Latest vulnerabilities of Friday, November 10, 2023

Latest vulnerabilities of Friday, November 10, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/10/2023 at 11:57:02 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : huntr.dev

Vulnerability ID : CVE-2023-6069

First published on : 10-11-2023 01:15:07
Last modified on : 10-11-2023 01:15:07

Description :
Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0.

CVE ID : CVE-2023-6069
Source : security@huntr.dev
CVSS Score : 9.9

References :
https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc | source : security@huntr.dev
https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c | source : security@huntr.dev

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-46729

First published on : 10-11-2023 01:15:07
Last modified on : 10-11-2023 01:15:07

Description :
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.

CVE ID : CVE-2023-46729
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be | source : security-advisories@github.com
https://github.com/getsentry/sentry-javascript/pull/9415 | source : security-advisories@github.com
https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9 | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-47128

First published on : 10-11-2023 18:15:09
Last modified on : 10-11-2023 18:15:09

Description :
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.

CVE ID : CVE-2023-47128
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/piccolo-orm/piccolo/commit/82679eb8cd1449cf31d87c9914a072e70168b6eb | source : security-advisories@github.com
https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6 | source : security-advisories@github.com

Vulnerability : CWE-89


(11) HIGH VULNERABILITIES [7.0, 8.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-39295

First published on : 10-11-2023 16:15:32
Last modified on : 10-11-2023 16:15:32

Description :
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later

CVE ID : CVE-2023-39295
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-50 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41284

First published on : 10-11-2023 16:15:32
Last modified on : 10-11-2023 16:15:32

Description :
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

CVE ID : CVE-2023-41284
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-50 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-41285

First published on : 10-11-2023 16:15:32
Last modified on : 10-11-2023 16:15:32

Description :
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

CVE ID : CVE-2023-41285
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-50 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-47129

First published on : 10-11-2023 19:15:16
Last modified on : 10-11-2023 19:15:16

Description :
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.

CVE ID : CVE-2023-47129
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75 | source : security-advisories@github.com
https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77 | source : security-advisories@github.com
https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc | source : security-advisories@github.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-47120

First published on : 10-11-2023 16:15:33
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-47120
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852 | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3 | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-47108

First published on : 10-11-2023 19:15:16
Last modified on : 10-11-2023 19:15:16

Description :
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.

CVE ID : CVE-2023-47108
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw | source : security-advisories@github.com
https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider | source : security-advisories@github.com

Vulnerability : CWE-770


Source : google.com

Vulnerability ID : CVE-2023-4949

First published on : 10-11-2023 17:15:07
Last modified on : 10-11-2023 17:15:07

Description :
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grubโ€™s XFS file system implementation.

CVE ID : CVE-2023-4949
Source : cve-coordination@google.com
CVSS Score : 8.1

References :
https://xenbits.xenproject.org/xsa/advisory-443.html | source : cve-coordination@google.com

Vulnerability : CWE-119
Vulnerability : CWE-190


Source : kaspersky.com

Vulnerability ID : CVE-2023-47611

First published on : 10-11-2023 17:15:07
Last modified on : 10-11-2023 17:15:07

Description :
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

CVE ID : CVE-2023-47611
Source : vulnerability@kaspersky.com
CVSS Score : 7.8

References :
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ | source : vulnerability@kaspersky.com

Vulnerability : CWE-269


Source : microsoft.com

Vulnerability ID : CVE-2023-36014

First published on : 10-11-2023 00:15:08
Last modified on : 10-11-2023 00:15:08

Description :
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE ID : CVE-2023-36014
Source : secure@microsoft.com
CVSS Score : 7.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36024

First published on : 10-11-2023 00:15:08
Last modified on : 10-11-2023 00:15:08

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36024
Source : secure@microsoft.com
CVSS Score : 7.1

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36027

First published on : 10-11-2023 20:15:07
Last modified on : 10-11-2023 20:15:07

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36027
Source : secure@microsoft.com
CVSS Score : 7.1

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027 | source : secure@microsoft.com


(12) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-46733

First published on : 10-11-2023 18:15:09
Last modified on : 10-11-2023 18:15:09

Description :
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.

CVE ID : CVE-2023-46733
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9 | source : security-advisories@github.com
https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74 | source : security-advisories@github.com
https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx | source : security-advisories@github.com

Vulnerability : CWE-384


Vulnerability ID : CVE-2023-46734

First published on : 10-11-2023 18:15:09
Last modified on : 10-11-2023 18:15:09

Description :
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

CVE ID : CVE-2023-46734
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54 | source : security-advisories@github.com
https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c | source : security-advisories@github.com
https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46735

First published on : 10-11-2023 18:15:09
Last modified on : 10-11-2023 18:15:09

Description :
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.

CVE ID : CVE-2023-46735
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962 | source : security-advisories@github.com
https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47119

First published on : 10-11-2023 15:15:09
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-47119
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09 | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w | source : security-advisories@github.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2023-45806

First published on : 10-11-2023 15:15:08
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the "bleeding" by ensuring users only use alphanumeric characters in their full name field.

CVE ID : CVE-2023-45806
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/discourse/discourse/commit/2ec25105179199cf80912bf011c18b8b870e1863 | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/7d484864fe91ff79c478f57e7ddb1235d701921e | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-hcgf-hg2g-mw78 | source : security-advisories@github.com

Vulnerability : CWE-1333


Vulnerability ID : CVE-2023-46130

First published on : 10-11-2023 15:15:08
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components.

CVE ID : CVE-2023-46130
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/discourse/discourse/commit/6183d9633de873ac2b1e9cdb6ac1c94b4ffae9cb | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/89a2e60706ce22e4afc463d03af2f34c53291800 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-c876-638r-vfcg | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-47122

First published on : 10-11-2023 22:15:14
Last modified on : 10-11-2023 22:15:14

Description :
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) - anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available.

CVE ID : CVE-2023-47122
Source : security-advisories@github.com
CVSS Score : 4.2

References :
https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model | source : security-advisories@github.com
https://github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236 | source : security-advisories@github.com
https://github.com/sigstore/gitsign/pull/399 | source : security-advisories@github.com
https://github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc | source : security-advisories@github.com

Vulnerability : CWE-347


Source : vuldb.com

Vulnerability ID : CVE-2023-6074

First published on : 10-11-2023 15:15:09
Last modified on : 10-11-2023 15:15:09

Description :
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.

CVE ID : CVE-2023-6074
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.244943 | source : cna@vuldb.com
https://vuldb.com/?id.244943 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6076

First published on : 10-11-2023 16:15:34
Last modified on : 10-11-2023 16:15:34

Description :
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.

CVE ID : CVE-2023-6076
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.244945 | source : cna@vuldb.com
https://vuldb.com/?id.244945 | source : cna@vuldb.com

Vulnerability : CWE-200


Source : us.ibm.com

Vulnerability ID : CVE-2023-45167

First published on : 10-11-2023 04:15:07
Last modified on : 10-11-2023 04:15:07

Description :
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.

CVE ID : CVE-2023-45167
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc | source : psirt@us.ibm.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/267965 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7068084 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Source : asrg.io

Vulnerability ID : CVE-2023-6073

First published on : 10-11-2023 08:15:08
Last modified on : 10-11-2023 08:15:08

Description :
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

CVE ID : CVE-2023-6073
Source : cve@asrg.io
CVSS Score : 5.7

References :
https://asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/ | source : cve@asrg.io

Vulnerability : CWE-20
Vulnerability : CWE-284


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23367

First published on : 10-11-2023 15:15:08
Last modified on : 10-11-2023 15:15:08

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later

CVE ID : CVE-2023-23367
Source : security@qnapsecurity.com.tw
CVSS Score : 4.7

References :
https://www.qnap.com/en/security-advisory/qsa-23-24 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


(4) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6075

First published on : 10-11-2023 15:15:09
Last modified on : 10-11-2023 15:15:09

Description :
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.

CVE ID : CVE-2023-6075
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.244944 | source : cna@vuldb.com
https://vuldb.com/?id.244944 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-47121

First published on : 10-11-2023 16:15:33
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.

CVE ID : CVE-2023-47121
Source : security-advisories@github.com
CVSS Score : 3.4

References :
https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1 | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-45816

First published on : 10-11-2023 15:15:08
Last modified on : 10-11-2023 16:15:33

Description :
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds.

CVE ID : CVE-2023-45816
Source : security-advisories@github.com
CVSS Score : 3.3

References :
https://github.com/discourse/discourse/commit/2c45b949ea0e9d6fa8e5af2dd07f6521ede08bf1 | source : security-advisories@github.com
https://github.com/discourse/discourse/commit/3c5fb871c0f54af47679ae71ad449666b01d8216 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-v9r6-92wp-f6cf | source : security-advisories@github.com

Vulnerability : CWE-200


Source : kaspersky.com

Vulnerability ID : CVE-2023-47614

First published on : 10-11-2023 16:15:33
Last modified on : 10-11-2023 16:15:33

Description :
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

CVE ID : CVE-2023-47614
Source : vulnerability@kaspersky.com
CVSS Score : 3.3

References :
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/ | source : vulnerability@kaspersky.com

Vulnerability : CWE-200


(10) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-39796

First published on : 10-11-2023 06:15:30
Last modified on : 10-11-2023 06:15:30

Description :
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

CVE ID : CVE-2023-39796
Source : cve@mitre.org
CVSS Score : /

References :
https://forum.wbce.org/viewtopic.php?pid=42046#p42046 | source : cve@mitre.org
https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1 | source : cve@mitre.org
https://pastebin.com/PBw5AvGp | source : cve@mitre.org


Vulnerability ID : CVE-2023-47246

First published on : 10-11-2023 06:15:30
Last modified on : 10-11-2023 06:15:30

Description :
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

CVE ID : CVE-2023-47246
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.sysaid.com/docs/latest-version-installation-files | source : cve@mitre.org
https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023 | source : cve@mitre.org
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification | source : cve@mitre.org


Vulnerability ID : CVE-2023-47800

First published on : 10-11-2023 07:15:07
Last modified on : 10-11-2023 07:15:07

Description :
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.

CVE ID : CVE-2023-47800
Source : cve@mitre.org
CVSS Score : /

References :
https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf | source : cve@mitre.org
https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-47164

First published on : 10-11-2023 09:15:07
Last modified on : 10-11-2023 09:15:07

Description :
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

CVE ID : CVE-2023-47164
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN99177549/ | source : vultures@jpcert.or.jp
https://www.hoteldruid.com/ | source : vultures@jpcert.or.jp
https://www.hoteldruid.com/en/download.html | source : vultures@jpcert.or.jp


Source : patchstack.com

Vulnerability ID : CVE-2023-29426

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.

CVE ID : CVE-2023-29426
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/spreadshop/wordpress-spreadshop-plugin-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-29428

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions.

CVE ID : CVE-2023-29428
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/superb-social-share-and-follow-buttons/wordpress-superb-social-media-share-buttons-and-follow-buttons-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-29440

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.

CVE ID : CVE-2023-29440
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-3-cross-site-request-forgery-csrf?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-30478

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

CVE ID : CVE-2023-30478
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-8-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-31077

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.

CVE ID : CVE-2023-31077
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-31078

First published on : 10-11-2023 14:15:35
Last modified on : 10-11-2023 14:15:35

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.

CVE ID : CVE-2023-31078
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/wp-browser-update/wordpress-wp-browserupdate-plugin-4-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.