Latest vulnerabilities [Monday, December 25, 2023 + weekend]

Latest vulnerabilities [Monday, December 25, 2023 + weekend]
{{titre}}

Last update performed on 12/25/2023 at 06:00:06 PM

(10) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-49684

First published on : 22-12-2023 00:15:35
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49684
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49685

First published on : 22-12-2023 00:15:35
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTime' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49685
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49686

First published on : 22-12-2023 00:15:35
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49686
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49687

First published on : 22-12-2023 00:15:35
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtPass' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49687
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49688

First published on : 22-12-2023 00:15:35
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49688
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49689

First published on : 22-12-2023 00:15:36
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49689
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49690

First published on : 22-12-2023 00:15:36
Last modified on : 22-12-2023 12:18:32

Description :
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'WalkinId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49690
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/pollini/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Source : vuldb.com

Vulnerability ID : CVE-2023-7095

First published on : 25-12-2023 01:15:08
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7095
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/unpWn4bL3/iot-security/blob/main/2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248942 | source : cna@vuldb.com
https://vuldb.com/?id.248942 | source : cna@vuldb.com

Vulnerability : CWE-120


Source : github.com

Vulnerability ID : CVE-2023-50254

First published on : 22-12-2023 17:15:09
Last modified on : 22-12-2023 20:32:34

Description :
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.

CVE ID : CVE-2023-50254
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04 | source : security-advisories@github.com
https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6 | source : security-advisories@github.com
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495 | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-27


Vulnerability ID : CVE-2023-50731

First published on : 22-12-2023 21:15:08
Last modified on : 25-12-2023 03:08:20

Description :
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.

CVE ID : CVE-2023-50731
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125 | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138 | source : security-advisories@github.com
https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/ | source : security-advisories@github.com

Vulnerability : CWE-918


(22) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2023-49085

First published on : 22-12-2023 17:15:07
Last modified on : 22-12-2023 20:32:34

Description :
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

CVE ID : CVE-2023-49085
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451 | source : security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855 | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-51448

First published on : 22-12-2023 17:15:09
Last modified on : 22-12-2023 20:32:34

Description :
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.

CVE ID : CVE-2023-51448
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941 | source : security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594 | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-51661

First published on : 22-12-2023 15:15:08
Last modified on : 22-12-2023 20:32:41

Description :
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

CVE ID : CVE-2023-51661
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c | source : security-advisories@github.com
https://github.com/wasmerio/wasmer/issues/4267 | source : security-advisories@github.com
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-51386

First published on : 22-12-2023 22:15:07
Last modified on : 25-12-2023 03:08:20

Description :
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.

CVE ID : CVE-2023-51386
Source : security-advisories@github.com
CVSS Score : 7.8

References :
https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79 | source : security-advisories@github.com
https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-p7w3-j66h-m7mx | source : security-advisories@github.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2022-39337

First published on : 22-12-2023 15:15:07
Last modified on : 22-12-2023 20:32:41

Description :
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.

CVE ID : CVE-2022-39337
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876 | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/issues/377 | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/pull/382 | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6 | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-863


Vulnerability ID : CVE-2023-50730

First published on : 22-12-2023 21:15:07
Last modified on : 25-12-2023 03:08:20

Description :
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing.

CVE ID : CVE-2023-50730
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f36cbfd | source : security-advisories@github.com
https://github.com/typelevel/grackle/releases/tag/v0.18.0 | source : security-advisories@github.com
https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8 | source : security-advisories@github.com

Vulnerability : CWE-400
Vulnerability : CWE-770


Vulnerability ID : CVE-2023-51650

First published on : 22-12-2023 21:15:09
Last modified on : 25-12-2023 03:08:20

Description :
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

CVE ID : CVE-2023-51650
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 | source : security-advisories@github.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-50924

First published on : 22-12-2023 21:15:08
Last modified on : 25-12-2023 03:08:20

Description :
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1.

CVE ID : CVE-2023-50924
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/engelsystem/engelsystem/commit/efda1ffc1ce59f02a7d237d9087adea26e73ec5f | source : security-advisories@github.com
https://github.com/engelsystem/engelsystem/security/advisories/GHSA-p5ch-rrpm-wvhm | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-51387

First published on : 22-12-2023 21:15:08
Last modified on : 25-12-2023 03:08:20

Description :
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.

CVE ID : CVE-2023-51387
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2 | source : security-advisories@github.com
https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj | source : security-advisories@github.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-50928

First published on : 22-12-2023 21:15:08
Last modified on : 25-12-2023 03:08:20

Description :
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.

CVE ID : CVE-2023-50928
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79 | source : security-advisories@github.com
https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-cg8w-7q5v-g32r | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-48704

First published on : 22-12-2023 16:15:08
Last modified on : 22-12-2023 20:32:41

Description :
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

CVE ID : CVE-2023-48704
Source : security-advisories@github.com
CVSS Score : 7.0

References :
https://github.com/ClickHouse/ClickHouse/pull/57107 | source : security-advisories@github.com
https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63 | source : security-advisories@github.com

Vulnerability : CWE-120
Vulnerability : CWE-122


Source : moxa.com

Vulnerability ID : CVE-2023-5961

First published on : 23-12-2023 09:15:07
Last modified on : 25-12-2023 03:08:20

Description :
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

CVE ID : CVE-2023-5961
Source : psirt@moxa.com
CVSS Score : 8.8

References :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability | source : psirt@moxa.com

Vulnerability : CWE-352


Source : wordfence.com

Vulnerability ID : CVE-2023-6971

First published on : 23-12-2023 02:15:45
Last modified on : 25-12-2023 03:08:20

Description :
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

CVE ID : CVE-2023-6971
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3012745/backup-backup | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6972

First published on : 23-12-2023 02:15:45
Last modified on : 25-12-2023 03:08:20

Description :
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

CVE ID : CVE-2023-6972
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bypasser.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3012745/backup-backup | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2020-36769

First published on : 23-12-2023 10:15:08
Last modified on : 25-12-2023 03:08:20

Description :
The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2020-36769
Source : security@wordfence.com
CVSS Score : 7.4

References :
https://www.wordfence.com/blog/2020/04/unpatched-high-severity-vulnerability-in-widget-settings-importer-exporter-plugin/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7002

First published on : 23-12-2023 02:15:45
Last modified on : 25-12-2023 03:08:20

Description :
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.

CVE ID : CVE-2023-7002
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3012745/backup-backup | source : security@wordfence.com
https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve | source : security@wordfence.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-42017

First published on : 22-12-2023 16:15:07
Last modified on : 22-12-2023 20:32:41

Description :
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

CVE ID : CVE-2023-42017
Source : psirt@us.ibm.com
CVSS Score : 8.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7096528 | source : psirt@us.ibm.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-49880

First published on : 25-12-2023 03:15:08
Last modified on : 25-12-2023 03:15:08

Description :
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

CVE ID : CVE-2023-49880
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7101167 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2021-38927

First published on : 25-12-2023 03:15:07
Last modified on : 25-12-2023 03:15:07

Description :
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.

CVE ID : CVE-2021-38927
Source : psirt@us.ibm.com
CVSS Score : 7.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/210322 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7101252 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43064

First published on : 25-12-2023 03:15:08
Last modified on : 25-12-2023 03:15:08

Description :
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.

CVE ID : CVE-2023-43064
Source : psirt@us.ibm.com
CVSS Score : 7.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267689 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7101330 | source : psirt@us.ibm.com

Vulnerability : CWE-427


Source : emc.com

Vulnerability ID : CVE-2023-48670

First published on : 22-12-2023 16:15:08
Last modified on : 22-12-2023 20:32:41

Description :
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

CVE ID : CVE-2023-48670
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000220677/dsa-2023-468-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-426


Vulnerability ID : CVE-2023-43088

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

CVE ID : CVE-2023-43088
Source : security_alert@emc.com
CVSS Score : 7.2

References :
https://www.dell.com/support/kbdoc/en-us/000218223/dsa-2023-377 | source : security_alert@emc.com

Vulnerability : CWE-16


(37) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-50714

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available.

CVE ID : CVE-2023-50714
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/commit/721ed974bc44137437b0cdc8454e137fff8db213 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-rw54-6826-c8j5 | source : security-advisories@github.com

Vulnerability : CWE-347
Vulnerability : CWE-918


Vulnerability ID : CVE-2023-50725

First published on : 22-12-2023 20:15:07
Last modified on : 22-12-2023 20:32:25

Description :
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.

CVE ID : CVE-2023-50725
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/resque/resque/commit/ee99d2ed6cc75d9d384483b70c2d96d312115f07 | source : security-advisories@github.com
https://github.com/resque/resque/pull/1790 | source : security-advisories@github.com
https://github.com/resque/resque/security/advisories/GHSA-gc3j-vvwf-4rp8 | source : security-advisories@github.com
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resque/CVE-2023-50725.yml | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50727

First published on : 22-12-2023 21:15:07
Last modified on : 25-12-2023 03:08:20

Description :
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.

CVE ID : CVE-2023-50727
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/resque/resque/commit/7623b8dfbdd0a07eb04b19fb25b16a8d6f087f9a | source : security-advisories@github.com
https://github.com/resque/resque/pull/1865 | source : security-advisories@github.com
https://github.com/resque/resque/security/advisories/GHSA-r9mq-m72x-257g | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49086

First published on : 22-12-2023 00:15:34
Last modified on : 22-12-2023 12:18:32

Description :
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26.

CVE ID : CVE-2023-49086
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49088

First published on : 22-12-2023 17:15:08
Last modified on : 22-12-2023 20:32:34

Description :
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.

CVE ID : CVE-2023-49088
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php | source : security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h | source : security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50708

First published on : 22-12-2023 19:15:08
Last modified on : 22-12-2023 20:32:25

Description :
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.

CVE ID : CVE-2023-50708
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248 | source : security-advisories@github.com
https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp | source : security-advisories@github.com

Vulnerability : CWE-203


Vulnerability ID : CVE-2023-51662

First published on : 22-12-2023 17:15:10
Last modified on : 22-12-2023 20:32:34

Description :
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.

CVE ID : CVE-2023-51662
Source : security-advisories@github.com
CVSS Score : 6.0

References :
https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023 | source : security-advisories@github.com
https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h | source : security-advisories@github.com

Vulnerability : CWE-295


Vulnerability ID : CVE-2023-51651

First published on : 22-12-2023 21:15:09
Last modified on : 25-12-2023 03:08:20

Description :
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.

CVE ID : CVE-2023-51651
Source : security-advisories@github.com
CVSS Score : 6.0

References :
https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2 | source : security-advisories@github.com
https://github.com/aws/aws-sdk-php/releases/tag/3.288.1 | source : security-advisories@github.com
https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-51449

First published on : 22-12-2023 21:15:09
Last modified on : 25-12-2023 03:08:20

Description :
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.

CVE ID : CVE-2023-51449
Source : security-advisories@github.com
CVSS Score : 5.6

References :
https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 | source : security-advisories@github.com
https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055 | source : security-advisories@github.com
https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-49791

First published on : 22-12-2023 17:15:08
Last modified on : 22-12-2023 20:32:34

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.

CVE ID : CVE-2023-49791
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3f8p-6qww-2prr | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/41520 | source : security-advisories@github.com
https://hackerone.com/reports/2120667 | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-287


Vulnerability ID : CVE-2023-50250

First published on : 22-12-2023 17:15:09
Last modified on : 22-12-2023 20:32:34

Description :
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

CVE ID : CVE-2023-50250
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php | source : security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49792

First published on : 22-12-2023 17:15:08
Last modified on : 22-12-2023 20:32:34

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.

CVE ID : CVE-2023-49792
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5j2p-q736-hw98 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/41526 | source : security-advisories@github.com
https://hackerone.com/reports/2230915 | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-50258

First published on : 22-12-2023 17:15:09
Last modified on : 22-12-2023 20:32:34

Description :
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.

CVE ID : CVE-2023-50258
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py#L64 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L158 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/releases/tag/v1.0.19 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/ | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-50259

First published on : 22-12-2023 17:15:09
Last modified on : 22-12-2023 20:32:34

Description :
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.

CVE ID : CVE-2023-50259
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/releases/tag/v1.0.19 | source : security-advisories@github.com
https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/ | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-50712

First published on : 22-12-2023 20:15:07
Last modified on : 22-12-2023 20:32:25

Description :
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.

CVE ID : CVE-2023-50712
Source : security-advisories@github.com
CVSS Score : 4.6

References :
https://github.com/dfir-iris/iris-web/releases/tag/v2.3.7 | source : security-advisories@github.com
https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p | source : security-advisories@github.com

Vulnerability : CWE-79
Vulnerability : CWE-87


Vulnerability ID : CVE-2023-49790

First published on : 22-12-2023 17:15:08
Last modified on : 22-12-2023 20:32:34

Description :
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.

CVE ID : CVE-2023-49790
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/ios/pull/2665 | source : security-advisories@github.com
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv | source : security-advisories@github.com
https://hackerone.com/reports/2245437 | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-51451

First published on : 22-12-2023 21:15:09
Last modified on : 25-12-2023 03:08:20

Description :
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`.

CVE ID : CVE-2023-51451
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/getsentry/self-hosted/releases/tag/23.12.1 | source : security-advisories@github.com
https://github.com/getsentry/symbolicator/pull/1343 | source : security-advisories@github.com
https://github.com/getsentry/symbolicator/releases/tag/23.12.1 | source : security-advisories@github.com
https://github.com/getsentry/symbolicator/security/advisories/GHSA-ghg9-7m82-h96r | source : security-advisories@github.com

Vulnerability : CWE-918


Source : emc.com

Vulnerability ID : CVE-2023-39251

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CVE ID : CVE-2023-39251
Source : security_alert@emc.com
CVSS Score : 6.7

References :
https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342 | source : security_alert@emc.com

Vulnerability : CWE-20


Source : redhat.com

Vulnerability ID : CVE-2023-7090

First published on : 23-12-2023 23:15:07
Last modified on : 25-12-2023 03:08:09

Description :
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

CVE ID : CVE-2023-7090
Source : secalert@redhat.com
CVSS Score : 6.6

References :
https://access.redhat.com/security/cve/CVE-2023-7090 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | source : secalert@redhat.com
https://www.sudo.ws/releases/legacy/#1.8.28 | source : secalert@redhat.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-7008

First published on : 23-12-2023 13:15:07
Last modified on : 25-12-2023 03:08:20

Description :
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

CVE ID : CVE-2023-7008
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2023-7008 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | source : secalert@redhat.com
https://github.com/systemd/systemd/issues/25676 | source : secalert@redhat.com

Vulnerability : CWE-300


Source : moxa.com

Vulnerability ID : CVE-2023-5962

First published on : 23-12-2023 09:15:08
Last modified on : 25-12-2023 03:08:20

Description :
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.

CVE ID : CVE-2023-5962
Source : psirt@moxa.com
CVSS Score : 6.5

References :
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability | source : psirt@moxa.com

Vulnerability : CWE-327


Source : wordfence.com

Vulnerability ID : CVE-2023-6744

First published on : 23-12-2023 10:15:10
Last modified on : 25-12-2023 03:08:20

Description :
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6744
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://www.elegantthemes.com/api/changelog/divi.txt | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2023-7058

First published on : 22-12-2023 05:15:13
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.

CVE ID : CVE-2023-7058
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/Simple-Student-Attendance-System | source : cna@vuldb.com
https://vuldb.com/?ctiid.248749 | source : cna@vuldb.com
https://vuldb.com/?id.248749 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2023-7091

First published on : 24-12-2023 21:15:25
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7091
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.248938 | source : cna@vuldb.com
https://vuldb.com/?id.248938 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-7097

First published on : 25-12-2023 02:15:44
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability.

CVE ID : CVE-2023-7097
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Glunko/vulnerability/blob/main/Water-Billing-System_sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248949 | source : cna@vuldb.com
https://vuldb.com/?id.248949 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7099

First published on : 25-12-2023 03:15:08
Last modified on : 25-12-2023 03:15:08

Description :
A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951.

CVE ID : CVE-2023-7099
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/heishou/blob/main/niv%20-SQL | source : cna@vuldb.com
https://github.com/laoquanshi/heishou/blob/main/sqlmap.png | source : cna@vuldb.com
https://vuldb.com/?ctiid.248951 | source : cna@vuldb.com
https://vuldb.com/?id.248951 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7100

First published on : 25-12-2023 03:15:08
Last modified on : 25-12-2023 08:15:08

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952.

CVE ID : CVE-2023-7100
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://medium.com/@2839549219ljk/restaurant-table-booking-system-sql-injection-vulnerability-30708cfabe03 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248952 | source : cna@vuldb.com
https://vuldb.com/?id.248952 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7054

First published on : 22-12-2023 02:15:43
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.

CVE ID : CVE-2023-7054
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_malicious_fileupload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248741 | source : cna@vuldb.com
https://vuldb.com/?id.248741 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-7093

First published on : 25-12-2023 00:15:08
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7093
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/L1hGe9BDlbnt | source : cna@vuldb.com
https://vuldb.com/?ctiid.248940 | source : cna@vuldb.com
https://vuldb.com/?id.248940 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-7094

First published on : 25-12-2023 00:15:08
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7094
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.248941 | source : cna@vuldb.com
https://vuldb.com/?id.248941 | source : cna@vuldb.com
https://www.yuque.com/wangjie-0l1rh/prbq8b/iyxa0t8rntyve4s0?singleDoc#%20%E3%80%8AThe%20information%20disclosure%20vulnerability%20in%20the%20Netentsec%20NS-ASG%20Application%20Security%20Gateway%E3%80%8B | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-7096

First published on : 25-12-2023 01:15:08
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948.

CVE ID : CVE-2023-7096
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Glunko/vulnerability/blob/main/Faculty-Management-System_sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248948 | source : cna@vuldb.com
https://vuldb.com/?id.248948 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2016-15036

First published on : 23-12-2023 20:15:37
Last modified on : 25-12-2023 03:08:09

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2016-15036
Source : cna@vuldb.com
CVSS Score : 4.6

References :
https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f | source : cna@vuldb.com
https://github.com/deis/workflow-manager/pull/94 | source : cna@vuldb.com
https://github.com/deis/workflow-manager/releases/tag/v2.3.3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248847 | source : cna@vuldb.com
https://vuldb.com/?id.248847 | source : cna@vuldb.com

Vulnerability : CWE-362


Vulnerability ID : CVE-2023-7052

First published on : 22-12-2023 01:15:12
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.

CVE ID : CVE-2023-7052
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248739 | source : cna@vuldb.com
https://vuldb.com/?id.248739 | source : cna@vuldb.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-7055

First published on : 22-12-2023 03:15:09
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7055
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/notes_parameter_tampering.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248742 | source : cna@vuldb.com
https://vuldb.com/?id.248742 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-7092

First published on : 24-12-2023 23:15:08
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7092
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/15Wr3EL4cpAS_H_Vp7TuIftssxAuzb4SL/view | source : cna@vuldb.com
https://vuldb.com/?ctiid.248939 | source : cna@vuldb.com
https://vuldb.com/?id.248939 | source : cna@vuldb.com

Vulnerability : CWE-352


Source : us.ibm.com

Vulnerability ID : CVE-2023-45165

First published on : 22-12-2023 16:15:08
Last modified on : 22-12-2023 20:32:41

Description :
IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.

CVE ID : CVE-2023-45165
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267963 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7100970 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Source : cisco.com

Vulnerability ID : CVE-2023-49594

First published on : 23-12-2023 20:15:38
Last modified on : 25-12-2023 03:08:09

Description :
An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.

CVE ID : CVE-2023-49594
Source : talos-cna@cisco.com
CVSS Score : 4.5

References :
https://github.com/instipod/DuoUniversalKeycloakAuthenticator/releases/tag/1.0.8 | source : talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1907 | source : talos-cna@cisco.com

Vulnerability : CWE-201


(10) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-48308

First published on : 22-12-2023 00:15:34
Last modified on : 22-12-2023 12:18:32

Description :
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3

CVE ID : CVE-2023-48308
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/nextcloud/calendar/pull/5553 | source : security-advisories@github.com
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-qvjr-5rv8 | source : security-advisories@github.com

Vulnerability : CWE-1258


Vulnerability ID : CVE-2023-51649

First published on : 22-12-2023 17:15:10
Last modified on : 22-12-2023 20:32:34

Description :
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0

CVE ID : CVE-2023-51649
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/nautobot/nautobot/issues/4988 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/pull/4993 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/pull/4995 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999 | source : security-advisories@github.com

Vulnerability : CWE-863


Source : vuldb.com

Vulnerability ID : CVE-2023-7057

First published on : 22-12-2023 04:15:09
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744.

CVE ID : CVE-2023-7057
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1s2kLMjnUvlrD_XocoDl3-ABrWYTo5Azd/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.248744 | source : cna@vuldb.com
https://vuldb.com/?id.248744 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7059

First published on : 22-12-2023 05:15:14
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7059
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/school-visitors-log-e-book.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248750 | source : cna@vuldb.com
https://vuldb.com/?id.248750 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7075

First published on : 22-12-2023 12:15:27
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7075
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Glunko/vulnerability/blob/main/Point-of-Sales-And-Inventory-Management-System.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248846 | source : cna@vuldb.com
https://vuldb.com/?id.248846 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7076

First published on : 22-12-2023 14:15:07
Last modified on : 22-12-2023 20:32:41

Description :
A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.

CVE ID : CVE-2023-7076
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/otsoft/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190 | source : cna@vuldb.com
https://github.com/slawkens/myaac/releases/tag/v0.8.14 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248848 | source : cna@vuldb.com
https://vuldb.com/?id.248848 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7053

First published on : 22-12-2023 02:15:43
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.

CVE ID : CVE-2023-7053
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_weakpass.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248740 | source : cna@vuldb.com
https://vuldb.com/?id.248740 | source : cna@vuldb.com

Vulnerability : CWE-521


Vulnerability ID : CVE-2014-125108

First published on : 23-12-2023 17:15:07
Last modified on : 25-12-2023 03:08:09

Description :
A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.

CVE ID : CVE-2014-125108
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e | source : cna@vuldb.com
https://vuldb.com/?ctiid.248849 | source : cna@vuldb.com
https://vuldb.com/?id.248849 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7098

First published on : 25-12-2023 02:15:44
Last modified on : 25-12-2023 03:08:09

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2023-7098
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://note.zhaoj.in/share/MHnV2WLY9rxU | source : cna@vuldb.com
https://vuldb.com/?ctiid.248950 | source : cna@vuldb.com
https://vuldb.com/?id.248950 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2023-7056

First published on : 22-12-2023 03:15:10
Last modified on : 22-12-2023 12:18:32

Description :
A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743.

CVE ID : CVE-2023-7056
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1XDGcSRytGV11YWuhIuW_4GvD7kEpgjZT/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.248743 | source : cna@vuldb.com
https://vuldb.com/?id.248743 | source : cna@vuldb.com

Vulnerability : CWE-79


(78) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-51704

First published on : 22-12-2023 02:15:42
Last modified on : 22-12-2023 12:18:32

Description :
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

CVE ID : CVE-2023-51704
Source : cve@mitre.org
CVSS Score : /

References :
https://phabricator.wikimedia.org/T347726 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51707

First published on : 22-12-2023 02:15:43
Last modified on : 22-12-2023 12:18:32

Description :
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.

CVE ID : CVE-2023-51707
Source : cve@mitre.org
CVSS Score : /

References :
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Command_Injection_Attacks.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-51708

First published on : 22-12-2023 02:15:43
Last modified on : 22-12-2023 12:18:32

Description :
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.

CVE ID : CVE-2023-51708
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bentley.com/advisories/be-2023-0002/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51713

First published on : 22-12-2023 03:15:09
Last modified on : 22-12-2023 12:18:32

Description :
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.

CVE ID : CVE-2023-51713
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/proftpd/proftpd/blob/1.3.8/NEWS | source : cve@mitre.org
https://github.com/proftpd/proftpd/issues/1683 | source : cve@mitre.org
https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554 | source : cve@mitre.org


Vulnerability ID : CVE-2022-47532

First published on : 22-12-2023 04:15:08
Last modified on : 22-12-2023 12:18:32

Description :
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request.

CVE ID : CVE-2022-47532
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/usd-2022-0064/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-24609

First published on : 22-12-2023 04:15:08
Last modified on : 22-12-2023 12:18:32

Description :
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.

CVE ID : CVE-2023-24609
Source : cve@mitre.org
CVSS Score : /

References :
https://www.rambus.com/security/software-protocols/tls-toolkit/ | source : cve@mitre.org
https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43116

First published on : 22-12-2023 10:15:11
Last modified on : 22-12-2023 12:18:32

Description :
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.

CVE ID : CVE-2023-43116
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43741

First published on : 22-12-2023 10:15:11
Last modified on : 22-12-2023 12:18:32

Description :
A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.

CVE ID : CVE-2023-43741
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49356

First published on : 22-12-2023 10:15:11
Last modified on : 22-12-2023 12:18:32

Description :
A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.

CVE ID : CVE-2023-49356
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49391

First published on : 22-12-2023 11:15:07
Last modified on : 22-12-2023 12:18:32

Description :
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.

CVE ID : CVE-2023-49391
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/free5gc/free5gc/issues/497 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50569

First published on : 22-12-2023 11:15:07
Last modified on : 24-12-2023 16:15:49

Description :
Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.

CVE ID : CVE-2023-50569
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf | source : cve@mitre.org
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42465

First published on : 22-12-2023 16:15:08
Last modified on : 22-12-2023 20:32:41

Description :
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

CVE ID : CVE-2023-42465
Source : cve@mitre.org
CVSS Score : /

References :
https://arxiv.org/abs/2309.02545 | source : cve@mitre.org
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f | source : cve@mitre.org
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/21/9 | source : cve@mitre.org
https://www.sudo.ws/releases/changelog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45957

First published on : 22-12-2023 16:15:08
Last modified on : 22-12-2023 20:32:41

Description :
A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.

CVE ID : CVE-2023-45957
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968 | source : cve@mitre.org
https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0 | source : cve@mitre.org
https://zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51023

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.

CVE ID : CVE-2023-51023
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031NTPSyncWithHost-host_time/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51024

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51024
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setNtpCfg-tz/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51025

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51025
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51026

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51026
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setRebootScheCfg-hour/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51027

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51027
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliAuthMode/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51028

First published on : 22-12-2023 18:15:07
Last modified on : 22-12-2023 20:32:34

Description :
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.

CVE ID : CVE-2023-51028
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliChannel/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50147

First published on : 22-12-2023 19:15:08
Last modified on : 22-12-2023 20:32:25

Description :
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.

CVE ID : CVE-2023-50147
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setDiagnosisCfg%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51011

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi

CVE ID : CVE-2023-51011
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanPriDns/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51012

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51012
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanGateway/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51013

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51013
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanNetmask/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51014

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi

CVE ID : CVE-2023-51014
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig_lanSecDns/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51015

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi

CVE ID : CVE-2023-51015
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setDmzCfg/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51016

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51016
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/10/EX1800T/TOTOlink%20EX1800T_V9.1.0cu.2112_B20220316%28setRebootScheCfg%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51017

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51017
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanIp/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51018

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51018
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setWiFiApConfig-opmode/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51019

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.

CVE ID : CVE-2023-51019
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-key5g/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51020

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51020
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setLanguageCfg-langType/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51021

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51021
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setRptWizardCfg-merge/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51022

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.

CVE ID : CVE-2023-51022
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setLanguageCfg-langFlag/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51033

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.

CVE ID : CVE-2023-51033
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51034

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.

CVE ID : CVE-2023-51034
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51035

First published on : 22-12-2023 19:15:09
Last modified on : 22-12-2023 20:32:25

Description :
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.

CVE ID : CVE-2023-51035
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51763

First published on : 24-12-2023 04:15:07
Last modified on : 25-12-2023 03:08:09

Description :
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

CVE ID : CVE-2023-51763
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/activeadmin/activeadmin/commit/697be2b183491beadc8f0b7d8b5bfb44f2387909 | source : cve@mitre.org
https://github.com/activeadmin/activeadmin/pull/8161 | source : cve@mitre.org
https://github.com/activeadmin/activeadmin/releases/tag/v3.2.0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51764

First published on : 24-12-2023 05:15:08
Last modified on : 25-12-2023 03:08:09

Description :
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Postfix server, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

CVE ID : CVE-2023-51764
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.postfix.org/smtp-smuggling.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51765

First published on : 24-12-2023 06:15:07
Last modified on : 25-12-2023 03:08:09

Description :
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the sendmail server, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

CVE ID : CVE-2023-51765
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/21/7 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/22/7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51766

First published on : 24-12-2023 06:15:07
Last modified on : 25-12-2023 03:08:09

Description :
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

CVE ID : CVE-2023-51766
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://bugs.exim.org/show_bug.cgi?id=3063 | source : cve@mitre.org
https://exim.org/static/doc/security/CVE-2023-51766.txt | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/23/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51767

First published on : 24-12-2023 07:15:07
Last modified on : 25-12-2023 03:08:09

Description :
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

CVE ID : CVE-2023-51767
Source : cve@mitre.org
CVSS Score : /

References :
https://arxiv.org/abs/2309.02545 | source : cve@mitre.org
https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 | source : cve@mitre.org
https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51714

First published on : 24-12-2023 21:15:25
Last modified on : 25-12-2023 03:08:09

Description :
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

CVE ID : CVE-2023-51714
Source : cve@mitre.org
CVSS Score : /

References :
https://codereview.qt-project.org/c/qt/qtbase/+/524864 | source : cve@mitre.org
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-30451

First published on : 25-12-2023 05:15:08
Last modified on : 25-12-2023 05:15:08

Description :
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].

CVE ID : CVE-2023-30451
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51771

First published on : 25-12-2023 05:15:08
Last modified on : 25-12-2023 05:15:08

Description :
In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.

CVE ID : CVE-2023-51771
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/starnight/MicroHttpServer/issues/8 | source : cve@mitre.org
https://github.com/starnight/MicroHttpServer/tree/a8ab029c9a26a4c9f26b9d8a2757b8299aaff120 | source : cve@mitre.org


Vulnerability ID : CVE-2022-39818

First published on : 25-12-2023 06:15:07
Last modified on : 25-12-2023 06:15:07

Description :
In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.

CVE ID : CVE-2022-39818
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-39820

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

CVE ID : CVE-2022-39820
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-39822

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.

CVE ID : CVE-2022-39822
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-41760

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.

CVE ID : CVE-2022-41760
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-41761

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.

CVE ID : CVE-2022-41761
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-41762

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.

CVE ID : CVE-2022-41762
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2022-43675

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.

CVE ID : CVE-2022-43675
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/redteam | source : cve@mitre.org


Vulnerability ID : CVE-2023-31289

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.

CVE ID : CVE-2023-31289
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.pexip.com/admin/security_bulletins.htm | source : cve@mitre.org


Vulnerability ID : CVE-2023-31455

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.

CVE ID : CVE-2023-31455
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.pexip.com/admin/security_bulletins.htm | source : cve@mitre.org


Vulnerability ID : CVE-2023-37225

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.

CVE ID : CVE-2023-37225
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.pexip.com/admin/security_bulletins.htm | source : cve@mitre.org


Vulnerability ID : CVE-2023-40236

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.

CVE ID : CVE-2023-40236
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.pexip.com/admin/security_bulletins.htm | source : cve@mitre.org


Vulnerability ID : CVE-2023-48654

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.

CVE ID : CVE-2023-48654
Source : cve@mitre.org
CVSS Score : /

References :
https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension/ | source : cve@mitre.org
https://www.oneidentity.com/products/password-manager/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-49328

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module.

CVE ID : CVE-2023-49328
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51772

First published on : 25-12-2023 06:15:08
Last modified on : 25-12-2023 06:15:08

Description :
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.

CVE ID : CVE-2023-51772
Source : cve@mitre.org
CVSS Score : /

References :
https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension/ | source : cve@mitre.org
https://www.oneidentity.com/products/password-manager/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28872

First published on : 25-12-2023 07:15:07
Last modified on : 25-12-2023 07:15:07

Description :
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.

CVE ID : CVE-2023-28872
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0006/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-31297

First published on : 25-12-2023 07:15:08
Last modified on : 25-12-2023 07:15:08

Description :
An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client.

CVE ID : CVE-2023-31297
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2022-0058/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-37185

First published on : 25-12-2023 07:15:08
Last modified on : 25-12-2023 07:15:08

Description :
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.

CVE ID : CVE-2023-37185
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/issues/519 | source : cve@mitre.org


Vulnerability ID : CVE-2023-37186

First published on : 25-12-2023 07:15:08
Last modified on : 25-12-2023 07:15:08

Description :
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.

CVE ID : CVE-2023-37186
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Blosc/c-blosc2/commit/d55bfcd6804699e1435dc3e233fd76c8a5d3f9e3 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/issues/522 | source : cve@mitre.org


Vulnerability ID : CVE-2023-37187

First published on : 25-12-2023 07:15:09
Last modified on : 25-12-2023 07:15:09

Description :
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.

CVE ID : CVE-2023-37187
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/issues/520 | source : cve@mitre.org


Vulnerability ID : CVE-2023-37188

First published on : 25-12-2023 07:15:09
Last modified on : 25-12-2023 07:15:09

Description :
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.

CVE ID : CVE-2023-37188
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3 | source : cve@mitre.org
https://github.com/Blosc/c-blosc2/issues/521 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47091

First published on : 25-12-2023 07:15:09
Last modified on : 25-12-2023 07:15:09

Description :
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.

CVE ID : CVE-2023-47091
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu | source : cve@mitre.org
https://advisories.stormshield.eu/2023-024/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47247

First published on : 25-12-2023 07:15:09
Last modified on : 25-12-2023 07:15:09

Description :
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.

CVE ID : CVE-2023-47247
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.sysaid.com/docs/23334 | source : cve@mitre.org


Vulnerability ID : CVE-2022-34267

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

CVE ID : CVE-2022-34267
Source : cve@mitre.org
CVSS Score : /

References :
https://www.rws.com/localization/products/trados-enterprise/worldserver/ | source : cve@mitre.org
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver | source : cve@mitre.org


Vulnerability ID : CVE-2022-34268

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.

CVE ID : CVE-2022-34268
Source : cve@mitre.org
CVSS Score : /

References :
https://www.rws.com/localization/products/trados-enterprise/worldserver/ | source : cve@mitre.org
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver | source : cve@mitre.org


Vulnerability ID : CVE-2023-31224

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
There is broken access control during authentication in Jamf Pro Server before 10.46.1.

CVE ID : CVE-2023-31224
Source : cve@mitre.org
CVSS Score : /

References :
https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-36485

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.

CVE ID : CVE-2023-36485
Source : cve@mitre.org
CVSS Score : /

References :
https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786 | source : cve@mitre.org
https://github.com/ILIAS-eLearning/ILIAS/pull/5987 | source : cve@mitre.org
https://github.com/ILIAS-eLearning/ILIAS/pull/5988 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36486

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.

CVE ID : CVE-2023-36486
Source : cve@mitre.org
CVSS Score : /

References :
https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786 | source : cve@mitre.org
https://github.com/ILIAS-eLearning/ILIAS/pull/5987 | source : cve@mitre.org
https://github.com/ILIAS-eLearning/ILIAS/pull/5988 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38826

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString.

CVE ID : CVE-2023-38826
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826 | source : cve@mitre.org
https://www.follettlearning.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48652

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.

CVE ID : CVE-2023-48652
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates | source : cve@mitre.org


Vulnerability ID : CVE-2023-49226

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

CVE ID : CVE-2023-49226
Source : cve@mitre.org
CVSS Score : /

References :
https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | source : cve@mitre.org
https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-49944

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.

CVE ID : CVE-2023-49944
Source : cve@mitre.org
CVSS Score : /

References :
https://www.beyondtrust.com/security | source : cve@mitre.org
https://www.beyondtrust.com/trust-center/security-advisories/bt23-08 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49954

First published on : 25-12-2023 08:15:07
Last modified on : 25-12-2023 08:15:07

Description :
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.

CVE ID : CVE-2023-49954
Source : cve@mitre.org
CVSS Score : /

References :
https://cve-2023-49954.github.io/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38321

First published on : 25-12-2023 09:15:07
Last modified on : 25-12-2023 09:15:07

Description :
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.

CVE ID : CVE-2023-38321
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/blob/master/ChangeLog | source : cve@mitre.org
https://openwrt.org/docs/guide-user/services/captive-portal/opennds | source : cve@mitre.org
https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-7101

First published on : 24-12-2023 22:15:07
Last modified on : 25-12-2023 03:08:09

Description :
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

CVE ID : CVE-2023-7101
Source : mandiant-cve@google.com
CVSS Score : /

References :
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | source : mandiant-cve@google.com
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | source : mandiant-cve@google.com
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc | source : mandiant-cve@google.com
https://https://metacpan.org/dist/Spreadsheet-ParseExcel | source : mandiant-cve@google.com
https://https://www.cve.org/CVERecord?id=CVE-2023-7101 | source : mandiant-cve@google.com

Vulnerability : CWE-95


Vulnerability ID : CVE-2023-7102

First published on : 24-12-2023 22:15:08
Last modified on : 25-12-2023 03:08:09

Description :
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

CVE ID : CVE-2023-7102
Source : mandiant-cve@google.com
CVSS Score : /

References :
https://github.com/haile01/perl_spreadsheet_excel_rce_poc | source : mandiant-cve@google.com
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | source : mandiant-cve@google.com
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | source : mandiant-cve@google.com
https://metacpan.org/dist/Spreadsheet-ParseExcel | source : mandiant-cve@google.com
https://www.barracuda.com/company/legal/esg-vulnerability | source : mandiant-cve@google.com
https://www.cve.org/CVERecord?id=CVE-2023-7101 | source : mandiant-cve@google.com

Vulnerability : CWE-1104


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.