Latest vulnerabilities of Friday, November 17, 2023

Latest vulnerabilities of Friday, November 17, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/17/2023 at 11:57:02 PM

(5) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : adobe.com

Vulnerability ID : CVE-2023-44324

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44324
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/framemaker/apsb23-58.html | source : psirt@adobe.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-44350

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44350
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-44351

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44351
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-44353

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44353
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Source : liferay.com

Vulnerability ID : CVE-2023-47797

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:59:04

Description :
Reflected cross-site scripting (XSS) vulnerability on a content pageโ€™s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

CVE ID : CVE-2023-47797
Source : security@liferay.com
CVSS Score : 9.6

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797 | source : security@liferay.com

Vulnerability : CWE-79


(14) HIGH VULNERABILITIES [7.0, 8.9]

Source : trellix.com

Vulnerability ID : CVE-2023-5444

First published on : 17-11-2023 10:15:07
Last modified on : 17-11-2023 13:58:53

Description :
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CVE ID : CVE-2023-5444
Source : trellixpsirt@trellix.com
CVSS Score : 8.0

References :
https://kcm.trellix.com/agent/index?page=content&id=SB10410 | source : trellixpsirt@trellix.com

Vulnerability : CWE-352


Source : adobe.com

Vulnerability ID : CVE-2023-47066

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47066
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47067

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47067
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47068

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47068
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47069

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47069
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47070

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47070
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-47073

First published on : 17-11-2023 11:15:09
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47073
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-22272

First published on : 17-11-2023 13:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22272
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-22274

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22274
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-611


Vulnerability ID : CVE-2023-22275

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22275
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26347

First published on : 17-11-2023 14:15:20
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-26347
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-22273

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22273
Source : psirt@adobe.com
CVSS Score : 7.2

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-22


Source : honeywell.com

Vulnerability ID : CVE-2023-6179

First published on : 17-11-2023 17:15:08
Last modified on : 17-11-2023 17:28:23

Description :
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).

CVE ID : CVE-2023-6179
Source : psirt@honeywell.com
CVSS Score : 7.8

References :
https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices | source : psirt@honeywell.com
https://www.honeywell.com/us/en/product-security | source : psirt@honeywell.com

Vulnerability : CWE-732


Source : github.com

Vulnerability ID : CVE-2023-48238

First published on : 17-11-2023 22:15:07
Last modified on : 17-11-2023 22:15:07

Description :
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm.

CVE ID : CVE-2023-48238
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/joaquimserafim/json-web-token/security/advisories/GHSA-4xw9-cx39-r355 | source : security-advisories@github.com

Vulnerability : CWE-345


(12) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : adobe.com

Vulnerability ID : CVE-2023-22268

First published on : 17-11-2023 13:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22268
Source : psirt@adobe.com
CVSS Score : 6.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44352

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-44352
Source : psirt@adobe.com
CVSS Score : 6.1

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44325

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:59

Description :
Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44325
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/animate/apsb23-61.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44326

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:59

Description :
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44326
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-62.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-26364

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

CVE ID : CVE-2023-26364
Source : psirt@adobe.com
CVSS Score : 5.3

References :
https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44355

First published on : 17-11-2023 14:15:22
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.

CVE ID : CVE-2023-44355
Source : psirt@adobe.com
CVSS Score : 4.3

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-48295

First published on : 17-11-2023 21:15:07
Last modified on : 17-11-2023 21:15:07

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48295
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21 | source : security-advisories@github.com
https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90 | source : security-advisories@github.com
https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46745

First published on : 17-11-2023 22:15:07
Last modified on : 17-11-2023 22:15:07

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-46745
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-48294

First published on : 17-11-2023 22:15:08
Last modified on : 17-11-2023 22:15:08

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48294
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2 | source : security-advisories@github.com
https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf | source : security-advisories@github.com
https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4 | source : security-advisories@github.com

Vulnerability : CWE-200


Source : trellix.com

Vulnerability ID : CVE-2023-5445

First published on : 17-11-2023 10:15:08
Last modified on : 17-11-2023 13:58:53

Description :
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CVE ID : CVE-2023-5445
Source : trellixpsirt@trellix.com
CVSS Score : 5.4

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10410 | source : trellixpsirt@trellix.com

Vulnerability : CWE-601


Source : vuldb.com

Vulnerability ID : CVE-2023-6188

First published on : 17-11-2023 18:15:07
Last modified on : 17-11-2023 18:15:07

Description :
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.

CVE ID : CVE-2023-6188
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 | source : cna@vuldb.com
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 | source : cna@vuldb.com
https://vuldb.com/?ctiid.245735 | source : cna@vuldb.com
https://vuldb.com/?id.245735 | source : cna@vuldb.com

Vulnerability : CWE-94


Source : patchstack.com

Vulnerability ID : CVE-2023-47757

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:53

Description :
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber โ€“ Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber โ€“ Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.

CVE ID : CVE-2023-47757
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/aweber-web-form-widget/wordpress-aweber-plugin-7-3-9-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352
Vulnerability : CWE-862


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : mitre.org

Vulnerability ID : CVE-2023-48649

First published on : 17-11-2023 04:15:07
Last modified on : 17-11-2023 13:59:04

Description :
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

CVE ID : CVE-2023-48649
Source : cve@mitre.org
CVSS Score : 3.5

References :
https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes | source : cve@mitre.org
https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes | source : cve@mitre.org
https://github.com/concretecms/concretecms/pull/11695 | source : cve@mitre.org
https://github.com/concretecms/concretecms/pull/11739 | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release | source : cve@mitre.org


Source : adobe.com

Vulnerability ID : CVE-2023-47071

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47071
Source : psirt@adobe.com
CVSS Score : 3.3

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47072

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47072
Source : psirt@adobe.com
CVSS Score : 3.3

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-824


(34) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-48078

First published on : 17-11-2023 00:15:08
Last modified on : 17-11-2023 13:59:04

Description :
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.

CVE ID : CVE-2023-48078
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/esasadam06/Simple-CRUD-Functionality-SQLi-POC | source : cve@mitre.org


Vulnerability ID : CVE-2023-45382

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

CVE ID : CVE-2023-45382
Source : cve@mitre.org
CVSS Score : /

References :
https://common-services.com/fr/home-fr/ | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/16/sonice_retour.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45387

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

CVE ID : CVE-2023-45387
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/16/exportproducts.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48031

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

CVE ID : CVE-2023-48031
Source : cve@mitre.org
CVSS Score : /

References :
https://bugplorer.github.io/cve-opensupports/ | source : cve@mitre.org
https://nitipoom-jar.github.io/CVE-2023-48031/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48648

First published on : 17-11-2023 04:15:07
Last modified on : 17-11-2023 13:59:04

Description :
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

CVE ID : CVE-2023-48648
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes | source : cve@mitre.org
https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release | source : cve@mitre.org


Vulnerability ID : CVE-2023-48655

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.

CVE ID : CVE-2023-48655
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48656

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

CVE ID : CVE-2023-48656
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48657

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

CVE ID : CVE-2023-48657
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48658

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

CVE ID : CVE-2023-48658
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48659

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

CVE ID : CVE-2023-48659
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38313

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

CVE ID : CVE-2023-38313
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38314

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38315

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38315
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38316

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.

CVE ID : CVE-2023-38316
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38320

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38320
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38322

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

CVE ID : CVE-2023-38322
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38324

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).

CVE ID : CVE-2023-38324
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41101

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).

CVE ID : CVE-2023-41101
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8d | source : cve@mitre.org
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41102

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.

CVE ID : CVE-2023-41102
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312b51 | source : cve@mitre.org
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 | source : cve@mitre.org


Vulnerability ID : CVE-2020-11447

First published on : 17-11-2023 12:15:06
Last modified on : 17-11-2023 13:58:53

Description :
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.

CVE ID : CVE-2020-11447
Source : cve@mitre.org
CVSS Score : /

References :
https://0xem.ma/posts/HH3K-CVE/ | source : cve@mitre.org
https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems | source : cve@mitre.org


Vulnerability ID : CVE-2020-11448

First published on : 17-11-2023 12:15:07
Last modified on : 17-11-2023 13:58:53

Description :
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page.

CVE ID : CVE-2020-11448
Source : cve@mitre.org
CVSS Score : /

References :
https://0xem.ma/posts/HH3K-CVE/ | source : cve@mitre.org
https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems | source : cve@mitre.org


Vulnerability ID : CVE-2023-48029

First published on : 17-11-2023 13:15:09
Last modified on : 17-11-2023 13:58:53

Description :
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.

CVE ID : CVE-2023-48029
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5 | source : cve@mitre.org
https://nitipoom-jar.github.io/CVE-2023-48029/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48024

First published on : 17-11-2023 17:15:07
Last modified on : 17-11-2023 17:28:23

Description :
Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c

CVE ID : CVE-2023-48024
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/howerj/liblisp/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48025

First published on : 17-11-2023 17:15:07
Last modified on : 17-11-2023 17:28:23

Description :
Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c

CVE ID : CVE-2023-48025
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/howerj/liblisp/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48185

First published on : 17-11-2023 18:15:07
Last modified on : 17-11-2023 18:15:07

Description :
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.

CVE ID : CVE-2023-48185
Source : cve@mitre.org
CVSS Score : /

References :
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p | source : cve@mitre.org
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p17623 | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-38130

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.

CVE ID : CVE-2023-38130
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-42428

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.

CVE ID : CVE-2023-42428
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47283

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.

CVE ID : CVE-2023-47283
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47675

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

CVE ID : CVE-2023-47675
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Source : cyber.jp.nec.com

Vulnerability ID : CVE-2023-39544

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39544
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-39545

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39545
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-552


Vulnerability ID : CVE-2023-39546

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39546
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-836


Vulnerability ID : CVE-2023-39547

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39547
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-294


Vulnerability ID : CVE-2023-39548

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:59:04

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39548
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-434


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.