Latest vulnerabilities of Friday, September 22, 2023

Latest vulnerabilities of Friday, September 22, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/22/2023 at 11:58:17 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(10) HIGH VULNERABILITIES [7.0, 8.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23362

First published on : 22-09-2023 04:15:50
Last modified on : 22-09-2023 13:24:08

Description :
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

CVE ID : CVE-2023-23362
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-18 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-23363

First published on : 22-09-2023 04:15:53
Last modified on : 22-09-2023 13:24:08

Description :
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later

CVE ID : CVE-2023-23363
Source : security@qnapsecurity.com.tw
CVSS Score : 8.1

References :
https://www.qnap.com/en/security-advisory/qsa-23-25 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-23364

First published on : 22-09-2023 04:15:54
Last modified on : 22-09-2023 13:24:08

Description :
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later

CVE ID : CVE-2023-23364
Source : security@qnapsecurity.com.tw
CVSS Score : 8.1

References :
https://www.qnap.com/en/security-advisory/qsa-23-29 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Source : github.com

Vulnerability ID : CVE-2023-42798

First published on : 22-09-2023 16:15:09
Last modified on : 22-09-2023 16:38:32

Description :
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.

CVE ID : CVE-2023-42798
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/ChewKeanHo/AutomataCI/issues/93 | source : security-advisories@github.com
https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-42821

First published on : 22-09-2023 17:15:14
Last modified on : 22-09-2023 17:15:14

Description :
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

CVE ID : CVE-2023-42821
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69 | source : security-advisories@github.com
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940 | source : security-advisories@github.com
https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2 | source : security-advisories@github.com

Vulnerability : CWE-125


Source : redhat.com

Vulnerability ID : CVE-2022-3874

First published on : 22-09-2023 14:15:44
Last modified on : 22-09-2023 16:38:32

Description :
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

CVE ID : CVE-2022-3874
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/security/cve/CVE-2022-3874 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2140577 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4039

First published on : 22-09-2023 15:15:09
Last modified on : 22-09-2023 16:38:32

Description :
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

CVE ID : CVE-2022-4039
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:1047 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4039 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2143416 | source : secalert@redhat.com


Source : exodusintel.com

Vulnerability ID : CVE-2023-41027

First published on : 22-09-2023 17:15:09
Last modified on : 22-09-2023 17:15:09

Description :
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

CVE ID : CVE-2023-41027
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-credential-disclosure-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-210


Vulnerability ID : CVE-2023-41029

First published on : 22-09-2023 17:15:10
Last modified on : 22-09-2023 17:15:10

Description :
Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

CVE ID : CVE-2023-41029
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-41031

First published on : 22-09-2023 17:15:14
Last modified on : 22-09-2023 17:15:14

Description :
Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

CVE ID : CVE-2023-41031
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-77


(9) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-43640

First published on : 22-09-2023 18:15:12
Last modified on : 22-09-2023 18:15:12

Description :
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.

CVE ID : CVE-2023-43640
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae | source : security-advisories@github.com
https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-42812

First published on : 22-09-2023 17:15:14
Last modified on : 22-09-2023 17:15:14

Description :
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

CVE ID : CVE-2023-42812
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py | source : security-advisories@github.com
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-42811

First published on : 22-09-2023 16:15:10
Last modified on : 22-09-2023 17:15:14

Description :
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

CVE ID : CVE-2023-42811
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309 | source : security-advisories@github.com
https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq | source : security-advisories@github.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2023-23766

First published on : 22-09-2023 15:15:10
Last modified on : 22-09-2023 16:38:32

Description :
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2023-23766
Source : product-cna@github.com
CVSS Score : 4.5

References :
https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3 | source : product-cna@github.com

Vulnerability : CWE-697


Source : wordfence.com

Vulnerability ID : CVE-2023-4716

First published on : 22-09-2023 06:15:11
Last modified on : 22-09-2023 10:55:29

Description :
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4716
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1507 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1511 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1515 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1531 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2963256/media-library-assistant | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4774

First published on : 22-09-2023 06:15:11
Last modified on : 22-09-2023 10:55:22

Description :
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4774
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-piwik/tags/1.0.28/classes/WP_Piwik/Widget/OptOut.php#L28 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2969705/wp-piwik#file164 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4f041-4740-4ebb-afb3-10019ce571be?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : puiterwijk.org

Vulnerability ID : CVE-2023-5002

First published on : 22-09-2023 14:15:47
Last modified on : 22-09-2023 16:38:32

Description :
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CVE ID : CVE-2023-5002
Source : patrick@puiterwijk.org
CVSS Score : 6.0

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2239164 | source : patrick@puiterwijk.org
https://github.com/pgadmin-org/pgadmin4/issues/6763 | source : patrick@puiterwijk.org


Vulnerability ID : CVE-2023-43090

First published on : 22-09-2023 06:15:09
Last modified on : 22-09-2023 13:24:08

Description :
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVE ID : CVE-2023-43090
Source : patrick@puiterwijk.org
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-43090 | source : patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2239087 | source : patrick@puiterwijk.org
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 | source : patrick@puiterwijk.org
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 | source : patrick@puiterwijk.org


Source : mitre.org

Vulnerability ID : CVE-2023-43771

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program.

CVE ID : CVE-2023-43771
Source : cve@mitre.org
CVSS Score : 5.5

References :
https://github.com/mikebrady/nqptp/commit/b24789982d5cc067ecf6e8f3352b701d177530ec | source : cve@mitre.org
https://github.com/mikebrady/nqptp/releases/tag/1.2.3 | source : cve@mitre.org
https://github.com/mikebrady/nqptp/releases/tag/1.2.4 | source : cve@mitre.org


(0) LOW VULNERABILITIES [0.1, 3.9]

(21) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-31716

First published on : 22-09-2023 00:15:09
Last modified on : 22-09-2023 01:25:45

Description :
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log

CVE ID : CVE-2023-31716
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MateusTesser/CVE-2023-31716 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org


Vulnerability ID : CVE-2023-31717

First published on : 22-09-2023 00:15:11
Last modified on : 22-09-2023 01:25:45

Description :
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

CVE ID : CVE-2023-31717
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MateusTesser/CVE-2023-31717 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/IBMXTEI_5wY | source : cve@mitre.org


Vulnerability ID : CVE-2023-31718

First published on : 22-09-2023 00:15:11
Last modified on : 22-09-2023 01:25:45

Description :
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.

CVE ID : CVE-2023-31718
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MateusTesser/CVE-2023-31718 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/VCQkEGntN04 | source : cve@mitre.org


Vulnerability ID : CVE-2023-31719

First published on : 22-09-2023 00:15:11
Last modified on : 22-09-2023 01:25:45

Description :
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

CVE ID : CVE-2023-31719
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MateusTesser/CVE-2023-31719 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/cjb2KYpV6dY | source : cve@mitre.org


Vulnerability ID : CVE-2023-43760

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43760
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43761

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43761
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43762

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.

CVE ID : CVE-2023-43762
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43763

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.

CVE ID : CVE-2023-43763
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn | source : cve@mitre.org


Vulnerability ID : CVE-2023-43764

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux.

CVE ID : CVE-2023-43764
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43765

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43765
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43766

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43766
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43767

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43767
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43770

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 14:15:46

Description :
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

CVE ID : CVE-2023-43770
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html | source : cve@mitre.org
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released | source : cve@mitre.org


Vulnerability ID : CVE-2023-43782

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.

CVE ID : CVE-2023-43782
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1213983 | source : cve@mitre.org
https://github.com/falkTX/Cadence | source : cve@mitre.org


Vulnerability ID : CVE-2023-43783

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.

CVE ID : CVE-2023-43783
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1213985 | source : cve@mitre.org
https://github.com/falkTX/Cadence | source : cve@mitre.org


Vulnerability ID : CVE-2023-43784

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.

CVE ID : CVE-2023-43784
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html | source : cve@mitre.org
https://talk.plesk.com/threads/why-in-plesk-firehouse-aws-keys-are-public.369925/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43144

First published on : 22-09-2023 15:15:12
Last modified on : 22-09-2023 16:38:32

Description :
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.

CVE ID : CVE-2023-43144
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38346

First published on : 22-09-2023 19:15:09
Last modified on : 22-09-2023 19:15:09

Description :
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.

CVE ID : CVE-2023-38346
Source : cve@mitre.org
CVSS Score : /

References :
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346 | source : cve@mitre.org
https://support2.windriver.com/index.php?page=security-notices | source : cve@mitre.org
https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43270

First published on : 22-09-2023 19:15:11
Last modified on : 22-09-2023 19:15:11

Description :
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.

CVE ID : CVE-2023-43270
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE | source : cve@mitre.org


Vulnerability ID : CVE-2023-40989

First published on : 22-09-2023 20:15:09
Last modified on : 22-09-2023 20:15:09

Description :
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

CVE ID : CVE-2023-40989
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989 | source : cve@mitre.org


Source : xen.org

Vulnerability ID : CVE-2023-34319

First published on : 22-09-2023 14:15:45
Last modified on : 22-09-2023 16:38:32

Description :
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.

CVE ID : CVE-2023-34319
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-438.html | source : security@xen.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.