Latest vulnerabilities [Friday, January 05, 2024]

Latest vulnerabilities [Friday, January 05, 2024]
{{titre}}

Last update performed on 01/05/2024 at 11:57:06 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : patchstack.com

Vulnerability ID : CVE-2022-46839

First published on : 05-01-2024 11:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

CVE ID : CVE-2022-46839
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


(9) HIGH VULNERABILITIES [7.0, 8.9]

Source : patchstack.com

Vulnerability ID : CVE-2023-52150

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.

CVE ID : CVE-2023-52150
Source : audit@patchstack.com
CVSS Score : 8.8

References :
https://patchstack.com/database/vulnerability/dynamic-content-for-elementor/wordpress-dynamic-content-for-elementor-plugin-2-12-5-cross-site-request-forgery-csrf-leading-to-arbitrary-wordpress-options-change-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51502

First published on : 05-01-2024 08:15:42
Last modified on : 05-01-2024 11:54:11

Description :
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

CVE ID : CVE-2023-51502
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-1-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-52143

First published on : 05-01-2024 11:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.

CVE ID : CVE-2023-52143
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/wp-stripe-checkout/wordpress-wp-stripe-checkout-plugin-1-2-2-37-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-41288

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE ID : CVE-2023-41288
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-55 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-39296

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

CVE ID : CVE-2023-39296
Source : security@qnapsecurity.com.tw
CVSS Score : 7.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-64 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-1321


Vulnerability ID : CVE-2023-47560

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47560
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-23 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Source : github.com

Vulnerability ID : CVE-2024-21641

First published on : 05-01-2024 21:15:43
Last modified on : 05-01-2024 22:12:18

Description :
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.

CVE ID : CVE-2024-21641
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a | source : security-advisories@github.com
https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176 | source : security-advisories@github.com
https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr | source : security-advisories@github.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-21642

First published on : 05-01-2024 22:15:43
Last modified on : 05-01-2024 22:15:43

Description :
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.

CVE ID : CVE-2024-21642
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2 | source : security-advisories@github.com
https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4 | source : security-advisories@github.com
https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets | source : security-advisories@github.com

Vulnerability : CWE-918


Source : vuldb.com

Vulnerability ID : CVE-2024-0247

First published on : 05-01-2024 19:15:08
Last modified on : 05-01-2024 22:12:18

Description :
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0247
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249778 | source : cna@vuldb.com
https://vuldb.com/?id.249778 | source : cna@vuldb.com

Vulnerability : CWE-89


(32) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-39294

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

CVE ID : CVE-2023-39294
Source : security@qnapsecurity.com.tw
CVSS Score : 6.6

References :
https://www.qnap.com/en/security-advisory/qsa-23-54 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41289

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later

CVE ID : CVE-2023-41289
Source : security@qnapsecurity.com.tw
CVSS Score : 6.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-34 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47559

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47559
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-23 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41287

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE ID : CVE-2023-41287
Source : security@qnapsecurity.com.tw
CVSS Score : 4.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-55 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : patchstack.com

Vulnerability ID : CVE-2023-52178

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.

CVE ID : CVE-2023-52178
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-affiliate-disclosure/wordpress-wp-affiliate-disclosure-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52124

First published on : 05-01-2024 12:15:09
Last modified on : 05-01-2024 18:23:44

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.

CVE ID : CVE-2023-52124
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52125

First published on : 05-01-2024 12:15:10
Last modified on : 05-01-2024 18:23:44

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.

CVE ID : CVE-2023-52125
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/iframe/wordpress-iframe-plugin-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52129

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.

CVE ID : CVE-2023-52129
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52149

First published on : 05-01-2024 09:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

CVE ID : CVE-2023-52149
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/floating-button/wordpress-floating-button-plugin-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51673

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.

CVE ID : CVE-2023-51673
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/stylish-price-list/wordpress-stylish-price-list-plugin-7-0-17-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52120

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

CVE ID : CVE-2023-52120
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52121

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.

CVE ID : CVE-2023-52121
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52146

First published on : 05-01-2024 11:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.

CVE ID : CVE-2023-52146
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52148

First published on : 05-01-2024 11:15:11
Last modified on : 05-01-2024 11:54:15

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.

CVE ID : CVE-2023-52148
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-30-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52151

First published on : 05-01-2024 11:15:11
Last modified on : 05-01-2024 11:54:15

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.

CVE ID : CVE-2023-52151
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/uncanny-automator/wordpress-uncanny-automator-plugin-5-1-0-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52126

First published on : 05-01-2024 12:15:11
Last modified on : 05-01-2024 18:23:44

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.

CVE ID : CVE-2023-52126
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52184

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.

CVE ID : CVE-2023-52184
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52123

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.

CVE ID : CVE-2023-52123
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52127

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.

CVE ID : CVE-2023-52127
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woo-product-bundle/wordpress-wpc-product-bundles-for-woocommerce-plugin-7-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52128

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.

CVE ID : CVE-2023-52128
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/white-label/wordpress-white-label-plugin-2-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52130

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

CVE ID : CVE-2023-52130
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52136

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2.

CVE ID : CVE-2023-52136
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-tweets-widget-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52145

First published on : 05-01-2024 09:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.

CVE ID : CVE-2023-52145
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/republish-old-posts/wordpress-republish-old-posts-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51535

First published on : 05-01-2024 10:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

CVE ID : CVE-2023-51535
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51538

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.

CVE ID : CVE-2023-51538
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51539

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

CVE ID : CVE-2023-51539
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51668

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.

CVE ID : CVE-2023-51668
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/image-upload-for-bbpress/wordpress-inline-image-upload-for-bbpress-plugin-1-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51678

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.

CVE ID : CVE-2023-51678
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52119

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.

CVE ID : CVE-2023-52119
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52122

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.

CVE ID : CVE-2023-52122
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : wordfence.com

Vulnerability ID : CVE-2023-6493

First published on : 05-01-2024 02:15:07
Last modified on : 05-01-2024 11:54:11

Description :
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.

CVE ID : CVE-2023-6493
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3013596/depicter/trunk/app/src/WordPress/Settings/Settings.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2024-0246

First published on : 05-01-2024 14:15:48
Last modified on : 05-01-2024 18:23:44

Description :
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0246
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.249759 | source : cna@vuldb.com
https://vuldb.com/?id.249759 | source : cna@vuldb.com

Vulnerability : CWE-79


(8) LOW VULNERABILITIES [0.1, 3.9]

Source : zte.com.cn

Vulnerability ID : CVE-2023-41782

First published on : 05-01-2024 02:15:07
Last modified on : 05-01-2024 11:54:11

Description :
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

CVE ID : CVE-2023-41782
Source : psirt@zte.com.cn
CVSS Score : 3.9

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984 | source : psirt@zte.com.cn

Vulnerability : CWE-20


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-45039

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45039
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45040

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45040
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45041

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45041
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45042

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45042
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45043

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45043
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45044

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45044
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-47219

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47219
Source : security@qnapsecurity.com.tw
CVSS Score : 3.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-32 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


(22) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2024-22075

First published on : 05-01-2024 03:15:08
Last modified on : 05-01-2024 11:54:11

Description :
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

CVE ID : CVE-2024-22075
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52323

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVE ID : CVE-2023-52323
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst | source : cve@mitre.org
https://pypi.org/project/pycryptodomex/#history | source : cve@mitre.org


Vulnerability ID : CVE-2024-22086

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.

CVE ID : CVE-2024-22086
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/hayyp/cherry/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22087

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.

CVE ID : CVE-2024-22087
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/foxweb/pico/issues/31 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22088

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

CVE ID : CVE-2024-22088
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/chendotjs/lotos/issues/7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51277

First published on : 05-01-2024 05:15:08
Last modified on : 05-01-2024 11:54:11

Description :
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

CVE ID : CVE-2023-51277
Source : cve@mitre.org
CVSS Score : /

References :
https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087731 | source : cve@mitre.org
https://github.com/tuxu/nbviewer-app/commit/dc1e4ddf64c78e13175a39b076fa0646fc62e581 | source : cve@mitre.org
https://github.com/tuxu/nbviewer-app/compare/0.1.5...0.1.6 | source : cve@mitre.org
https://www.youtube.com/watch?v=c0nawqA_bdI | source : cve@mitre.org


Vulnerability ID : CVE-2020-13878

First published on : 05-01-2024 08:15:41
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.

CVE ID : CVE-2020-13878
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/2b0eb7dd447aca8f4ab398a99f47488b | source : cve@mitre.org


Vulnerability ID : CVE-2020-13879

First published on : 05-01-2024 08:15:42
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.

CVE ID : CVE-2020-13879
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/878b8c37f238f4de5ff543973ef083f5 | source : cve@mitre.org


Vulnerability ID : CVE-2020-13880

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.

CVE ID : CVE-2020-13880
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/2de8f91ddc6b06b516475d5d67d7efba | source : cve@mitre.org


Vulnerability ID : CVE-2023-50027

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method.

CVE ID : CVE-2023-50027
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50991

First published on : 05-01-2024 10:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

CVE ID : CVE-2023-50991
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet.md | source : cve@mitre.org


Source : xen.org

Vulnerability ID : CVE-2023-34321

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

CVE ID : CVE-2023-34321
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-437.html | source : security@xen.org


Vulnerability ID : CVE-2023-34322

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.

CVE ID : CVE-2023-34322
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-438.html | source : security@xen.org


Vulnerability ID : CVE-2023-34323

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).

CVE ID : CVE-2023-34323
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-440.html | source : security@xen.org


Vulnerability ID : CVE-2023-34324

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

CVE ID : CVE-2023-34324
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-441.html | source : security@xen.org


Vulnerability ID : CVE-2023-34325

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.") CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub.

CVE ID : CVE-2023-34325
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-443.html | source : security@xen.org


Vulnerability ID : CVE-2023-34326

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
The caching invalidation guidelines from the AMD-Vi specification (48882β€”Rev 3.07-PUBβ€”Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

CVE ID : CVE-2023-34326
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-442.html | source : security@xen.org


Vulnerability ID : CVE-2023-34327

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

CVE ID : CVE-2023-34327
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-444.html | source : security@xen.org


Vulnerability ID : CVE-2023-34328

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

CVE ID : CVE-2023-34328
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-444.html | source : security@xen.org


Vulnerability ID : CVE-2023-46835

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.

CVE ID : CVE-2023-46835
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-445.html | source : security@xen.org


Vulnerability ID : CVE-2023-46836

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.

CVE ID : CVE-2023-46836
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-446.html | source : security@xen.org


Vulnerability ID : CVE-2023-46837

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

CVE ID : CVE-2023-46837
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-447.html | source : security@xen.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.