CVE-2023-27992

Source : security@zyxel.com.tw

Score CVSS : 9.8

References :
[{'url': 'https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products', 'source': 'security@zyxel.com.tw'}]


Vuln ID : CVE-2023-2907

Publie le 2023-06-19T13:15:09.580

Derniere modification : 2023-06-20T07:12:55.493

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

CVE ID: CVE-2023-2907

Source : cve@usom.gov.tr

Score CVSS : 9.8

References :
[{'url': 'https://www.usom.gov.tr/bildirim/tr-23-0363', 'source': 'cve@usom.gov.tr'}]


Vuln ID : CVE-2023-31410

Publie le 2023-06-19T15:15:09.173

Derniere modification : 2023-06-20T07:12:55.493

Description :
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.

CVE ID: CVE-2023-31410

Source : psirt@sick.de

Score CVSS : 9.8

References :
[{'url': 'https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json', 'source': 'psirt@sick.de'}, {'url': 'https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf', 'source': 'psirt@sick.de'}, {'url': 'https://sick.com/psirt', 'source': 'psirt@sick.de'}]


Vuln ID : CVE-2023-31411

Publie le 2023-06-19T15:15:09.230

Derniere modification : 2023-06-20T07:12:55.493

Description :
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.

CVE ID: CVE-2023-31411

Source : psirt@sick.de

Score CVSS : 9.8

References :
[{'url': 'https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.json', 'source': 'psirt@sick.de'}, {'url': 'https://sick.com/.well-known/csaf/white/2023/sca-2023-0005.pdf', 'source': 'psirt@sick.de'}, {'url': 'https://sick.com/psirt', 'source': 'psirt@sick.de'}]

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.