Latest vulnerabilities [Monday, December 11, 2023 + weekend]

Latest vulnerabilities [Monday, December 11, 2023 + weekend]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 12/11/2023 at 07:00:02 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-5008

First published on : 08-12-2023 00:15:07
Last modified on : 11-12-2023 17:47:39

Description :
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

CVE ID : CVE-2023-5008
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/blechacz/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:imsurajghosh:student_information_system:1.0:*:*:*:*:*:*:*


(24) HIGH VULNERABILITIES [7.0, 8.9]

Source : emc.com

Vulnerability ID : CVE-2023-32460

First published on : 08-12-2023 06:15:45
Last modified on : 08-12-2023 14:23:10

Description :
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVE ID : CVE-2023-32460
Source : security_alert@emc.com
CVSS Score : 8.8

References :
https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-306


Source : github.com

Vulnerability ID : CVE-2023-49797

First published on : 09-12-2023 01:15:07
Last modified on : 10-12-2023 11:51:04

Description :
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49797
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/pyinstaller/pyinstaller/pull/7827 | source : security-advisories@github.com
https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 | source : security-advisories@github.com
https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623 | source : security-advisories@github.com

Vulnerability : CWE-379
Vulnerability : CWE-732


Vulnerability ID : CVE-2023-48311

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior.

CVE ID : CVE-2023-48311
Source : security-advisories@github.com
CVSS Score : 8.0

References :
https://github.com/jupyterhub/dockerspawner/commit/3ba4b665b6ca6027ea7a032d7ca3eab977574626 | source : security-advisories@github.com
https://github.com/jupyterhub/dockerspawner/security/advisories/GHSA-hfgr-h3vc-p6c2 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-49799

First published on : 09-12-2023 00:15:07
Last modified on : 10-12-2023 11:51:04

Description :
`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.

CVE ID : CVE-2023-49799
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://fetch.spec.whatwg.org/ | source : security-advisories@github.com
https://fetch.spec.whatwg.org/#http-whitespace-byte | source : security-advisories@github.com
https://github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L31 | source : security-advisories@github.com
https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-3wfp-253j-5jxv | source : security-advisories@github.com
https://infra.spec.whatwg.org/#byte-sequence | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-49800

First published on : 09-12-2023 00:15:07
Last modified on : 10-12-2023 11:51:04

Description :
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.

CVE ID : CVE-2023-49800
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hx-3m4p-749h | source : security-advisories@github.com

Vulnerability : CWE-400
Vulnerability : CWE-674


Vulnerability ID : CVE-2023-49788

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49788
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-501


Vulnerability ID : CVE-2023-49782

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49782
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://apps.nextcloud.com/apps/richdocumentscode | source : security-advisories@github.com
https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr | source : security-advisories@github.com

Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-5869

First published on : 10-12-2023 18:15:07
Last modified on : 11-12-2023 16:15:42

Description :
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

CVE ID : CVE-2023-5869
Source : secalert@redhat.com
CVSS Score : 8.8

References :
https://access.redhat.com/errata/RHSA-2023:7545 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7579 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7580 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7581 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7616 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7656 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7666 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7667 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7694 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7695 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7714 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5869 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247169 | source : secalert@redhat.com
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ | source : secalert@redhat.com
https://www.postgresql.org/support/security/CVE-2023-5869/ | source : secalert@redhat.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-6394

First published on : 09-12-2023 02:15:06
Last modified on : 10-12-2023 11:51:04

Description :
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

CVE ID : CVE-2023-6394
Source : secalert@redhat.com
CVSS Score : 7.4

References :
https://access.redhat.com/security/cve/CVE-2023-6394 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2252197 | source : secalert@redhat.com

Vulnerability : CWE-696


Vulnerability ID : CVE-2023-6606

First published on : 08-12-2023 17:15:07
Last modified on : 08-12-2023 20:18:15

Description :
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE ID : CVE-2023-6606
Source : secalert@redhat.com
CVSS Score : 7.1

References :
https://access.redhat.com/security/cve/CVE-2023-6606 | source : secalert@redhat.com
https://bugzilla.kernel.org/show_bug.cgi?id=218218 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253611 | source : secalert@redhat.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-6610

First published on : 08-12-2023 17:15:07
Last modified on : 08-12-2023 20:18:15

Description :
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

CVE ID : CVE-2023-6610
Source : secalert@redhat.com
CVSS Score : 7.1

References :
https://access.redhat.com/security/cve/CVE-2023-6610 | source : secalert@redhat.com
https://bugzilla.kernel.org/show_bug.cgi?id=218219 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253614 | source : secalert@redhat.com

Vulnerability : CWE-125


Source : cert.vde.com

Vulnerability ID : CVE-2023-5500

First published on : 11-12-2023 07:15:07
Last modified on : 11-12-2023 12:20:45

Description :
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

CVE ID : CVE-2023-5500
Source : info@cert.vde.com
CVSS Score : 8.8

References :
https://cert.vde.com/en/advisories/VDE-2023-049/ | source : info@cert.vde.com

Vulnerability : CWE-94


Source : us.ibm.com

Vulnerability ID : CVE-2023-28523

First published on : 09-12-2023 03:15:06
Last modified on : 10-12-2023 11:51:04

Description :
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.

CVE ID : CVE-2023-28523
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7070188 | source : psirt@us.ibm.com

Vulnerability : CWE-122


Source : documentfoundation.org

Vulnerability ID : CVE-2023-6185

First published on : 11-12-2023 12:15:07
Last modified on : 11-12-2023 12:20:45

Description :
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

CVE ID : CVE-2023-6185
Source : security@documentfoundation.org
CVSS Score : 8.3

References :
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 | source : security@documentfoundation.org


Vulnerability ID : CVE-2023-6186

First published on : 11-12-2023 12:15:07
Last modified on : 11-12-2023 12:20:45

Description :
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

CVE ID : CVE-2023-6186
Source : security@documentfoundation.org
CVSS Score : 8.3

References :
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 | source : security@documentfoundation.org


Source : snyk.io

Vulnerability ID : CVE-2023-26158

First published on : 08-12-2023 05:15:07
Last modified on : 08-12-2023 14:23:10

Description :
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["__proto__", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if (["__proto__", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target }

CVE ID : CVE-2023-26158
Source : report@snyk.io
CVSS Score : 8.2

References :
https://github.com/nuysoft/Mock/blob/00ce04b92eb464e664a4438430903f2de96efb47/dist/mock.js%23L721-L755 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-MOCKJS-6051365 | source : report@snyk.io

Vulnerability : CWE-1321


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-47565

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later

CVE ID : CVE-2023-47565
Source : security@qnapsecurity.com.tw
CVSS Score : 8.0

References :
https://www.qnap.com/en/security-advisory/qsa-23-48 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Source : 6b35d637-e00f-4228-858c-b20ad6e1d07b

Vulnerability ID : CVE-2023-6245

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

CVE ID : CVE-2023-6245
Source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
CVSS Score : 7.5

References :
https://github.com/dfinity/candid/blob/master/spec/Candid.md | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://github.com/dfinity/candid/pull/478 | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://internetcomputer.org/docs/current/references/candid-ref | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b
https://internetcomputer.org/docs/current/references/ic-interface-spec | source : 6b35d637-e00f-4228-858c-b20ad6e1d07b

Vulnerability : CWE-1288
Vulnerability : CWE-168
Vulnerability : CWE-20
Vulnerability : CWE-835


Source : hashicorp.com

Vulnerability ID : CVE-2023-6337

First published on : 08-12-2023 22:15:07
Last modified on : 10-12-2023 11:51:04

Description :
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

CVE ID : CVE-2023-6337
Source : security@hashicorp.com
CVSS Score : 7.5

References :
https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 | source : security@hashicorp.com

Vulnerability : CWE-770


Source : vuldb.com

Vulnerability ID : CVE-2023-6647

First published on : 10-12-2023 07:15:44
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6647
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/gatsby2003/Sqlinjection/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247340 | source : cna@vuldb.com
https://vuldb.com/?id.247340 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6648

First published on : 10-12-2023 09:15:06
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.

CVE ID : CVE-2023-6648
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247341 | source : cna@vuldb.com
https://vuldb.com/?id.247341 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6651

First published on : 10-12-2023 11:15:08
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344.

CVE ID : CVE-2023-6651
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/850362564/BugHub/blob/main/Matrimonial%20Site%20System%20auth.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.247344 | source : cna@vuldb.com
https://vuldb.com/?id.247344 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6652

First published on : 10-12-2023 12:15:07
Last modified on : 11-12-2023 12:20:50

Description :
A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability.

CVE ID : CVE-2023-6652
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/sweatxi/BugHub/blob/main/Matrimonial%20Site%20System%20functions.php%20%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.247345 | source : cna@vuldb.com
https://vuldb.com/?id.247345 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6655

First published on : 10-12-2023 16:15:07
Last modified on : 11-12-2023 12:20:50

Description :
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6655
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/willchen0011/cve/blob/main/HongJing-sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247358 | source : cna@vuldb.com
https://vuldb.com/?id.247358 | source : cna@vuldb.com

Vulnerability : CWE-89


(33) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-6061

First published on : 08-12-2023 00:15:07
Last modified on : 08-12-2023 14:23:10

Description :
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

CVE ID : CVE-2023-6061
Source : psirt@paloaltonetworks.com
CVSS Score : 6.6

References :
https://gist.github.com/AsherDLL/abdd2334ac8872999d73ba7b20328c21 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-426
Vulnerability : CWE-427


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23372

First published on : 08-12-2023 16:15:15
Last modified on : 08-12-2023 16:37:45

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later

CVE ID : CVE-2023-23372
Source : security@qnapsecurity.com.tw
CVSS Score : 6.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-40 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32975

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CVE ID : CVE-2023-32975
Source : security@qnapsecurity.com.tw
CVSS Score : 4.9

References :
https://www.qnap.com/en/security-advisory/qsa-23-07 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-32968

First published on : 08-12-2023 16:15:15
Last modified on : 08-12-2023 16:37:45

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CVE ID : CVE-2023-32968
Source : security@qnapsecurity.com.tw
CVSS Score : 4.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-07 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Source : vuldb.com

Vulnerability ID : CVE-2023-6654

First published on : 10-12-2023 15:15:07
Last modified on : 11-12-2023 12:20:50

Description :
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

CVE ID : CVE-2023-6654
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/jw4Hp9cq7T69 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247357 | source : cna@vuldb.com
https://vuldb.com/?id.247357 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-6659

First published on : 11-12-2023 01:15:07
Last modified on : 11-12-2023 12:20:45

Description :
A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367.

CVE ID : CVE-2023-6659
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Kidjing/cve/blob/main/sql1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247367 | source : cna@vuldb.com
https://vuldb.com/?id.247367 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6607

First published on : 08-12-2023 14:15:07
Last modified on : 08-12-2023 14:23:10

Description :
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6607
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/willchen0011/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247243 | source : cna@vuldb.com
https://vuldb.com/?id.247243 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6608

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6608
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/willchen0011/cve/blob/main/sql2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247244 | source : cna@vuldb.com
https://vuldb.com/?id.247244 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6611

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6611
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/13223355/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247246 | source : cna@vuldb.com
https://vuldb.com/?id.247246 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6612

First published on : 08-12-2023 16:15:18
Last modified on : 09-12-2023 07:15:08

Description :
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6612
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/OraclePi/repo/tree/main/totolink%20X5000R | source : cna@vuldb.com
https://vuldb.com/?ctiid.247247 | source : cna@vuldb.com
https://vuldb.com/?id.247247 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6617

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 20:18:15

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6617
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.247254 | source : cna@vuldb.com
https://vuldb.com/?id.247254 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6618

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 20:18:15

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.

CVE ID : CVE-2023-6618
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.247255 | source : cna@vuldb.com
https://vuldb.com/?id.247255 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc | source : cna@vuldb.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-6619

First published on : 08-12-2023 18:15:06
Last modified on : 08-12-2023 20:18:15

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256.

CVE ID : CVE-2023-6619
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247256 | source : cna@vuldb.com
https://vuldb.com/?id.247256 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6657

First published on : 10-12-2023 21:15:07
Last modified on : 11-12-2023 12:20:45

Description :
A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability.

CVE ID : CVE-2023-6657
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/student_form.php_SQL_injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247365 | source : cna@vuldb.com
https://vuldb.com/?id.247365 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6658

First published on : 10-12-2023 23:15:07
Last modified on : 11-12-2023 12:20:45

Description :
A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6658
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247366 | source : cna@vuldb.com
https://vuldb.com/?id.247366 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6656

First published on : 10-12-2023 21:15:07
Last modified on : 11-12-2023 12:20:45

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2023-6656
Source : cna@vuldb.com
CVSS Score : 5.0

References :
https://github.com/bayuncao/vul-cve-1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247364 | source : cna@vuldb.com
https://vuldb.com/?id.247364 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-6649

First published on : 10-12-2023 10:15:07
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6649
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/tsas-reflected-xss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247342 | source : cna@vuldb.com
https://vuldb.com/?id.247342 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6650

First published on : 10-12-2023 11:15:07
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343.

CVE ID : CVE-2023-6650
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/x1280/CVE/blob/main/Cross-site%20Scriping_cashier.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247343 | source : cna@vuldb.com
https://vuldb.com/?id.247343 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6653

First published on : 10-12-2023 13:15:07
Last modified on : 11-12-2023 12:20:50

Description :
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6653
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247346 | source : cna@vuldb.com
https://vuldb.com/?id.247346 | source : cna@vuldb.com

Vulnerability : CWE-352


Source : incibe.es

Vulnerability ID : CVE-2023-6671

First published on : 11-12-2023 14:15:32
Last modified on : 11-12-2023 14:15:42

Description :
A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

CVE ID : CVE-2023-6671
Source : cve-coordination@incibe.es
CVSS Score : 6.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-open-journal-systems | source : cve-coordination@incibe.es

Vulnerability : CWE-352


Source : us.ibm.com

Vulnerability ID : CVE-2023-28526

First published on : 09-12-2023 03:15:07
Last modified on : 10-12-2023 11:51:04

Description :
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

CVE ID : CVE-2023-28526
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/251204 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7070188 | source : psirt@us.ibm.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-28527

First published on : 09-12-2023 03:15:07
Last modified on : 10-12-2023 11:51:04

Description :
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

CVE ID : CVE-2023-28527
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/251206 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7070188 | source : psirt@us.ibm.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-47722

First published on : 09-12-2023 03:15:07
Last modified on : 10-12-2023 11:51:04

Description :
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

CVE ID : CVE-2023-47722
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/271912 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7087806 | source : psirt@us.ibm.com


Source : python.org

Vulnerability ID : CVE-2023-6507

First published on : 08-12-2023 19:15:08
Last modified on : 08-12-2023 20:18:15

Description :
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).

CVE ID : CVE-2023-6507
Source : cna@python.org
CVSS Score : 6.1

References :
https://github.com/python/cpython/issues/112334 | source : cna@python.org
https://github.com/python/cpython/pull/112617 | source : cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ | source : cna@python.org

Vulnerability : CWE-269


Source : github.com

Vulnerability ID : CVE-2023-49798

First published on : 09-12-2023 00:15:06
Last modified on : 10-12-2023 11:51:04

Description :
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.

CVE ID : CVE-2023-49798
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/88ac712e06832bce73b41e8166cded2729e25205 | source : security-advisories@github.com
https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-699g-q6qh-q4v8 | source : security-advisories@github.com

Vulnerability : CWE-670


Source : opentext.com

Vulnerability ID : CVE-2020-25835

First published on : 09-12-2023 02:15:06
Last modified on : 10-12-2023 11:51:04

Description :
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).

CVE ID : CVE-2020-25835
Source : security@opentext.com
CVSS Score : 5.9

References :
https://community.microfocus.com/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-29/5037.ArcMC_5F00_RelNotes_5F00_2_2D00_9_2D00_6.pdf | source : security@opentext.com


Source : qualys.com

Vulnerability ID : CVE-2023-6146

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.

CVE ID : CVE-2023-6146
Source : bugreport@qualys.com
CVSS Score : 5.7

References :
https://www.qualys.com/security-advisories/ | source : bugreport@qualys.com

Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-6622

First published on : 08-12-2023 18:15:07
Last modified on : 08-12-2023 20:18:15

Description :
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

CVE ID : CVE-2023-6622
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-6622 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253632 | source : secalert@redhat.com
https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-6560

First published on : 09-12-2023 00:15:07
Last modified on : 10-12-2023 11:51:04

Description :
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

CVE ID : CVE-2023-6560
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-6560 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253249 | source : secalert@redhat.com
https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/ | source : secalert@redhat.com

Vulnerability : CWE-823


Vulnerability ID : CVE-2023-5868

First published on : 10-12-2023 18:15:07
Last modified on : 11-12-2023 16:15:42

Description :
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CVE ID : CVE-2023-5868
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/errata/RHSA-2023:7545 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7579 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7580 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7581 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7616 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7656 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7666 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7667 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7694 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7695 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7714 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5868 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247168 | source : secalert@redhat.com
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ | source : secalert@redhat.com
https://www.postgresql.org/support/security/CVE-2023-5868/ | source : secalert@redhat.com

Vulnerability : CWE-686


Source : wordfence.com

Vulnerability ID : CVE-2023-5756

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5756
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/digital-publications-by-supsystic/trunk/classes/frame.php#L144 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6120

First published on : 09-12-2023 07:15:08
Last modified on : 10-12-2023 11:50:56

Description :
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

CVE ID : CVE-2023-6120
Source : security@wordfence.com
CVSS Score : 4.1

References :
https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve | source : security@wordfence.com


Source : mitre.org

Vulnerability ID : CVE-2023-50428

First published on : 09-12-2023 19:15:07
Last modified on : 11-12-2023 17:50:29

Description :
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.

CVE ID : CVE-2023-50428
Source : cve@mitre.org
CVSS Score : 5.3

References :
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | source : cve@mitre.org
https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 | source : cve@mitre.org
https://github.com/bitcoin/bitcoin/tags | source : cve@mitre.org
https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md | source : cve@mitre.org
https://twitter.com/LukeDashjr/status/1732204937466032285 | source : cve@mitre.org

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*
Vulnerable version(s) : 26.0
Vulnerable product(s) : cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*


(9) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6609

First published on : 08-12-2023 15:15:08
Last modified on : 08-12-2023 16:37:45

Description :
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6609
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.247245 | source : cna@vuldb.com
https://vuldb.com/?id.247245 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6615

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 20:18:15

Description :
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6615
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247250 | source : cna@vuldb.com
https://vuldb.com/?id.247250 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6616

First published on : 08-12-2023 17:15:08
Last modified on : 08-12-2023 20:18:15

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability.

CVE ID : CVE-2023-6616
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.247253 | source : cna@vuldb.com
https://vuldb.com/?id.247253 | source : cna@vuldb.com
https://www.yuque.com/u39339523/el4dxs/sxa6f9gywg6vfbur | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6646

First published on : 09-12-2023 22:15:07
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.

CVE ID : CVE-2023-6646
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/sissbruecker/linkding/releases/tag/v1.23.1 | source : cna@vuldb.com
https://treasure-blarney-085.notion.site/linkding-XSS-12709fa5ec664c8ebf6a4a02141252a8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247338 | source : cna@vuldb.com
https://vuldb.com/?id.247338 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6614

First published on : 08-12-2023 16:15:20
Last modified on : 08-12-2023 16:37:40

Description :
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6614
Source : cna@vuldb.com
CVSS Score : 2.7

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247249 | source : cna@vuldb.com
https://vuldb.com/?id.247249 | source : cna@vuldb.com

Vulnerability : CWE-912


Vulnerability ID : CVE-2023-6613

First published on : 08-12-2023 16:15:19
Last modified on : 08-12-2023 16:37:40

Description :
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6613
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247248 | source : cna@vuldb.com
https://vuldb.com/?id.247248 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : huntr.dev

Vulnerability ID : CVE-2023-6599

First published on : 08-12-2023 00:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

CVE ID : CVE-2023-6599
Source : security@huntr.dev
CVSS Score : 3.1

References :
https://github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd | source : security@huntr.dev
https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e | source : security@huntr.dev

Vulnerability : CWE-544


Source : eclipse.org

Vulnerability ID : CVE-2023-6194

First published on : 11-12-2023 14:15:31
Last modified on : 11-12-2023 14:15:42

Description :
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

CVE ID : CVE-2023-6194
Source : emo@eclipse.org
CVSS Score : 2.8

References :
https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631 | source : emo@eclipse.org
https://gitlab.eclipse.org/security/cve-assignement/-/issues/15 | source : emo@eclipse.org
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169 | source : emo@eclipse.org

Vulnerability : CWE-611


Source : redhat.com

Vulnerability ID : CVE-2023-5870

First published on : 10-12-2023 18:15:07
Last modified on : 11-12-2023 16:15:42

Description :
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

CVE ID : CVE-2023-5870
Source : secalert@redhat.com
CVSS Score : 2.2

References :
https://access.redhat.com/errata/RHSA-2023:7545 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7579 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7580 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7581 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7616 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7656 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7666 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7667 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7694 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7695 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7714 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5870 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247170 | source : secalert@redhat.com
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ | source : secalert@redhat.com
https://www.postgresql.org/support/security/CVE-2023-5870/ | source : secalert@redhat.com

Vulnerability : CWE-400


(78) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43742

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.

CVE ID : CVE-2023-43742
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43743

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.

CVE ID : CVE-2023-43743
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org
https://mxvirtual.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-43744

First published on : 08-12-2023 01:15:07
Last modified on : 08-12-2023 14:23:10

Description :
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.

CVE ID : CVE-2023-43744
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | source : cve@mitre.org
https://mxvirtual.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-43305

First published on : 08-12-2023 02:15:06
Last modified on : 08-12-2023 14:23:10

Description :
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43305
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43305.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48122

First published on : 08-12-2023 04:15:06
Last modified on : 08-12-2023 14:23:10

Description :
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

CVE ID : CVE-2023-48122
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/grozdniyandy/1847ad48126d6bba39bdeb49114bc300 | source : cve@mitre.org
https://github.com/microweber/microweber/issues/1042 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48928

First published on : 08-12-2023 05:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

CVE ID : CVE-2023-48928
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MatJosephs/CVEs/tree/main/CVE-2023-48928 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48929

First published on : 08-12-2023 05:15:08
Last modified on : 08-12-2023 14:23:10

Description :
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.

CVE ID : CVE-2023-48929
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MatJosephs/CVEs/tree/main/CVE-2023-48929 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45866

First published on : 08-12-2023 06:15:45
Last modified on : 11-12-2023 03:15:07

Description :
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

CVE ID : CVE-2023-45866
Source : cve@mitre.org
CVSS Score : /

References :
http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog | source : cve@mitre.org
https://bluetooth.com | source : cve@mitre.org
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 | source : cve@mitre.org
https://github.com/skysafe/reblog/tree/main/cve-2023-45866 | source : cve@mitre.org
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/ | source : cve@mitre.org
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46157

First published on : 08-12-2023 13:15:07
Last modified on : 08-12-2023 14:23:10

Description :
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

CVE ID : CVE-2023-46157
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cloudpanel.io/docs/v2/changelog/ | source : cve@mitre.org
https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard | source : cve@mitre.org


Vulnerability ID : CVE-2023-49007

First published on : 08-12-2023 14:15:07
Last modified on : 08-12-2023 14:23:10

Description :
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.

CVE ID : CVE-2023-49007
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/5erua/netgear_orbi_overflow_vulnerability/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49443

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:50

Description :
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

CVE ID : CVE-2023-49443
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/woshinibaba222/DoraCMS-Verification-Code-Reuse | source : cve@mitre.org


Vulnerability ID : CVE-2023-49444

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

CVE ID : CVE-2023-49444
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/woshinibaba222/DoraCMS-File-Upload-Vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2023-49484

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

CVE ID : CVE-2023-49484
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49485

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

CVE ID : CVE-2023-49485
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20storage%20type%20XSS%20in%20the%20column%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49486

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

CVE ID : CVE-2023-49486
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49487

First published on : 08-12-2023 15:15:07
Last modified on : 08-12-2023 16:37:45

Description :
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

CVE ID : CVE-2023-49487
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46493

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

CVE ID : CVE-2023-46493
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46493/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cxa4d94170-be41/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46494

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

CVE ID : CVE-2023-46494
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46494/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cx8ecec391-2014/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46495

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

CVE ID : CVE-2023-46495
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46495/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cxbc6d4599-c1bd/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46496

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

CVE ID : CVE-2023-46496
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46496/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cx943be66a-54cc/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46497

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.

CVE ID : CVE-2023-46497
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46497/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cx16846793-56b6/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46498

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

CVE ID : CVE-2023-46498
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/Cx8b24ace3-0c9a/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/cve-2023-46498/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46499

First published on : 08-12-2023 20:15:07
Last modified on : 08-12-2023 20:18:15

Description :
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

CVE ID : CVE-2023-46499
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/Cx0f8b38be-d5de/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/cve-2023-46499/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47465

First published on : 09-12-2023 06:15:45
Last modified on : 10-12-2023 11:51:04

Description :
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.

CVE ID : CVE-2023-47465
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2652 | source : cve@mitre.org


Vulnerability ID : CVE-2023-28868

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:51:04

Description :
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.

CVE ID : CVE-2023-28868
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0002/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28869

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.

CVE ID : CVE-2023-28869
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0003/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28870

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.

CVE ID : CVE-2023-28870
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0004/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28871

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.

CVE ID : CVE-2023-28871
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0005/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28873

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.

CVE ID : CVE-2023-28873
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0032/ | source : cve@mitre.org
https://manual.seafile.com/changelog/server-changelog/#908-2022-09-07 | source : cve@mitre.org


Vulnerability ID : CVE-2023-28874

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

CVE ID : CVE-2023-28874
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0033/ | source : cve@mitre.org
https://manual.seafile.com/changelog/server-changelog/#908-2022-09-07 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46932

First published on : 09-12-2023 07:15:07
Last modified on : 10-12-2023 11:50:56

Description :
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

CVE ID : CVE-2023-46932
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2669 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47254

First published on : 09-12-2023 08:15:06
Last modified on : 10-12-2023 11:50:56

Description :
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

CVE ID : CVE-2023-47254
Source : cve@mitre.org
CVSS Score : /

References :
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt | source : cve@mitre.org
https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46899

First published on : 09-12-2023 19:15:07
Last modified on : 10-12-2023 11:50:56

Description :
SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.

CVE ID : CVE-2021-46899
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/canton7/SyncTrayzor/issues/666 | source : cve@mitre.org
https://github.com/canton7/SyncTrayzor/releases | source : cve@mitre.org


Vulnerability ID : CVE-2023-50429

First published on : 09-12-2023 22:15:07
Last modified on : 10-12-2023 11:50:56

Description :
IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.

CVE ID : CVE-2023-50429
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/orangecertcc/security-research/security/advisories/GHSA-mc3w-rv8p-f9xf | source : cve@mitre.org


Vulnerability ID : CVE-2023-50430

First published on : 09-12-2023 22:15:07
Last modified on : 10-12-2023 11:50:56

Description :
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.

CVE ID : CVE-2023-50430
Source : cve@mitre.org
CVSS Score : /

References :
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50431

First published on : 09-12-2023 23:15:07
Last modified on : 10-12-2023 11:50:56

Description :
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

CVE ID : CVE-2023-50431
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50446

First published on : 10-12-2023 17:15:07
Last modified on : 11-12-2023 12:20:50

Description :
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.

CVE ID : CVE-2023-50446
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mullvad/mullvadvpn-app/pull/5398 | source : cve@mitre.org
https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6 | source : cve@mitre.org
https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50449

First published on : 10-12-2023 18:15:07
Last modified on : 11-12-2023 12:20:50

Description :
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

CVE ID : CVE-2023-50449
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6 | source : cve@mitre.org


Vulnerability ID : CVE-2022-48614

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:50

Description :
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.

CVE ID : CVE-2022-48614
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/SemanticMediaWiki/SemanticMediaWiki/issues/5262 | source : cve@mitre.org
https://www.semantic-mediawiki.org/wiki/Semantic_MediaWiki_4.0.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50453

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.

CVE ID : CVE-2023-50453
Source : cve@mitre.org
CVSS Score : /

References :
https://zammad.com/en/advisories/zaa-2023-08 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50454

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.

CVE ID : CVE-2023-50454
Source : cve@mitre.org
CVSS Score : /

References :
https://zammad.com/en/advisories/zaa-2023-04 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50455

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).

CVE ID : CVE-2023-50455
Source : cve@mitre.org
CVSS Score : /

References :
https://zammad.com/en/advisories/zaa-2023-06 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50456

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.

CVE ID : CVE-2023-50456
Source : cve@mitre.org
CVSS Score : /

References :
https://zammad.com/en/advisories/zaa-2023-07 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50457

First published on : 10-12-2023 19:15:07
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.

CVE ID : CVE-2023-50457
Source : cve@mitre.org
CVSS Score : /

References :
https://zammad.com/en/advisories/zaa-2023-05 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50463

First published on : 10-12-2023 23:15:07
Last modified on : 11-12-2023 12:20:45

Description :
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

CVE ID : CVE-2023-50463
Source : cve@mitre.org
CVSS Score : /

References :
https://caddyserver.com/v2 | source : cve@mitre.org
https://github.com/shift72/caddy-geo-ip/issues/4 | source : cve@mitre.org
https://github.com/shift72/caddy-geo-ip/tags | source : cve@mitre.org


Vulnerability ID : CVE-2023-50465

First published on : 11-12-2023 01:15:07
Last modified on : 11-12-2023 12:20:45

Description :
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

CVE ID : CVE-2023-50465
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Crypt0Cr33py/monicahqvuln | source : cve@mitre.org
https://github.com/monicahq/monica/releases | source : cve@mitre.org
https://www.monicahq.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-49355

First published on : 11-12-2023 07:15:07
Last modified on : 11-12-2023 12:20:45

Description :
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input.

CVE ID : CVE-2023-49355
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jqlang/jq/blob/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa/src/decNumber/decNumber.c#L3764 | source : cve@mitre.org
https://github.com/jqlang/jq/tree/88f01a741c8d63c4d1b5bc3ef61520c6eb93edaa | source : cve@mitre.org
https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49964

First published on : 11-12-2023 08:15:06
Last modified on : 11-12-2023 12:20:45

Description :
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.

CVE ID : CVE-2023-49964
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mbadanoiu/CVE-2023-49964 | source : cve@mitre.org
https://www.alfresco.com/products/community/download | source : cve@mitre.org


Vulnerability ID : CVE-2023-49417

First published on : 11-12-2023 14:15:31
Last modified on : 11-12-2023 14:15:42

Description :
TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

CVE ID : CVE-2023-49417
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setOpModeCfg | source : cve@mitre.org


Vulnerability ID : CVE-2023-49418

First published on : 11-12-2023 14:15:31
Last modified on : 11-12-2023 14:15:42

Description :
TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

CVE ID : CVE-2023-49418
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-48397

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48397
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48398

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48398
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48399

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48399
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48401

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48401
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48402

First published on : 08-12-2023 16:15:16
Last modified on : 08-12-2023 16:37:45

Description :
In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48402
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48403

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:45

Description :
In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48403
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48404

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48404
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48405

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48405
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48406

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48406
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48407

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48407
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48408

First published on : 08-12-2023 16:15:17
Last modified on : 08-12-2023 16:37:40

Description :
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48408
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48409

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48409
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48410

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48410
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48411

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48411
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48412

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48412
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48413

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48413
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48414

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48414
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48415

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48415
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48416

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48416
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48420

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48420
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48421

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48421
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48422

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48422
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48423

First published on : 08-12-2023 16:15:18
Last modified on : 08-12-2023 16:37:40

Description :
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-48423
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48417

First published on : 11-12-2023 06:15:42
Last modified on : 11-12-2023 12:20:45

Description :
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application

CVE ID : CVE-2023-48417
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48424

First published on : 11-12-2023 06:15:42
Last modified on : 11-12-2023 12:20:45

Description :
U-Boot shell vulnerability resulting in Privilege escalation in a production device

CVE ID : CVE-2023-48424
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-48425

First published on : 11-12-2023 06:15:42
Last modified on : 11-12-2023 12:20:45

Description :
U-Boot vulnerability resulting in persistent Code Execution

CVE ID : CVE-2023-48425
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-12-01 | source : dsap-vuln-management@google.com


Vulnerability ID : CVE-2023-6181

First published on : 11-12-2023 06:15:42
Last modified on : 11-12-2023 12:20:45

Description :
An oversight in BCB handling of reboot reason that allows for persistent code execution

CVE ID : CVE-2023-6181
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-12-01 | source : dsap-vuln-management@google.com


Source : xen.org

Vulnerability ID : CVE-2023-34320

First published on : 08-12-2023 21:15:07
Last modified on : 10-12-2023 11:51:04

Description :
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.

CVE ID : CVE-2023-34320
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-436.html | source : security@xen.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.