Latest vulnerabilities [Friday, December 8, 2023]

Latest vulnerabilities [Friday, December 8, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 12/08/2023 at 07:00:02 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-5008

First published on : 08-12-2023 00:15:07
Last modified on : 08-12-2023 14:23:10

Description :
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

CVE ID : CVE-2023-5008
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/blechacz/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


(6) HIGH VULNERABILITIES [7.0, 8.9]

Source : emc.com

Vulnerability ID : CVE-2023-32460

First published on : 08-12-2023 06:15:45
Last modified on : 08-12-2023 14:23:10

Description :
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVE ID : CVE-2023-32460
Source : security_alert@emc.com
CVSS Score : 8.8

References :
https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-306


Source : snyk.io

Vulnerability ID : CVE-2023-26158

First published on : 08-12-2023 05:15:07
Last modified on : 08-12-2023 14:23:10

Description :
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["__proto__", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if (["__proto__", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target }

CVE ID : CVE-2023-26158
Source : report@snyk.io
CVSS Score : 8.2

References :
https://github.com/nuysoft/Mock/blob/00ce04b92eb464e664a4438430903f2de96efb47/dist/mock.js%23L721-L755 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-MOCKJS-6051365 | source : report@snyk.io

Vulnerability : CWE-1321


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-47565

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later

CVE ID : CVE-2023-47565
Source : security@qnapsecurity.com.tw
CVSS Score : 8.0

References :
https://www.qnap.com/en/security-advisory/qsa-23-48 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Source : 6b35d637-e00f-4228-858c-b20ad6e1d07b

Vulnerability ID : CVE-2023-6245

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

CVE ID : CVE-2023-6245
Source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
CVSS Score : 7.5

References :
https://github.com/dfinity/candid/blob/master/spec/Candid.md | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://github.com/dfinity/candid/pull/478 | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://internetcomputer.org/docs/current/references/candid-ref | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://internetcomputer.org/docs/current/references/ic-interface-spec | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b

Vulnerability : CWE-1288
Vulnerability : CWE-168
Vulnerability : CWE-20
Vulnerability : CWE-835


Source : redhat.com

Vulnerability ID : CVE-2023-6606

First published on : 08-12-2023 17:15:07
Last modified on : 08-12-2023 17:15:07

Description :
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE ID : CVE-2023-6606
Source : secalert@redhat.com
CVSS Score : 7.1

References :
https://access.redhat.com/security/cve/CVE-2023-6606 | source : secalert@redhat.com
https://bugzilla.kernel.org/show_bug.cgi?id=218218 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253611 | source : secalert@redhat.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-6610

First published on : 08-12-2023 17:15:07
Last modified on : 08-12-2023 17:15:07

Description :
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE ID : CVE-2023-6610
Source : secalert@redhat.com
CVSS Score : 7.1

References :
https://access.redhat.com/security/cve/CVE-2023-6610 | source : secalert@redhat.com
https://bugzilla.kernel.org/show_bug.cgi?id=218219 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253614 | source : secalert@redhat.com

Vulnerability : CWE-125


(11) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-6061

First published on : 08-12-2023 00:15:07
Last modified on : 08-12-2023 14:23:10

Description :
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

CVE ID : CVE-2023-6061
Source : psirt@paloaltonetworks.com
CVSS Score : 6.6

References :
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-426
Vulnerability : CWE-427


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23372

First published on : 08-12-2023 16:15:15
Last modified on : 08-12-2023 16:37:45

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later

CVE ID : CVE-2023-23372
Source : security@qnapsecurity.com.tw
CVSS Score : 6.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-40 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32975

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CVE ID : CVE-2023-32975
Source : security@qnapsecurity.com.tw
CVSS Score : 4.9

References :
https://www.qnap.com/en/security-advisory/qsa-23-07 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-32968

First published on : 08-12-2023 16:15:15
Last modified on : 08-12-2023 16:37:45

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CVE ID : CVE-2023-32968
Source : security@qnapsecurity.com.tw
CVSS Score : 4.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-07 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Source : qualys.com

Vulnerability ID : CVE-2023-6146

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.

CVE ID : CVE-2023-6146
Source : bugreport@qualys.com
CVSS Score : 5.7

References :
https://www.qualys.com/security-advisories/ | source : bugreport@qualys.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-6607

First published on : 08-12-2023 14:15:07
Last modified on : 08-12-2023 14:23:10

Description :
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6607
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/willchen0011/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247243 | source : cna@vuldb.com
https://vuldb.com/?id.247243 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6608

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6608
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/willchen0011/cve/blob/main/sql2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247244 | source : cna@vuldb.com
https://vuldb.com/?id.247244 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6611

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6611
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/13223355/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247246 | source : cna@vuldb.com
https://vuldb.com/?id.247246 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6612

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6612
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/OraclePi/repo/tree/main/totolink%20X5000R | source : cna@vuldb.com
https://vuldb.com/?ctiid.247247 | source : cna@vuldb.com
https://vuldb.com/?id.247247 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6617

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 17:15:08

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6617
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.247254 | source : cna@vuldb.com
https://vuldb.com/?id.247254 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6618

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 17:15:08

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.

CVE ID : CVE-2023-6618
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.247255 | source : cna@vuldb.com
https://vuldb.com/?id.247255 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc | source : cna@vuldb.com

Vulnerability : CWE-73


(6) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6609

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6609
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.247245 | source : cna@vuldb.com
https://vuldb.com/?id.247245 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6615

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 17:15:08

Description :
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6615
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247250 | source : cna@vuldb.com
https://vuldb.com/?id.247250 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6616

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 17:15:08

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability.

CVE ID : CVE-2023-6616
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.247253 | source : cna@vuldb.com
https://vuldb.com/?id.247253 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/sxa6f9gywg6vfbur | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6614

First published on : 08-12-2023 16:15:20
Last modified on : 08-12-2023 16:37:40

Description :
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6614
Source : cna@vuldb.com
CVSS Score : 2.7

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247249 | source : cna@vuldb.com
https://vuldb.com/?id.247249 | source : cna@vuldb.com

Vulnerability : CWE-912


Vulnerability ID : CVE-2023-6613

First published on : 08-12-2023 16:15:19
Last modified on : 08-12-2023 16:37:40

Description :
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6613
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247248 | source : cna@vuldb.com
https://vuldb.com/?id.247248 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : huntr.dev

Vulnerability ID : CVE-2023-6599

First published on : 08-12-2023 00:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

CVE ID : CVE-2023-6599
Source : security@huntr.dev
CVSS Score : 3.1

References :
https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd | source : security@huntr.dev
https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e | source : security@huntr.dev

Vulnerability : CWE-544


(39) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43742

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.

CVE ID : CVE-2023-43742
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43743

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.

CVE ID : CVE-2023-43743
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org
https://mxvirtual.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-43744

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.

CVE ID : CVE-2023-43744
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org
https://mxvirtual.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-43305

First published on : 08-12-2023 02:15:06
Last modified on : 08-12-2023 14:23:10

Description :
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43305
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43305.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48122

First published on : 08-12-2023 04:15:06
Last modified on : 08-12-2023 14:23:10

Description :
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

CVE ID : CVE-2023-48122
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/grozdniyandy/1847ad48126d6bba39bdeb49114bc300 | source : cve@mitre.org
https://github.com/microweber/microweber/issues/1042 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48928

First published on : 08-12-2023 05:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

CVE ID : CVE-2023-48928
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MatJosephs/CVEs/tree/main/CVE-2023-48928 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48929

First published on : 08-12-2023 05:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.

CVE ID : CVE-2023-48929
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MatJosephs/CVEs/tree/main/CVE-2023-48929 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45866

First published on : 08-12-2023 06:15:45
Last modified on : 08-12-2023 14:23:10

Description :
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

CVE ID : CVE-2023-45866
Source : cve@mitre.org
CVSS Score : /

References :
http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog | source : cve@mitre.org
https://bluetooth.com | source : cve@mitre.org
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 | source : cve@mitre.org
https://github.com/skysafe/reblog/tree/main/cve-2023-45866 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46157

First published on : 08-12-2023 13:15:07
Last modified on : 08-12-2023 14:23:10

Description :
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

CVE ID : CVE-2023-46157
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cloudpanel.io/docs/v2/changelog/ | source : cve@mitre.org
https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard | source : cve@mitre.org


Vulnerability ID : CVE-2023-49007

First published on : 08-12-2023 14:15:07
Last modified on : 08-12-2023 14:23:10

Description :
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.

CVE ID : CVE-2023-49007
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/5erua/netgear_orbi_overflow_vulnerability/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49443

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:50

Description :
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

CVE ID : CVE-2023-49443
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/woshinibaba222/DoraCMS-Verification-Code-Reuse | source : cve@mitre.org


Vulnerability ID : CVE-2023-49444

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

CVE ID : CVE-2023-49444
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/woshinibaba222/DoraCMS-File-Upload-Vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2023-49484

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

CVE ID : CVE-2023-49484
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49485

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

CVE ID : CVE-2023-49485
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20storage%20type%20XSS%20in%20the%20column%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49486

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

CVE ID : CVE-2023-49486
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49487

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

CVE ID : CVE-2023-49487
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-48397

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48397
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48398

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48398
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48399

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48399
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48401

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48401
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48402

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48402
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48403

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:45

Description :
In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48403
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48404

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48404
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48405

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48405
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48406

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48406
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48407

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48407
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48408

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48408
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48409

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48409
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48410

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48410
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48411

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48411
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48412

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48412
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48413

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48413
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48414

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48414
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48415

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48415
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48416

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48416
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48420

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48420
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48421

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48421
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48422

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48422
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48423

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48423
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.