Latest vulnerabilities of Friday, September 15, 2023

Latest vulnerabilities of Friday, September 15, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/15/2023 at 11:58:27 PM

(12) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-4662

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4662
Source : cve@usom.gov.tr
CVSS Score : 10.0

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-250


Vulnerability ID : CVE-2023-4673

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .

CVE ID : CVE-2023-4673
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0528 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4830

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228.

CVE ID : CVE-2023-4830
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0529 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4231

First published on : 15-09-2023 08:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.

CVE ID : CVE-2023-4231
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0532 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4670

First published on : 15-09-2023 08:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2.

CVE ID : CVE-2023-4670
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0531 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4831

First published on : 15-09-2023 08:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 .

CVE ID : CVE-2023-4831
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0529-2 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4661

First published on : 15-09-2023 09:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4661
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4833

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6.

CVE ID : CVE-2023-4833
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0533 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4835

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .

CVE ID : CVE-2023-4835
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0533 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Source : huntr.dev

Vulnerability ID : CVE-2023-4982

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4982
Source : security@huntr.dev
CVSS Score : 9.8

References :
https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769 | source : security@huntr.dev
https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4978

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4978
Source : security@huntr.dev
CVSS Score : 9.0

References :
https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7 | source : security@huntr.dev
https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4 | source : security@huntr.dev

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-41887

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

CVE ID : CVE-2023-41887
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 | source : security-advisories@github.com
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5 | source : security-advisories@github.com

Vulnerability : CWE-89


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : huntr.dev

Vulnerability ID : CVE-2023-4979

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4979
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03 | source : security@huntr.dev
https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4980

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4980
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97 | source : security@huntr.dev
https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4981

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4981
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7 | source : security@huntr.dev
https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4977

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4977
Source : security@huntr.dev
CVSS Score : 7.3

References :
https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0 | source : security@huntr.dev
https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc | source : security@huntr.dev

Vulnerability : CWE-94


Source : usom.gov.tr

Vulnerability ID : CVE-2023-4665

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4665
Source : cve@usom.gov.tr
CVSS Score : 8.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-279


Vulnerability ID : CVE-2023-4664

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4664
Source : cve@usom.gov.tr
CVSS Score : 7.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-276


Source : redhat.com

Vulnerability ID : CVE-2023-0813

First published on : 15-09-2023 21:15:08
Last modified on : 15-09-2023 21:15:08

Description :
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE ID : CVE-2023-0813
Source : secalert@redhat.com
CVSS Score : 8.6

References :
https://access.redhat.com/errata/RHSA-2023:0786 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-0813 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2169468 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-0923

First published on : 15-09-2023 21:15:09
Last modified on : 15-09-2023 21:15:09

Description :
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

CVE ID : CVE-2023-0923
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:0977 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-0923 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2171870 | source : secalert@redhat.com


Source : github.com

Vulnerability ID : CVE-2023-42442

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).

CVE ID : CVE-2023-42442
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91 | source : security-advisories@github.com
https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a | source : security-advisories@github.com
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-40018

First published on : 15-09-2023 20:15:09
Last modified on : 15-09-2023 20:15:09

Description :
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.

CVE ID : CVE-2023-40018
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10 | source : security-advisories@github.com
https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3 | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-40019

First published on : 15-09-2023 20:15:09
Last modified on : 15-09-2023 20:15:09

Description :
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue.

CVE ID : CVE-2023-40019
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10 | source : security-advisories@github.com
https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-41886

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.

CVE ID : CVE-2023-41886
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d | source : security-advisories@github.com
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-42439

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available.

CVE ID : CVE-2023-42439
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-41325

First published on : 15-09-2023 20:15:10
Last modified on : 15-09-2023 20:15:10

Description :
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is opteeโ€™s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable โ€˜eโ€™ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.

CVE ID : CVE-2023-41325
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a | source : security-advisories@github.com
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-38507

First published on : 15-09-2023 20:15:08
Last modified on : 15-09-2023 20:15:08

Description :
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.

CVE ID : CVE-2023-38507
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/strapi/strapi/blob/32d68f1f5677ed9a9a505b718c182c0a3f885426/packages/core/admin/server/middlewares/rateLimit.js#L31 | source : security-advisories@github.com
https://github.com/strapi/strapi/releases/tag/v4.12.1 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-24q2-59hm-rh9r | source : security-advisories@github.com

Vulnerability : CWE-770


Source : vuldb.com

Vulnerability ID : CVE-2023-4991

First published on : 15-09-2023 16:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4991
Source : cna@vuldb.com
CVSS Score : 7.8

References :
https://vuldb.com/?ctiid.239804 | source : cna@vuldb.com
https://vuldb.com/?id.239804 | source : cna@vuldb.com

Vulnerability : CWE-428


Source : fluidattacks.com

Vulnerability ID : CVE-2023-3891

First published on : 15-09-2023 03:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system

CVE ID : CVE-2023-3891
Source : help@fluidattacks.com
CVSS Score : 7.3

References :
https://fluidattacks.com/advisories/aerosmith | source : help@fluidattacks.com
https://lapce.dev | source : help@fluidattacks.com

Vulnerability : CWE-367


(24) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : hashicorp.com

Vulnerability ID : CVE-2023-4680

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

CVE ID : CVE-2023-4680
Source : security@hashicorp.com
CVSS Score : 6.8

References :
https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 | source : security@hashicorp.com

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-37263

First published on : 15-09-2023 19:15:08
Last modified on : 15-09-2023 19:15:08

Description :
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.

CVE ID : CVE-2023-37263
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/strapi/strapi/releases/tag/v4.12.1 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-38706

First published on : 15-09-2023 20:15:09
Last modified on : 15-09-2023 20:15:09

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-38706
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-40588

First published on : 15-09-2023 20:15:10
Last modified on : 15-09-2023 20:15:10

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-40588
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-41043

First published on : 15-09-2023 20:15:10
Last modified on : 15-09-2023 20:15:10

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.

CVE ID : CVE-2023-41043
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-36472

First published on : 15-09-2023 19:15:08
Last modified on : 15-09-2023 19:15:08

Description :
Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.

CVE ID : CVE-2023-36472
Source : security-advisories@github.com
CVSS Score : 5.8

References :
https://github.com/strapi/strapi/releases/tag/v4.11.7 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-37281

First published on : 15-09-2023 20:15:08
Last modified on : 15-09-2023 20:15:08

Description :
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.

CVE ID : CVE-2023-37281
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/contiki-ng/contiki-ng/pull/2509 | source : security-advisories@github.com
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-37459

First published on : 15-09-2023 20:15:08
Last modified on : 15-09-2023 20:15:08

Description :
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.

CVE ID : CVE-2023-37459
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/contiki-ng/contiki-ng/pull/2510 | source : security-advisories@github.com
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-40167

First published on : 15-09-2023 20:15:09
Last modified on : 15-09-2023 21:15:10

Description :
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

CVE ID : CVE-2023-40167
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 | source : security-advisories@github.com
https://www.rfc-editor.org/rfc/rfc9110#section-8.6 | source : security-advisories@github.com

Vulnerability : CWE-130


Vulnerability ID : CVE-2023-41889

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.

CVE ID : CVE-2023-41889
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334c3ea/app/models/concerns/rdf/object.rb#L68-L72 | source : security-advisories@github.com
https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r | source : security-advisories@github.com
https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks | source : security-advisories@github.com

Vulnerability : CWE-176


Vulnerability ID : CVE-2023-41042

First published on : 15-09-2023 20:15:10
Last modified on : 15-09-2023 20:15:10

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-41042
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254 | source : security-advisories@github.com

Vulnerability : CWE-770


Source : redhat.com

Vulnerability ID : CVE-2023-4959

First published on : 15-09-2023 10:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victimโ€™s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).

CVE ID : CVE-2023-4959
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-4959 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2238908 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3466

First published on : 15-09-2023 14:15:08
Last modified on : 15-09-2023 16:20:53

Description :
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

CVE ID : CVE-2022-3466
Source : secalert@redhat.com
CVSS Score : 4.8

References :
https://access.redhat.com/errata/RHSA-2022:7398 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3466 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2134063 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3261

First published on : 15-09-2023 21:15:08
Last modified on : 15-09-2023 21:15:08

Description :
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

CVE ID : CVE-2022-3261
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2022-3261 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2128834 | source : secalert@redhat.com


Source : wordfence.com

Vulnerability ID : CVE-2023-4963

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 12:51:51

Description :
The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4963
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ws-facebook-likebox/trunk/includes/shortcodes.php#L22 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-4974

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 16:15:07

Description :
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4974
Source : cna@vuldb.com
CVSS Score : 6.3

References :
http://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.239750 | source : cna@vuldb.com
https://vuldb.com/?id.239750 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4988

First published on : 15-09-2023 16:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.

CVE ID : CVE-2023-4988
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.239799 | source : cna@vuldb.com
https://vuldb.com/?id.239799 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4985

First published on : 15-09-2023 15:15:07
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4985
Source : cna@vuldb.com
CVSS Score : 5.9

References :
https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.239796 | source : cna@vuldb.com
https://vuldb.com/?id.239796 | source : cna@vuldb.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-4987

First published on : 15-09-2023 15:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4987
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.239798 | source : cna@vuldb.com
https://vuldb.com/?id.239798 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4983

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments</script>'"><img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4983
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.239794 | source : cna@vuldb.com
https://vuldb.com/?id.239794 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4984

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.

CVE ID : CVE-2023-4984
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/didi/KnowSearch/files/12135597/ad1aa7b3-ecee-44b0-a22a-80917ca0fe71.pdf4398935202801712312.pdf | source : cna@vuldb.com
https://github.com/didi/KnowSearch/issues/86 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239795 | source : cna@vuldb.com
https://vuldb.com/?id.239795 | source : cna@vuldb.com

Vulnerability : CWE-256


Source : usom.gov.tr

Vulnerability ID : CVE-2023-4663

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4663
Source : cve@usom.gov.tr
CVSS Score : 6.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-80


Source : emc.com

Vulnerability ID : CVE-2023-32461

First published on : 15-09-2023 07:15:09
Last modified on : 15-09-2023 12:51:51

Description :
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

CVE ID : CVE-2023-32461
Source : security_alert@emc.com
CVSS Score : 5.0

References :
https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-122


Source : cisco.com

Vulnerability ID : CVE-2022-20917

First published on : 15-09-2023 03:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.

CVE ID : CVE-2022-20917
Source : ykramarz@cisco.com
CVSS Score : 4.3

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM | source : ykramarz@cisco.com


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-4973

First published on : 15-09-2023 02:15:08
Last modified on : 15-09-2023 16:15:07

Description :
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4973
Source : cna@vuldb.com
CVSS Score : 3.5

References :
http://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.239749 | source : cna@vuldb.com
https://vuldb.com/?id.239749 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4986

First published on : 15-09-2023 15:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4986
Source : cna@vuldb.com
CVSS Score : 2.5

References :
https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.239797 | source : cna@vuldb.com
https://vuldb.com/?id.239797 | source : cna@vuldb.com

Vulnerability : CWE-916


Source : github.com

Vulnerability ID : CVE-2023-36479

First published on : 15-09-2023 19:15:08
Last modified on : 15-09-2023 19:15:08

Description :
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

CVE ID : CVE-2023-36479
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/eclipse/jetty.project/pull/9516 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9888 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9889 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j | source : security-advisories@github.com

Vulnerability : CWE-149


Vulnerability ID : CVE-2023-41900

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.

CVE ID : CVE-2023-41900
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/eclipse/jetty.project/pull/9528 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9660 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 | source : security-advisories@github.com

Vulnerability : CWE-1390


Vulnerability ID : CVE-2023-41880

First published on : 15-09-2023 20:15:11
Last modified on : 15-09-2023 20:15:11

Description :
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless. This issue was discovered through fuzzing of Wasmtime's code generator Cranelift. Wasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability.

CVE ID : CVE-2023-41880
Source : security-advisories@github.com
CVSS Score : 2.2

References :
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/commit/8d7eda15b0badcbea83a7aac2d08f80788b59240 | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/pull/6372 | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh#:~:text=Mailing%20list%20announcement | source : security-advisories@github.com

Vulnerability : CWE-193


(24) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-39639

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.

CVE ID : CVE-2023-39639
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/2_community-developer?contributor=190902&id_category=3 | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/31/leoblog.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-39641

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().

CVE ID : CVE-2023-39641
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/referencement-payant-affiliation/26226-full-affiliates.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/31/psaffiliate.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-39642

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display().

CVE ID : CVE-2023-39642
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/remarketing-paniers-abandonnes/22077-carts-guru-marketing-automation-multicanal.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/29/cartsguru.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40955

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.

CVE ID : CVE-2023-40955
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40956

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.

CVE ID : CVE-2023-40956
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search | source : cve@mitre.org


Vulnerability ID : CVE-2023-40957

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.

CVE ID : CVE-2023-40957
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40958

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.

CVE ID : CVE-2023-40958
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39643

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds().

CVE ID : CVE-2023-39643
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/data-import-export/5732-xml-feeds-pro.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/29/xmlfeeds.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40984

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

CVE ID : CVE-2023-40984
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40985

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

CVE ID : CVE-2023-40985
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40986

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

CVE ID : CVE-2023-40986
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40982

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 12:51:51

Description :
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

CVE ID : CVE-2023-40982
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40983

First published on : 15-09-2023 04:15:10
Last modified on : 15-09-2023 12:51:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

CVE ID : CVE-2023-40983
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36658

First published on : 15-09-2023 05:15:24
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.

CVE ID : CVE-2023-36658
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36658 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36657

First published on : 15-09-2023 06:15:07
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.

CVE ID : CVE-2023-36657
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36657 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36659

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).

CVE ID : CVE-2023-36659
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36659 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42270

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-42270
Source : cve@mitre.org
CVSS Score : /

References :
http://xploit.sh/posts/cve-2023-xxxxx/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-38636

First published on : 15-09-2023 16:15:07
Last modified on : 15-09-2023 16:15:07

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2022-38636
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2022-47848

First published on : 15-09-2023 16:15:07
Last modified on : 15-09-2023 16:20:53

Description :
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.

CVE ID : CVE-2022-47848
Source : cve@mitre.org
CVSS Score : /

References :
https://00xbyte.github.io/posts/bezeq-router-auth-bypass/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28614

First published on : 15-09-2023 17:15:14
Last modified on : 15-09-2023 17:15:14

Description :
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.

CVE ID : CVE-2023-28614
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0012.md | source : cve@mitre.org
https://www.freewillsolutions.com/smart-trade-ifis | source : cve@mitre.org
https://www.kb.cert.org/vuls/id/947701 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42398

First published on : 15-09-2023 17:15:14
Last modified on : 15-09-2023 17:15:14

Description :
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.

CVE ID : CVE-2023-42398
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/laterfuture/php-audit/blob/main/CVE-2023-42398%E2%80%94%E2%80%94ZZCMS2023%20SSRF | source : cve@mitre.org


Source : hackerone.com

Vulnerability ID : CVE-2023-38039

First published on : 15-09-2023 04:15:10
Last modified on : 15-09-2023 12:51:51

Description :
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.

CVE ID : CVE-2023-38039
Source : support@hackerone.com
CVSS Score : /

References :
https://hackerone.com/reports/2072338 | source : support@hackerone.com


Source : cert.vde.com

Vulnerability ID : CVE-2023-3378

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 06:15:08

Description :
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2023-3378
Source : info@cert.vde.com
CVSS Score : /

References :


Source : github.com

Vulnerability ID : CVE-2023-41901

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
** REJECT ** Further research determined the issue is not a vulnerability.

CVE ID : CVE-2023-41901
Source : security-advisories@github.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.