Latest vulnerabilities of Monday, October 16, 2023 + weekend

Latest vulnerabilities of Monday, October 16, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/16/2023 at 11:58:02 PM

(9) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : huntr.dev

Vulnerability ID : CVE-2023-5572

First published on : 13-10-2023 10:15:10
Last modified on : 13-10-2023 12:47:20

Description :
Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.

CVE ID : CVE-2023-5572
Source : security@huntr.dev
CVSS Score : 10.0

References :
https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23 | source : security@huntr.dev
https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be | source : security@huntr.dev

Vulnerability : CWE-918


Source : tech.gov.sg

Vulnerability ID : CVE-2023-3991

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-3991
Source : cve_disclosure@tech.gov.sg
CVSS Score : 10.0

References :
https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html | source : cve_disclosure@tech.gov.sg

Vulnerability : CWE-78


Source : cisco.com

Vulnerability ID : CVE-2023-20198

First published on : 16-10-2023 16:15:10
Last modified on : 16-10-2023 21:15:10

Description :
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available.

CVE ID : CVE-2023-20198
Source : ykramarz@cisco.com
CVSS Score : 10.0

References :
https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/ | source : ykramarz@cisco.com
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z | source : ykramarz@cisco.com


Source : github.com

Vulnerability ID : CVE-2023-45128

First published on : 16-10-2023 21:15:11
Last modified on : 16-10-2023 21:15:11

Description :
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45128
Source : security-advisories@github.com
CVSS Score : 10.0

References :
https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a | source : security-advisories@github.com
https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368 | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-352
Vulnerability : CWE-565
Vulnerability : CWE-807


Vulnerability ID : CVE-2023-45144

First published on : 16-10-2023 21:15:11
Last modified on : 16-10-2023 21:15:11

Description :
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.

CVE ID : CVE-2023-45144
Source : security-advisories@github.com
CVSS Score : 10.0

References :
https://github.com/xwikisas/identity-oauth/blob/master/ui/src/main/resources/IdentityOAuth/LoginUIExtension.vm#L58 | source : security-advisories@github.com
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6 | source : security-advisories@github.com
https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6#diff-2ab2e0716443d790d7d798320e4a45151661f4eca5440331f4a227b29c87c188 | source : security-advisories@github.com
https://github.com/xwikisas/identity-oauth/security/advisories/GHSA-h2rm-29ch-wfmh | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20719 | source : security-advisories@github.com

Vulnerability : CWE-79
Vulnerability : CWE-94


Source : 1e.com

Vulnerability ID : CVE-2023-45162

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23173 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this

CVE ID : CVE-2023-45162
Source : security@1e.com
CVSS Score : 9.9

References :
https://www.1e.com/trust-security-compliance/cve-info/ | source : security@1e.com

Vulnerability : CWE-89


Source : mitre.org

Vulnerability ID : CVE-2023-45466

First published on : 13-10-2023 13:15:12
Last modified on : 16-10-2023 18:41:36

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

CVE ID : CVE-2023-45466
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20pin_host%20parameter%20in%20wps%20setting.md | source : cve@mitre.org

Vulnerability : CWE-77

Vulnerable product(s) : cpe:2.3:o:netis-systems:n3mv2_firmware:1.0.1.865:*:*:*:*:*:*:*

Vulnerable product(s) : cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*


Source : yd.MitsubishiElectric.co.jp

Vulnerability ID : CVE-2023-4562

First published on : 13-10-2023 02:15:09
Last modified on : 13-10-2023 12:47:20

Description :
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.

CVE ID : CVE-2023-4562
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CVSS Score : 9.1

References :
https://jvn.jp/vu/JVNVU90509290/ | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnerability : CWE-287


Source : axis.com

Vulnerability ID : CVE-2023-21413

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21413
Source : product-security@axis.com
CVSS Score : 9.1

References :
https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf | source : product-security@axis.com


(37) HIGH VULNERABILITIES [7.0, 8.9]

Source : adobe.com

Vulnerability ID : CVE-2023-38218

First published on : 13-10-2023 07:15:40
Last modified on : 14-10-2023 01:47:06

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.

CVE ID : CVE-2023-38218
Source : psirt@adobe.com
CVSS Score : 8.8

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-639

Vulnerability : CWE-20

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38219

First published on : 13-10-2023 07:15:40
Last modified on : 14-10-2023 01:47:31

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.

CVE ID : CVE-2023-38219
Source : psirt@adobe.com
CVSS Score : 8.7

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38220

First published on : 13-10-2023 07:15:40
Last modified on : 14-10-2023 01:47:42

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-38220
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-285

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Source : otrs.com

Vulnerability ID : CVE-2023-5422

First published on : 16-10-2023 09:15:12
Last modified on : 16-10-2023 11:58:00

Description :
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

CVE ID : CVE-2023-5422
Source : security@otrs.com
CVSS Score : 8.7

References :
https://otrs.com/release-notes/otrs-security-advisory-2023-10/ | source : security@otrs.com

Vulnerability : CWE-295


Source : github.com

Vulnerability ID : CVE-2023-42459

First published on : 16-10-2023 21:15:10
Last modified on : 16-10-2023 21:15:10

Description :
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-42459
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/eProsima/Fast-DDS/issues/3207 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/pull/3824 | source : security-advisories@github.com
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm | source : security-advisories@github.com

Vulnerability : CWE-415
Vulnerability : CWE-416
Vulnerability : CWE-590


Vulnerability ID : CVE-2023-45141

First published on : 16-10-2023 21:15:11
Last modified on : 16-10-2023 21:15:11

Description :
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.

CVE ID : CVE-2023-45141
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/gofiber/fiber/security/advisories/GHSA-mv73-f69x-444p | source : security-advisories@github.com

Vulnerability : CWE-352
Vulnerability : CWE-565


Vulnerability ID : CVE-2023-45674

First published on : 14-10-2023 00:15:10
Last modified on : 14-10-2023 17:32:33

Description :
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.

CVE ID : CVE-2023-45674
Source : security-advisories@github.com
CVSS Score : 7.7

References :
https://github.com/FarmBot/Farmbot-Web-App/security/advisories/GHSA-pgq5-ff74-g7xq | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45130

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.

CVE ID : CVE-2023-45130
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/paritytech/frontier/commit/aea528198b3b226e0d20cce878551fd4c0e3d5d0 | source : security-advisories@github.com
https://github.com/paritytech/frontier/pull/1212 | source : security-advisories@github.com
https://github.com/paritytech/frontier/security/advisories/GHSA-gc88-2gvv-gp3v | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-40180

First published on : 16-10-2023 19:15:10
Last modified on : 16-10-2023 19:24:26

Description :
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-40180
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries | source : security-advisories@github.com
https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c | source : security-advisories@github.com
https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66 | source : security-advisories@github.com
https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries | source : security-advisories@github.com
https://www.silverstripe.org/download/security-releases/CVE-2023-40180 | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-45683

First published on : 16-10-2023 19:15:11
Last modified on : 16-10-2023 19:24:26

Description :
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.

CVE ID : CVE-2023-45683
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 | source : security-advisories@github.com
https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 | source : security-advisories@github.com

Vulnerability : CWE-79


Source : juniper.net

Vulnerability ID : CVE-2023-44194

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1.

CVE ID : CVE-2023-44194
Source : sirt@juniper.net
CVSS Score : 8.4

References :
https://supportportal.juniper.net/JSA73158 | source : sirt@juniper.net

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-44181

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:39

Description :
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.

CVE ID : CVE-2023-44181
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73145 | source : sirt@juniper.net
https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/rate-limiting-storm-control-disabling-cli-els.html | source : sirt@juniper.net


Vulnerability ID : CVE-2023-44185

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

CVE ID : CVE-2023-44185
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73146 | source : sirt@juniper.net

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44191

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

CVE ID : CVE-2023-44191
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73155 | source : sirt@juniper.net

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-44192

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.

CVE ID : CVE-2023-44192
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73156 | source : sirt@juniper.net

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44197

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.

CVE ID : CVE-2023-44197
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73163 | source : sirt@juniper.net

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-44199

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.

CVE ID : CVE-2023-44199
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73165 | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-44182

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:39

Description :
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

CVE ID : CVE-2023-44182
Source : sirt@juniper.net
CVSS Score : 7.3

References :
https://supportportal.juniper.net/JSA73149 | source : sirt@juniper.net
https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html | source : sirt@juniper.net
https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html | source : sirt@juniper.net

Vulnerability : CWE-252


Source : us.ibm.com

Vulnerability ID : CVE-2023-38280

First published on : 16-10-2023 02:15:47
Last modified on : 16-10-2023 11:58:00

Description :
IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.

CVE ID : CVE-2023-38280
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260740 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047713 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2022-43740

First published on : 14-10-2023 16:15:10
Last modified on : 14-10-2023 17:32:28

Description :
IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.

CVE ID : CVE-2022-43740
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/238921 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7028513 | source : psirt@us.ibm.com

Vulnerability : CWE-400


Source : rockwellautomation.com

Vulnerability ID : CVE-2023-29464

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.

CVE ID : CVE-2023-29464
Source : PSIRT@rockwellautomation.com
CVSS Score : 8.2

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141040 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20


Source : fortinet.com

Vulnerability ID : CVE-2023-33303

First published on : 13-10-2023 15:15:43
Last modified on : 16-10-2023 16:51:24

Description :
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request

CVE ID : CVE-2023-33303
Source : psirt@fortinet.com
CVSS Score : 8.1

References :
https://fortiguard.com/psirt/FG-IR-23-007 | source : psirt@fortinet.com

Vulnerability : CWE-613

Vulnerable product(s) : cpe:2.3:a:fortinet:fortiedr:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.0.1


Vulnerability ID : CVE-2023-41682

First published on : 13-10-2023 15:15:44
Last modified on : 16-10-2023 16:52:58

Description :
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.

CVE ID : CVE-2023-41682
Source : psirt@fortinet.com
CVSS Score : 7.5

References :
https://fortiguard.com/psirt/FG-IR-23-280 | source : psirt@fortinet.com

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.4.1
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.5.2
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.0.3
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*


Source : huntr.dev

Vulnerability ID : CVE-2023-5591

First published on : 16-10-2023 01:15:09
Last modified on : 16-10-2023 11:58:00

Description :
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

CVE ID : CVE-2023-5591
Source : security@huntr.dev
CVSS Score : 7.8

References :
https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e | source : security@huntr.dev
https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090 | source : security@huntr.dev

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5590

First published on : 15-10-2023 23:15:44
Last modified on : 16-10-2023 11:58:00

Description :
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

CVE ID : CVE-2023-5590
Source : security@huntr.dev
CVSS Score : 7.5

References :
https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6 | source : security@huntr.dev
https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99 | source : security@huntr.dev

Vulnerability : CWE-476


Source : zephyrproject.org

Vulnerability ID : CVE-2023-4263

First published on : 13-10-2023 21:15:51
Last modified on : 13-10-2023 21:31:49

Description :
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

CVE ID : CVE-2023-4263
Source : vulnerabilities@zephyrproject.org
CVSS Score : 7.6

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-4257

First published on : 13-10-2023 22:15:10
Last modified on : 14-10-2023 17:32:33

Description :
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

CVE ID : CVE-2023-4257
Source : vulnerabilities@zephyrproject.org
CVSS Score : 7.6

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120
Vulnerability : CWE-131


Vulnerability ID : CVE-2023-5563

First published on : 13-10-2023 00:15:13
Last modified on : 13-10-2023 12:47:20

Description :
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.

CVE ID : CVE-2023-5563
Source : vulnerabilities@zephyrproject.org
CVSS Score : 7.1

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-703


Source : redhat.com

Vulnerability ID : CVE-2023-5557

First published on : 13-10-2023 02:15:11
Last modified on : 13-10-2023 12:47:20

Description :
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVE ID : CVE-2023-5557
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-5557 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2243096 | source : secalert@redhat.com


Source : mitre.org

Vulnerability ID : CVE-2023-45463

First published on : 13-10-2023 13:15:11
Last modified on : 16-10-2023 18:33:53

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-45463
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20hostname%20parameter%20leads%20to%20DOS.md | source : cve@mitre.org

Vulnerability : CWE-120

Vulnerable product(s) : cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*

Vulnerable product(s) : cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-45468

First published on : 13-10-2023 13:15:12
Last modified on : 16-10-2023 18:38:51

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-45468
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md | source : cve@mitre.org

Vulnerability : CWE-120

Vulnerable product(s) : cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*

Vulnerable product(s) : cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-32974

First published on : 13-10-2023 20:15:10
Last modified on : 13-10-2023 21:31:49

Description :
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later

CVE ID : CVE-2023-32974
Source : security@qnapsecurity.com.tw
CVSS Score : 7.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-42 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-34975

First published on : 13-10-2023 20:15:10
Last modified on : 13-10-2023 21:31:49

Description :
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE ID : CVE-2023-34975
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-52 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : emc.com

Vulnerability ID : CVE-2023-43079

First published on : 13-10-2023 12:15:10
Last modified on : 13-10-2023 12:47:20

Description :
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

CVE ID : CVE-2023-43079
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-284


Source : snyk.io

Vulnerability ID : CVE-2023-26155

First published on : 14-10-2023 05:15:55
Last modified on : 14-10-2023 17:32:33

Description :
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.

CVE ID : CVE-2023-26155
Source : report@snyk.io
CVSS Score : 7.3

References :
https://github.com/nrhirani/node-qpdf/issues/23 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-NODEQPDF-5747918 | source : report@snyk.io


Source : vuldb.com

Vulnerability ID : CVE-2023-5589

First published on : 15-10-2023 23:15:44
Last modified on : 16-10-2023 11:58:00

Description :
A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.

CVE ID : CVE-2023-5589
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/GodRone/Judging-Management-System_SQL-injection/blob/main/Judging%20Management%20System_SQL%20injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242188 | source : cna@vuldb.com
https://vuldb.com/?id.242188 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : axis.com

Vulnerability ID : CVE-2023-21414

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21414
Source : product-security@axis.com
CVSS Score : 7.1

References :
https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf | source : product-security@axis.com


(108) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : adobe.com

Vulnerability ID : CVE-2023-26366

First published on : 13-10-2023 07:15:38
Last modified on : 14-10-2023 02:22:03

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.

CVE ID : CVE-2023-26366
Source : psirt@adobe.com
CVSS Score : 6.8

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-918

Vulnerability : CWE-918

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38221

First published on : 13-10-2023 07:15:40
Last modified on : 14-10-2023 01:48:06

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

CVE ID : CVE-2023-38221
Source : psirt@adobe.com
CVSS Score : 6.6

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38249

First published on : 13-10-2023 07:15:41
Last modified on : 14-10-2023 01:48:13

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

CVE ID : CVE-2023-38249
Source : psirt@adobe.com
CVSS Score : 6.6

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38250

First published on : 13-10-2023 07:15:41
Last modified on : 14-10-2023 01:48:28

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.

CVE ID : CVE-2023-38250
Source : psirt@adobe.com
CVSS Score : 6.6

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-38251

First published on : 13-10-2023 07:15:41
Last modified on : 14-10-2023 01:48:38

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-38251
Source : psirt@adobe.com
CVSS Score : 5.3

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-400

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Vulnerability ID : CVE-2023-26367

First published on : 13-10-2023 07:15:39
Last modified on : 14-10-2023 01:55:23

Description :
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-26367
Source : psirt@adobe.com
CVSS Score : 4.9

References :
https://helpx.adobe.com/security/products/magento/apsb23-50.html | source : psirt@adobe.com

Vulnerability : CWE-20

Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Vulnerable product(s) : cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*


Source : us.ibm.com

Vulnerability ID : CVE-2022-33165

First published on : 14-10-2023 15:15:09
Last modified on : 14-10-2023 17:32:28

Description :
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

CVE ID : CVE-2022-33165
Source : psirt@us.ibm.com
CVSS Score : 6.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228582 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047116 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047428 | source : psirt@us.ibm.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45176

First published on : 14-10-2023 16:15:10
Last modified on : 14-10-2023 17:32:28

Description :
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.

CVE ID : CVE-2023-45176
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267998 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7051448 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-32755

First published on : 14-10-2023 15:15:09
Last modified on : 14-10-2023 17:32:28

Description :
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.

CVE ID : CVE-2022-32755
Source : psirt@us.ibm.com
CVSS Score : 5.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228505 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047428 | source : psirt@us.ibm.com

Vulnerability : CWE-91


Vulnerability ID : CVE-2023-30994

First published on : 14-10-2023 17:15:09
Last modified on : 14-10-2023 17:32:28

Description :
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

CVE ID : CVE-2023-30994
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254138 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7049133 | source : psirt@us.ibm.com

Vulnerability : CWE-327


Vulnerability ID : CVE-2023-40367

First published on : 14-10-2023 17:15:09
Last modified on : 14-10-2023 17:32:28

Description :
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.

CVE ID : CVE-2023-40367
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263376 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7049133 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-33161

First published on : 14-10-2023 15:15:09
Last modified on : 14-10-2023 17:32:28

Description :
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.

CVE ID : CVE-2022-33161
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228569 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047116 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047428 | source : psirt@us.ibm.com

Vulnerability : CWE-311


Vulnerability ID : CVE-2022-43868

First published on : 14-10-2023 16:15:10
Last modified on : 14-10-2023 17:32:28

Description :
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.

CVE ID : CVE-2022-43868
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/239445 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7028513 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-33836

First published on : 16-10-2023 01:15:09
Last modified on : 16-10-2023 11:58:00

Description :
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.

CVE ID : CVE-2023-33836
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047640 | source : psirt@us.ibm.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-30987

First published on : 16-10-2023 21:15:10
Last modified on : 16-10-2023 21:15:10

Description :
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

CVE ID : CVE-2023-30987
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/253440 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047560 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-38720

First published on : 16-10-2023 21:15:10
Last modified on : 16-10-2023 21:15:10

Description :
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

CVE ID : CVE-2023-38720
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/261616 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047489 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-40378

First published on : 15-10-2023 02:15:09
Last modified on : 16-10-2023 11:58:00

Description :
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.

CVE ID : CVE-2023-40378
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263584 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047240 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-40377

First published on : 16-10-2023 01:15:09
Last modified on : 16-10-2023 11:58:00

Description :
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.

CVE ID : CVE-2023-40377
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263583 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7048121 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-35024

First published on : 14-10-2023 16:15:10
Last modified on : 14-10-2023 17:32:28

Description :
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.

CVE ID : CVE-2023-35024
Source : psirt@us.ibm.com
CVSS Score : 4.6

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/258349 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047198 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-40682

First published on : 13-10-2023 16:15:11
Last modified on : 13-10-2023 21:31:49

Description :
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.

CVE ID : CVE-2023-40682
Source : psirt@us.ibm.com
CVSS Score : 4.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7051204 | source : psirt@us.ibm.com

Vulnerability : CWE-532


Source : grafana.com

Vulnerability ID : CVE-2023-4822

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.

CVE ID : CVE-2023-4822
Source : security@grafana.com
CVSS Score : 6.7

References :
https://grafana.com/security/security-advisories/cve-2023-4822 | source : security@grafana.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-4457

First published on : 16-10-2023 10:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.

CVE ID : CVE-2023-4457
Source : security@grafana.com
CVSS Score : 5.5

References :
https://grafana.com/security/security-advisories/cve-2023-4457/ | source : security@grafana.com

Vulnerability : CWE-209


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-32976

First published on : 13-10-2023 20:15:10
Last modified on : 13-10-2023 21:31:49

Description :
An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later

CVE ID : CVE-2023-32976
Source : security@qnapsecurity.com.tw
CVSS Score : 6.6

References :
https://www.qnap.com/en/security-advisory/qsa-23-44 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-34977

First published on : 13-10-2023 20:15:10
Last modified on : 14-10-2023 01:49:11

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE ID : CVE-2023-34977
Source : security@qnapsecurity.com.tw
CVSS Score : 5.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-52 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-32970

First published on : 13-10-2023 20:15:09
Last modified on : 13-10-2023 21:31:49

Description :
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later

CVE ID : CVE-2023-32970
Source : security@qnapsecurity.com.tw
CVSS Score : 4.9

References :
https://www.qnap.com/en/security-advisory/qsa-23-41 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-34976

First published on : 13-10-2023 20:15:10
Last modified on : 13-10-2023 21:31:49

Description :
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE ID : CVE-2023-34976
Source : security@qnapsecurity.com.tw
CVSS Score : 4.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-52 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : juniper.net

Vulnerability ID : CVE-2023-44183

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2.

CVE ID : CVE-2023-44183
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA73148 | source : sirt@juniper.net
https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/sdn-vxlan.html | source : sirt@juniper.net
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/redundant-trunk-groups.html | source : sirt@juniper.net

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44184

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'

CVE ID : CVE-2023-44184
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA73147 | source : sirt@juniper.net

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-44196

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO.

CVE ID : CVE-2023-44196
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA73162 | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-44203

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.

CVE ID : CVE-2023-44203
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA73169 | source : sirt@juniper.net

Vulnerability : CWE-703


Vulnerability ID : CVE-2023-44204

First published on : 13-10-2023 00:15:13
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;

CVE ID : CVE-2023-44204
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA73170 | source : sirt@juniper.net

Vulnerability : CWE-1286


Vulnerability ID : CVE-2023-44198

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1.

CVE ID : CVE-2023-44198
Source : sirt@juniper.net
CVSS Score : 5.8

References :
https://supportportal.juniper.net/JSA73164 | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-44176

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:29

Description :
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.

CVE ID : CVE-2023-44176
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA73140 | source : sirt@juniper.net

Vulnerability : CWE-121
Vulnerability : CWE-787


Vulnerability ID : CVE-2023-44177

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:39

Description :
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.

CVE ID : CVE-2023-44177
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA73140 | source : sirt@juniper.net

Vulnerability : CWE-121
Vulnerability : CWE-787


Vulnerability ID : CVE-2023-44178

First published on : 13-10-2023 00:15:11
Last modified on : 13-10-2023 12:47:39

Description :
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2.

CVE ID : CVE-2023-44178
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA73140 | source : sirt@juniper.net

Vulnerability : CWE-121
Vulnerability : CWE-787


Vulnerability ID : CVE-2023-44193

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2.

CVE ID : CVE-2023-44193
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA73157 | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2023-44195

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.

CVE ID : CVE-2023-44195
Source : sirt@juniper.net
CVSS Score : 5.4

References :
https://supportportal.juniper.net/JSA73160 | source : sirt@juniper.net

Vulnerability : CWE-923


Vulnerability ID : CVE-2023-44201

First published on : 13-10-2023 00:15:12
Last modified on : 13-10-2023 12:47:39

Description :
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.

CVE ID : CVE-2023-44201
Source : sirt@juniper.net
CVSS Score : 5.0

References :
https://supprtportal.juniper.net/JSA73167 | source : sirt@juniper.net

Vulnerability : CWE-732


Source : huntr.dev

Vulnerability ID : CVE-2023-5571

First published on : 13-10-2023 10:15:10
Last modified on : 13-10-2023 12:47:20

Description :
Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.

CVE ID : CVE-2023-5571
Source : security@huntr.dev
CVSS Score : 6.5

References :
https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23 | source : security@huntr.dev
https://huntr.dev/bounties/926ca25f-dd4a-40cf-8e6b-9d7b5938e95a | source : security@huntr.dev

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-5564

First published on : 13-10-2023 01:15:56
Last modified on : 13-10-2023 12:47:20

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.

CVE ID : CVE-2023-5564
Source : security@huntr.dev
CVSS Score : 5.2

References :
https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa | source : security@huntr.dev
https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5595

First published on : 16-10-2023 09:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE ID : CVE-2023-5595
Source : security@huntr.dev
CVSS Score : 5.1

References :
https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1 | source : security@huntr.dev
https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e | source : security@huntr.dev

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-5573

First published on : 13-10-2023 10:15:10
Last modified on : 13-10-2023 12:47:20

Description :
Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.

CVE ID : CVE-2023-5573
Source : security@huntr.dev
CVSS Score : 4.7

References :
https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23 | source : security@huntr.dev
https://huntr.dev/bounties/46a2bb2c-712a-4008-a147-b862e3af7d72 | source : security@huntr.dev

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-5586

First published on : 15-10-2023 01:15:09
Last modified on : 16-10-2023 11:58:00

Description :
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE ID : CVE-2023-5586
Source : security@huntr.dev
CVSS Score : 4.4

References :
https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc | source : security@huntr.dev
https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 | source : security@huntr.dev

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-4829

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.

CVE ID : CVE-2023-4829
Source : security@huntr.dev
CVSS Score : 4.3

References :
https://github.com/froxlor/froxlor/commit/4711a414360782fe4fc94f7c25027077cbcdf73d | source : security@huntr.dev
https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b | source : security@huntr.dev

Vulnerability : CWE-79


Source : axis.com

Vulnerability ID : CVE-2023-21415

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21415
Source : product-security@axis.com
CVSS Score : 6.5

References :
https://www.axis.com/dam/public/58/0b/36/cve-2023-21415pdf-en-US-412759.pdf | source : product-security@axis.com


Source : patchstack.com

Vulnerability ID : CVE-2023-45638

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.

CVE ID : CVE-2023-45638
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/eupago-gateway-for-woocommerce/wordpress-eupago-gateway-for-woocommerce-plugin-3-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-44984

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.

CVE ID : CVE-2023-44984
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/bbp-style-pack/wordpress-bbp-style-pack-plugin-5-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44985

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.

CVE ID : CVE-2023-44985
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/buddymeet/wordpress-buddymeet-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44229

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

CVE ID : CVE-2023-44229
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/tiny-carousel-horizontal-slider/wordpress-tiny-carousel-horizontal-slider-plugin-8-1-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44986

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.

CVE ID : CVE-2023-44986
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/woocommerce-abandoned-cart/wordpress-abandoned-cart-lite-for-woocommerce-plugin-5-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44987

First published on : 16-10-2023 12:15:10
Last modified on : 16-10-2023 14:01:11

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.

CVE ID : CVE-2023-44987
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/timely-booking-button/wordpress-timely-booking-button-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46066

First published on : 16-10-2023 12:15:10
Last modified on : 16-10-2023 14:01:11

Description :
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions.

CVE ID : CVE-2023-46066
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/mediabay-lite/wordpress-mediabay-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-38000

First published on : 13-10-2023 10:15:09
Last modified on : 16-10-2023 17:04:06

Description :
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

CVE ID : CVE-2023-38000
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.9.7
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.0.5
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.1.3
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.2.2
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.3.1

Vulnerable product(s) : cpe:2.3:a:wordpress:gutenberg:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 16.8.0


Vulnerability ID : CVE-2023-45109

First published on : 13-10-2023 14:15:10
Last modified on : 13-10-2023 14:44:03

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.

CVE ID : CVE-2023-45109
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/white-page-publication/wordpress-whitepage-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45269

First published on : 13-10-2023 16:15:12
Last modified on : 13-10-2023 21:31:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.23 versions.

CVE ID : CVE-2023-45269
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-2-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45276

First published on : 13-10-2023 16:15:13
Last modified on : 13-10-2023 21:31:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.

CVE ID : CVE-2023-45276
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/automated-editor/wordpress-automated-editor-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45629

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.

CVE ID : CVE-2023-45629
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45656

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.

CVE ID : CVE-2023-45656
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/lazy-load-for-videos/wordpress-lazy-load-for-videos-plugin-2-18-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45641

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.

CVE ID : CVE-2023-45641
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/caret-country-access-limit/wordpress-caret-country-access-limit-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45642

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.

CVE ID : CVE-2023-45642
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/snap-pixel/wordpress-snap-pixel-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45645

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.

CVE ID : CVE-2023-45645
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/wp-open-street-map/wordpress-wp-open-street-map-plugin-1-25-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45647

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.

CVE ID : CVE-2023-45647
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45763

First published on : 16-10-2023 11:15:45
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions.

CVE ID : CVE-2023-45763
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45831

First published on : 16-10-2023 11:15:45
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

CVE ID : CVE-2023-45831
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/amp-wp/wordpress-amp-wp-google-amp-for-wordpress-plugin-1-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-39999

First published on : 13-10-2023 12:15:09
Last modified on : 16-10-2023 16:15:53

Description :
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

CVE ID : CVE-2023-39999
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : NVD-CWE-noinfo

Vulnerability : CWE-200

Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.1.38
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.35
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.3.31
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.4.30
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.5.29
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.6.26
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.7.26
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.8.22
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.9.23
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.0.19
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.1.16
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.2.18
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.3.15
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.4.13
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.5.12
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.6.11
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.7.9
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.8.7
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 5.9.7
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.0.5
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.1.3
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.2.2
Vulnerable product(s) : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-45107

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.

CVE ID : CVE-2023-45107
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/goodbarber/wordpress-goodbarber-plugin-1-0-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45108

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.

CVE ID : CVE-2023-45108
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/mailrelay/wordpress-mailrelay-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45267

First published on : 13-10-2023 15:15:44
Last modified on : 13-10-2023 15:20:17

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.

CVE ID : CVE-2023-45267
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45268

First published on : 13-10-2023 15:15:44
Last modified on : 13-10-2023 15:20:17

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.

CVE ID : CVE-2023-45268
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45270

First published on : 13-10-2023 16:15:12
Last modified on : 13-10-2023 21:31:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.

CVE ID : CVE-2023-45270
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/booking-system/wordpress-pinpoint-booking-system-plugin-2-9-9-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45273

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.

CVE ID : CVE-2023-45273
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/stout-google-calendar/wordpress-stout-google-calendar-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45274

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.

CVE ID : CVE-2023-45274
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/sendpulse-web-push/wordpress-sendpulse-free-web-push-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45605

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.

CVE ID : CVE-2023-45605
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wordpress-feed-statistics/wordpress-feed-statistics-plugin-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45606

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.

CVE ID : CVE-2023-45606
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/simple-urls/wordpress-simple-urls-plugin-120-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45650

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.

CVE ID : CVE-2023-45650
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/html5-maps/wordpress-html5-maps-plugin-1-7-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45651

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <= 5.0.6 versions.

CVE ID : CVE-2023-45651
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-attachments/wordpress-wp-attachments-plugin-5-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45653

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.

CVE ID : CVE-2023-45653
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/video-playlist-for-youtube/wordpress-video-playlist-for-youtube-plugin-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45654

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

CVE ID : CVE-2023-45654
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45655

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

CVE ID : CVE-2023-45655
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://github.com/pixelgrade/pixfields/releases/tag/0.7.1 | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/pixfields/wordpress-pixfields-plugin-0-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45639

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.

CVE ID : CVE-2023-45639
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/sort-searchresult-by-title/wordpress-sort-searchresult-by-title-plugin-10-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45643

First published on : 16-10-2023 10:15:11
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.

CVE ID : CVE-2023-45643
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45748

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.

CVE ID : CVE-2023-45748
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45749

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

CVE ID : CVE-2023-45749
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/agp-font-awesome-collection/wordpress-agp-font-awesome-collection-plugin-3-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45752

First published on : 16-10-2023 11:15:44
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions.

CVE ID : CVE-2023-45752
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/simple-post-gallery/wordpress-post-gallery-plugin-2-3-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45753

First published on : 16-10-2023 11:15:45
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.

CVE ID : CVE-2023-45753
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45836

First published on : 16-10-2023 11:15:45
Last modified on : 16-10-2023 11:58:00

Description :
Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

CVE ID : CVE-2023-45836
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46087

First published on : 16-10-2023 15:15:17
Last modified on : 16-10-2023 18:33:43

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.

CVE ID : CVE-2023-46087
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/who-hit-the-page-hit-counter/wordpress-who-hit-the-page-hit-counter-plugin-1-4-14-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : github.com

Vulnerability ID : CVE-2023-45151

First published on : 16-10-2023 19:15:10
Last modified on : 16-10-2023 19:24:26

Description :
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45151
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/38398 | source : security-advisories@github.com
https://hackerone.com/reports/1994324 | source : security-advisories@github.com

Vulnerability : CWE-312


Vulnerability ID : CVE-2023-39960

First published on : 13-10-2023 13:15:11
Last modified on : 13-10-2023 13:46:47

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.

CVE ID : CVE-2023-39960
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/38046 | source : security-advisories@github.com
https://hackerone.com/reports/1924212 | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-45147

First published on : 16-10-2023 21:15:11
Last modified on : 16-10-2023 21:15:11

Description :
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.

CVE ID : CVE-2023-45147
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/discourse/discourse/security/advisories/GHSA-wm89-m359-f9qv | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-45669

First published on : 16-10-2023 19:15:11
Last modified on : 16-10-2023 19:24:26

Description :
WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45669
Source : security-advisories@github.com
CVSS Score : 4.8

References :
https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725 | source : security-advisories@github.com
https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j | source : security-advisories@github.com
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-45148

First published on : 16-10-2023 19:15:10
Last modified on : 16-10-2023 19:24:26

Description :
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.

CVE ID : CVE-2023-45148
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/40293 | source : security-advisories@github.com
https://hackerone.com/reports/2110945 | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-45660

First published on : 16-10-2023 19:15:11
Last modified on : 16-10-2023 19:24:26

Description :
Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45660
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/mail/pull/8459 | source : security-advisories@github.com
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37 | source : security-advisories@github.com
https://hackerone.com/reports/1895874 | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-45149

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45149
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7rf8-pqmj-rpqv | source : security-advisories@github.com
https://github.com/nextcloud/spreed/pull/10545 | source : security-advisories@github.com
https://hackerone.com/reports/2094473 | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-45150

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.

CVE ID : CVE-2023-45150
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/calendar/pull/5358 | source : security-advisories@github.com
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r936-8gwm-w452 | source : security-advisories@github.com
https://hackerone.com/reports/2058337 | source : security-advisories@github.com

Vulnerability : CWE-400


Source : wordfence.com

Vulnerability ID : CVE-2023-4995

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4995
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/embed-calendly-scheduling/tags/3.6/includes/embed.php#L140 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1bf83df-7a1f-4572-9c8d-1013750d51d7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-1259

First published on : 14-10-2023 12:15:09
Last modified on : 14-10-2023 17:32:28

Description :
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-1259
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/browser/hotjar/tags/1.0.14/includes/class-hotjar.php#L40 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-5580

First published on : 14-10-2023 12:15:10
Last modified on : 14-10-2023 17:32:28

Description :
A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability.

CVE ID : CVE-2023-5580
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/GodRone/CVE/blob/main/SerBermz_SQL%20injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242145 | source : cna@vuldb.com
https://vuldb.com/?id.242145 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5587

First published on : 15-10-2023 22:15:15
Last modified on : 16-10-2023 11:58:00

Description :
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5587
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/GodRone/Hospital-Management-System_SQL-injection/blob/main/Hospital%20Management%20System_SQL%20injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242186 | source : cna@vuldb.com
https://vuldb.com/?id.242186 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : fortinet.com

Vulnerability ID : CVE-2023-41680

First published on : 13-10-2023 15:15:44
Last modified on : 16-10-2023 16:05:54

Description :
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE ID : CVE-2023-41680
Source : psirt@fortinet.com
CVSS Score : 6.1

References :
https://fortiguard.com/psirt/FG-IR-23-311 | source : psirt@fortinet.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.5.2
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.0.7
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.1.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.0.3
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.4.1
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:2.4.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41681

First published on : 13-10-2023 15:15:44
Last modified on : 16-10-2023 16:06:42

Description :
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE ID : CVE-2023-41681
Source : psirt@fortinet.com
CVSS Score : 6.1

References :
https://fortiguard.com/psirt/FG-IR-23-311 | source : psirt@fortinet.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.5.2
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.0.7
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.1.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.0.3
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.4.1
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:2.4.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41836

First published on : 13-10-2023 15:15:44
Last modified on : 16-10-2023 16:07:05

Description :
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE ID : CVE-2023-41836
Source : psirt@fortinet.com
CVSS Score : 6.1

References :
https://fortiguard.com/psirt/FG-IR-23-215 | source : psirt@fortinet.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.0.7
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.1.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.0.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41843

First published on : 13-10-2023 15:15:44
Last modified on : 16-10-2023 14:27:20

Description :
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE ID : CVE-2023-41843
Source : psirt@fortinet.com
CVSS Score : 5.4

References :
https://fortiguard.com/psirt/FG-IR-23-273 | source : psirt@fortinet.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.5.2
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.0.7
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.1.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.2.4
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.0.3
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.2.5
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.4.1
Vulnerable product(s) : cpe:2.3:a:fortinet:fortisandbox:2.4.1:*:*:*:*:*:*:*


Source : mitre.org

Vulnerability ID : CVE-2023-30148

First published on : 14-10-2023 04:15:10
Last modified on : 14-10-2023 17:32:33

Description :
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

CVE ID : CVE-2023-30148
Source : cve@mitre.org
CVSS Score : 6.1

References :
https://security.friendsofpresta.org/modules/2023/10/10/opartmultihtmlblock.html | source : cve@mitre.org


Source : redhat.com

Vulnerability ID : CVE-2023-42752

First published on : 13-10-2023 02:15:09
Last modified on : 13-10-2023 12:47:20

Description :
An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

CVE ID : CVE-2023-42752
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-42752 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239828 | source : secalert@redhat.com
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa | source : secalert@redhat.com
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2 | source : secalert@redhat.com


Source : otrs.com

Vulnerability ID : CVE-2023-38059

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

CVE ID : CVE-2023-38059
Source : security@otrs.com
CVSS Score : 5.3

References :
https://otrs.com/release-notes/otrs-security-advisory-2023-08/ | source : security@otrs.com

Vulnerability : CWE-200


Source : cert.vde.com

Vulnerability ID : CVE-2023-4834

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

CVE ID : CVE-2023-4834
Source : info@cert.vde.com
CVSS Score : 4.3

References :
https://cert.vde.com/en/advisories/VDE-2023-041 | source : info@cert.vde.com
https://cert.vde.com/en/advisories/VDE-2023-043 | source : info@cert.vde.com

Vulnerability : CWE-269


Source : microsoft.com

Vulnerability ID : CVE-2023-36559

First published on : 13-10-2023 21:15:51
Last modified on : 13-10-2023 21:31:49

Description :
Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE ID : CVE-2023-36559
Source : secure@microsoft.com
CVSS Score : 4.2

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559 | source : secure@microsoft.com


(11) LOW VULNERABILITIES [0.1, 3.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-32973

First published on : 13-10-2023 20:15:09
Last modified on : 13-10-2023 21:31:49

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later

CVE ID : CVE-2023-32973
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-41 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-121


Source : vuldb.com

Vulnerability ID : CVE-2023-5578

First published on : 14-10-2023 11:15:45
Last modified on : 14-10-2023 17:32:28

Description :
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");'> <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5578
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.242143 | source : cna@vuldb.com
https://vuldb.com/?id.242143 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5579

First published on : 14-10-2023 12:15:10
Last modified on : 14-10-2023 17:32:28

Description :
A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144.

CVE ID : CVE-2023-5579
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/cojoben/Sendbox/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242144 | source : cna@vuldb.com
https://vuldb.com/?id.242144 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-5581

First published on : 14-10-2023 13:15:09
Last modified on : 14-10-2023 17:32:28

Description :
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5581
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242146 | source : cna@vuldb.com
https://vuldb.com/?id.242146 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5582

First published on : 14-10-2023 14:15:10
Last modified on : 14-10-2023 17:32:28

Description :
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.

CVE ID : CVE-2023-5582
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Jacky-Y/vuls/blob/main/vul8.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.242147 | source : cna@vuldb.com
https://vuldb.com/?id.242147 | source : cna@vuldb.com

Vulnerability : CWE-80


Vulnerability ID : CVE-2023-5588

First published on : 15-10-2023 22:15:15
Last modified on : 16-10-2023 11:58:00

Description :
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.

CVE ID : CVE-2023-5588
Source : cna@vuldb.com
CVSS Score : 2.6

References :
https://github.com/kphrx/pleroma/commit/2c795094535537a8607cc0d3b7f076a609636f40 | source : cna@vuldb.com
https://github.com/kphrx/pleroma/pull/197 | source : cna@vuldb.com
https://vuldb.com/?ctiid.242187 | source : cna@vuldb.com
https://vuldb.com/?id.242187 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-5585

First published on : 15-10-2023 00:15:10
Last modified on : 16-10-2023 11:58:00

Description :
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5585
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://vuldb.com/?ctiid.242170 | source : cna@vuldb.com
https://vuldb.com/?id.242170 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : otrs.com

Vulnerability ID : CVE-2023-5421

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

CVE ID : CVE-2023-5421
Source : security@otrs.com
CVSS Score : 3.5

References :
https://otrs.com/release-notes/otrs-security-advisory-2023-09/ | source : security@otrs.com

Vulnerability : CWE-20


Source : us.ibm.com

Vulnerability ID : CVE-2023-35018

First published on : 16-10-2023 00:15:10
Last modified on : 16-10-2023 11:58:00

Description :
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.

CVE ID : CVE-2023-35018
Source : psirt@us.ibm.com
CVSS Score : 3.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/259382 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7050358 | source : psirt@us.ibm.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-35013

First published on : 16-10-2023 00:15:10
Last modified on : 16-10-2023 11:58:00

Description :
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.

CVE ID : CVE-2023-35013
Source : psirt@us.ibm.com
CVSS Score : 2.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/257769 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7050358 | source : psirt@us.ibm.com

Vulnerability : CWE-540


Source : huntr.dev

Vulnerability ID : CVE-2023-4517

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

CVE ID : CVE-2023-4517
Source : security@huntr.dev
CVSS Score : 3.2

References :
https://github.com/hestiacp/hestiacp/commit/d30e3edbca5915235643e46ab222cb7aed9b319a | source : security@huntr.dev
https://huntr.dev/bounties/508d1d21-c45d-47ff-833f-50c671882e51 | source : security@huntr.dev

Vulnerability : CWE-79


(109) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-45464

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-45464
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20servDomain%20parameter%20leads%20to%20DOS.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45465

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

CVE ID : CVE-2023-45465
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20ddnsDomainName%20parameter%20in%20Dynamic%20DNS%20setting.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45467

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

CVE ID : CVE-2023-45467
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20ntpServIP%20parameter%20in%20Time%20Settings%20.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45391

First published on : 13-10-2023 14:15:10
Last modified on : 13-10-2023 14:44:03

Description :
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.

CVE ID : CVE-2023-45391
Source : cve@mitre.org
CVSS Score : /

References :
https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-stored-xss.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45393

First published on : 13-10-2023 14:15:10
Last modified on : 13-10-2023 14:44:03

Description :
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.

CVE ID : CVE-2023-45393
Source : cve@mitre.org
CVSS Score : /

References :
https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-idor.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45852

First published on : 14-10-2023 02:15:09
Last modified on : 14-10-2023 17:32:33

Description :
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

CVE ID : CVE-2023-45852
Source : cve@mitre.org
CVSS Score : /

References :
https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html | source : cve@mitre.org
https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45853

First published on : 14-10-2023 02:15:09
Last modified on : 14-10-2023 17:32:33

Description :
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.

CVE ID : CVE-2023-45853
Source : cve@mitre.org
CVSS Score : /

References :
https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356 | source : cve@mitre.org
https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61 | source : cve@mitre.org
https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4 | source : cve@mitre.org
https://github.com/madler/zlib/pull/843 | source : cve@mitre.org
https://www.winimage.com/zLibDll/minizip.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-30154

First published on : 14-10-2023 04:15:11
Last modified on : 14-10-2023 17:32:33

Description :
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.

CVE ID : CVE-2023-30154
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/10/aftermailpresta.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-44037

First published on : 14-10-2023 05:15:55
Last modified on : 14-10-2023 17:32:33

Description :
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.

CVE ID : CVE-2023-44037
Source : cve@mitre.org
CVSS Score : /

References :
https://psirt.zpesystems.com/portal/en/kb/articles/security-advisory-zpe-ng-2023-002 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45855

First published on : 14-10-2023 05:15:55
Last modified on : 14-10-2023 17:32:33

Description :
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.

CVE ID : CVE-2023-45855
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/Directory%20Traversal.md | source : cve@mitre.org
https://qdpm.net | source : cve@mitre.org


Vulnerability ID : CVE-2023-45856

First published on : 14-10-2023 05:15:55
Last modified on : 14-10-2023 17:32:28

Description :
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.

CVE ID : CVE-2023-45856
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/RCE.md | source : cve@mitre.org
https://qdpm.net | source : cve@mitre.org


Vulnerability ID : CVE-2023-45862

First published on : 14-10-2023 21:15:45
Last modified on : 16-10-2023 11:58:00

Description :
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.

CVE ID : CVE-2023-45862
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce33e64c1788912976b61314b56935abd4bc97ef | source : cve@mitre.org


Vulnerability ID : CVE-2023-45863

First published on : 14-10-2023 21:15:45
Last modified on : 16-10-2023 11:58:00

Description :
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

CVE ID : CVE-2023-45863
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45871

First published on : 15-10-2023 01:15:09
Last modified on : 16-10-2023 11:58:00

Description :
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

CVE ID : CVE-2023-45871
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f | source : cve@mitre.org


Vulnerability ID : CVE-2018-25091

First published on : 15-10-2023 19:15:09
Last modified on : 16-10-2023 11:58:00

Description :
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

CVE ID : CVE-2018-25091
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc | source : cve@mitre.org
https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2 | source : cve@mitre.org
https://github.com/urllib3/urllib3/issues/1510 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38312

First published on : 15-10-2023 19:15:09
Last modified on : 16-10-2023 11:58:00

Description :
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.

CVE ID : CVE-2023-38312
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read | source : cve@mitre.org


Vulnerability ID : CVE-2022-48612

First published on : 16-10-2023 00:15:10
Last modified on : 16-10-2023 11:58:00

Description :
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.

CVE ID : CVE-2022-48612
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.zerdle.net/classlink/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40790

First published on : 16-10-2023 03:15:09
Last modified on : 16-10-2023 04:15:11

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-40790
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-40791

First published on : 16-10-2023 03:15:09
Last modified on : 16-10-2023 11:58:00

Description :
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

CVE ID : CVE-2023-40791
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f | source : cve@mitre.org
https://lkml.org/lkml/2023/8/3/323 | source : cve@mitre.org
https://lore.kernel.org/linux-crypto/20571.1690369076@warthog.procyon.org.uk/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45898

First published on : 16-10-2023 03:15:09
Last modified on : 16-10-2023 11:58:00

Description :
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

CVE ID : CVE-2023-45898
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec | source : cve@mitre.org
https://lkml.org/lkml/2023/8/13/477 | source : cve@mitre.org
https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a@huawei.com/T/ | source : cve@mitre.org
https://www.spinics.net/lists/stable-commits/msg317086.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-36340

First published on : 16-10-2023 05:15:49
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

CVE ID : CVE-2023-36340
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/TOTOLINK-NR1800X.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36947

First published on : 16-10-2023 05:15:49
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

CVE ID : CVE-2023-36947
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36952

First published on : 16-10-2023 05:15:49
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.

CVE ID : CVE-2023-36952
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36950

First published on : 16-10-2023 06:15:10
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

CVE ID : CVE-2023-36950
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36953

First published on : 16-10-2023 06:15:10
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

CVE ID : CVE-2023-36953
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36954

First published on : 16-10-2023 06:15:10
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

CVE ID : CVE-2023-36954
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36955

First published on : 16-10-2023 06:15:11
Last modified on : 16-10-2023 11:58:00

Description :
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

CVE ID : CVE-2023-36955
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_4.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44808

First published on : 16-10-2023 06:15:11
Last modified on : 16-10-2023 11:58:00

Description :
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.

CVE ID : CVE-2023-44808
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44809

First published on : 16-10-2023 06:15:11
Last modified on : 16-10-2023 11:58:00

Description :
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.

CVE ID : CVE-2023-44809
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45572

First published on : 16-10-2023 06:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.

CVE ID : CVE-2023-45572
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45573

First published on : 16-10-2023 06:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.

CVE ID : CVE-2023-45573
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug7.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45574

First published on : 16-10-2023 06:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.

CVE ID : CVE-2023-45574
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45575

First published on : 16-10-2023 06:15:12
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.

CVE ID : CVE-2023-45575
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45576

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.

CVE ID : CVE-2023-45576
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45577

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
An issue in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.

CVE ID : CVE-2023-45577
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45578

First published on : 16-10-2023 07:15:08
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.

CVE ID : CVE-2023-45578
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug4.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45579

First published on : 16-10-2023 07:15:09
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.

CVE ID : CVE-2023-45579
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug8.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45580

First published on : 16-10-2023 07:15:09
Last modified on : 16-10-2023 11:58:00

Description :
Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.

CVE ID : CVE-2023-45580
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug6.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45984

First published on : 16-10-2023 18:15:16
Last modified on : 16-10-2023 18:33:43

Description :
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

CVE ID : CVE-2023-45984
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45985

First published on : 16-10-2023 18:15:16
Last modified on : 16-10-2023 18:33:43

Description :
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE ID : CVE-2023-45985
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43120

First published on : 16-10-2023 19:15:10
Last modified on : 16-10-2023 19:24:26

Description :
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.

CVE ID : CVE-2023-43120
Source : cve@mitre.org
CVSS Score : /

References :
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114377 | source : cve@mitre.org


Vulnerability ID : CVE-2023-29484

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.

CVE ID : CVE-2023-29484
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.terminalfour.com/articles/security-notices/cve-2023-29484/ | source : cve@mitre.org
https://docs.terminalfour.com/release-notes/83/16.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43118

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

CVE ID : CVE-2023-43118
Source : cve@mitre.org
CVSS Score : /

References :
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114379 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43119

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

CVE ID : CVE-2023-43119
Source : cve@mitre.org
CVSS Score : /

References :
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114378 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43121

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.

CVE ID : CVE-2023-43121
Source : cve@mitre.org
CVSS Score : /

References :
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114376 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40851

First published on : 16-10-2023 21:15:10
Last modified on : 16-10-2023 21:15:10

Description :
Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.

CVE ID : CVE-2023-40851
Source : cve@mitre.org
CVSS Score : /

References :
https://www.exploit-db.com/exploits/51694 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40852

First published on : 16-10-2023 21:15:10
Last modified on : 16-10-2023 21:15:10

Description :
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.

CVE ID : CVE-2023-40852
Source : cve@mitre.org
CVSS Score : /

References :
https://www.exploit-db.com/exploits/51695 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45542

First published on : 16-10-2023 21:15:11
Last modified on : 16-10-2023 21:15:11

Description :
Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.

CVE ID : CVE-2023-45542
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ahrixia/CVE-2023-45542 | source : cve@mitre.org


Source : devolutions.net

Vulnerability ID : CVE-2023-5240

First published on : 13-10-2023 13:15:12
Last modified on : 13-10-2023 13:46:47

Description :
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

CVE ID : CVE-2023-5240
Source : security@devolutions.net
CVSS Score : /

References :
https://devolutions.net/security/advisories/DEVO-2023-0017 | source : security@devolutions.net


Vulnerability ID : CVE-2023-5575

First published on : 16-10-2023 14:15:10
Last modified on : 16-10-2023 18:33:43

Description :
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.

CVE ID : CVE-2023-5575
Source : security@devolutions.net
CVSS Score : /

References :
https://devolutions.net/security/advisories/DEVO-2023-0018 | source : security@devolutions.net


Source : hp.com

Vulnerability ID : CVE-2023-4499

First published on : 13-10-2023 17:15:09
Last modified on : 13-10-2023 21:31:49

Description :
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.

CVE ID : CVE-2023-4499
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9440593-9440618-16 | source : hp-security-alert@hp.com


Vulnerability ID : CVE-2023-5409

First published on : 13-10-2023 17:15:09
Last modified on : 13-10-2023 21:31:49

Description :
HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

CVE ID : CVE-2023-5409
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9441200-9441233-16 | source : hp-security-alert@hp.com


Vulnerability ID : CVE-2023-5449

First published on : 13-10-2023 17:15:09
Last modified on : 13-10-2023 21:31:49

Description :
A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.

CVE ID : CVE-2023-5449
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9438665-9438794-16 | source : hp-security-alert@hp.com


Source : apache.org

Vulnerability ID : CVE-2023-42663

First published on : 14-10-2023 10:15:09
Last modified on : 14-10-2023 17:32:28

Description :
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVE ID : CVE-2023-42663
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/airflow/pull/34315 | source : security@apache.org
https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9 | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-42780

First published on : 14-10-2023 10:15:10
Last modified on : 14-10-2023 17:32:28

Description :
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVE ID : CVE-2023-42780
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/airflow/pull/34355 | source : security@apache.org
https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-42792

First published on : 14-10-2023 10:15:10
Last modified on : 14-10-2023 17:32:28

Description :
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVE ID : CVE-2023-42792
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/airflow/pull/34366 | source : security@apache.org
https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq | source : security@apache.org

Vulnerability : CWE-668


Vulnerability ID : CVE-2023-45348

First published on : 14-10-2023 10:15:10
Last modified on : 14-10-2023 17:32:28

Description :
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.

CVE ID : CVE-2023-45348
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/airflow/pull/34712 | source : security@apache.org
https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9 | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-43666

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8623

CVE ID : CVE-2023-43666
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/scbgh3ty3xcxm3q33r2t9f42gwwo1why | source : security@apache.org

Vulnerability : CWE-345


Vulnerability ID : CVE-2023-43667

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628

CVE ID : CVE-2023-43667
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/spnb378g268p1f902fr9kqyph2k8n543 | source : security@apache.org

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-43668

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604

CVE ID : CVE-2023-43668
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5sh | source : security@apache.org

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-45757

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 15:15:17

Description :
Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature

CVE ID : CVE-2023-45757
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/16/8 | source : security@apache.org
https://lists.apache.org/thread/6syxv32fqgl30brfpttrk4rfsb983hl4 | source : security@apache.org

Vulnerability : CWE-79


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-45158

First published on : 16-10-2023 08:15:09
Last modified on : 16-10-2023 11:58:00

Description :
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.

CVE ID : CVE-2023-45158
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
http://web2py.com/ | source : vultures@jpcert.or.jp
http://web2py.com/init/default/download | source : vultures@jpcert.or.jp
https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3 | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN80476432/ | source : vultures@jpcert.or.jp


Source : wpscan.com

Vulnerability ID : CVE-2023-3392

First published on : 16-10-2023 09:15:10
Last modified on : 16-10-2023 11:58:00

Description :
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

CVE ID : CVE-2023-3392
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/1e733ccf-8026-4831-9863-e505c2aecba6 | source : contact@wpscan.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-4620

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators

CVE ID : CVE-2023-4620
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/084e9494-2f9e-4420-9bf7-78a1a41433d7 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4827

First published on : 16-10-2023 09:15:11
Last modified on : 16-10-2023 11:58:00

Description :
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.

CVE ID : CVE-2023-4827
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d4daf0e1-8018-448a-964c-427a355e005f | source : contact@wpscan.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-3154

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

CVE ID : CVE-2023-3154
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e | source : contact@wpscan.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-3155

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

CVE ID : CVE-2023-3155
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da | source : contact@wpscan.com

Vulnerability : CWE-552


Vulnerability ID : CVE-2023-3279

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

CVE ID : CVE-2023-3279
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635 | source : contact@wpscan.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-3706

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector

CVE ID : CVE-2023-3706
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a | source : contact@wpscan.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-3707

First published on : 16-10-2023 20:15:14
Last modified on : 16-10-2023 20:15:14

Description :
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue.

CVE ID : CVE-2023-3707
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48 | source : contact@wpscan.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-3746

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-3746
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c15a6032-6495-47a8-828c-37e55ed9665a | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4289

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-4289
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/38c337c6-048f-4009-aef8-29c18afa6fdc | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4290

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin

CVE ID : CVE-2023-4290
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/5fad5245-a089-4ba3-9958-1e2c3d066eea | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4388

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4388
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/4086b62c-c527-4721-af63-7f2687c98648 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4643

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

CVE ID : CVE-2023-4643
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1 | source : contact@wpscan.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-4646

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE ID : CVE-2023-4646
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c34f8dcc-3be6-44ad-91a4-7c3a0ce2f9d7 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4666

First published on : 16-10-2023 20:15:15
Last modified on : 16-10-2023 20:15:15

Description :
The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

CVE ID : CVE-2023-4666
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be | source : contact@wpscan.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4687

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.

CVE ID : CVE-2023-4687
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/31596fc5-4203-40c4-9b0a-e8a37faafddd | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4691

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE ID : CVE-2023-4691
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/5085ec75-0795-4004-955d-e71b3d2c26c6 | source : contact@wpscan.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4725

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4725
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e9b9a594-c960-4692-823e-23fc60cca7e7 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4776

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

CVE ID : CVE-2023-4776
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df | source : contact@wpscan.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4783

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE ID : CVE-2023-4783
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/02928db8-ceb3-471a-b626-ca661d073e4f | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4795

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

CVE ID : CVE-2023-4795
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4798

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.

CVE ID : CVE-2023-4798
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4800

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.

CVE ID : CVE-2023-4800
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7eae1434-8c7a-4291-912d-a4a07b73ee56 | source : contact@wpscan.com

Vulnerability : CWE-425


Vulnerability ID : CVE-2023-4805

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4805
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/1049e940-49b1-4236-bea2-c636f35c5647 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4811

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

CVE ID : CVE-2023-4811
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7f9271f2-4de4-4be3-8746-2a3f149eb1d1 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4819

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.

CVE ID : CVE-2023-4819
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/4423b023-cf4a-46cb-b314-7a09ac08b29a | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4820

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

CVE ID : CVE-2023-4820
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4821

First published on : 16-10-2023 20:15:16
Last modified on : 16-10-2023 20:15:16

Description :
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

CVE ID : CVE-2023-4821
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4861

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.

CVE ID : CVE-2023-4861
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7fa03f00-25c7-4e40-8592-bb4001ce019d | source : contact@wpscan.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-4862

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.

CVE ID : CVE-2023-4862
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/81821bf5-69e1-4005-b3eb-d541490909cc | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4933

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

CVE ID : CVE-2023-4933
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/882f6c36-44c6-4273-81cd-2eaaf5e81fa7 | source : contact@wpscan.com

Vulnerability : CWE-538


Vulnerability ID : CVE-2023-4950

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks

CVE ID : CVE-2023-4950
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/73db1ee8-06a2-41b6-b287-44e25f5f2e58 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4971

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.

CVE ID : CVE-2023-4971
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/421194e1-6c3f-4972-8f3c-de1b9d2bcb13 | source : contact@wpscan.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-5003

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

CVE ID : CVE-2023-5003
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748 | source : contact@wpscan.com

Vulnerability : CWE-538


Vulnerability ID : CVE-2023-5057

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks

CVE ID : CVE-2023-5057
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5087

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.

CVE ID : CVE-2023-5087
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3b45cc0b-7378-49f3-900e-d0e18cd4b878 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5089

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

CVE ID : CVE-2023-5089
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d | source : contact@wpscan.com
https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms | source : contact@wpscan.com

Vulnerability : CWE-209


Vulnerability ID : CVE-2023-5133

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

CVE ID : CVE-2023-5133
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/36c30e54-75e4-4df1-b01a-60c51c0e76a3 | source : contact@wpscan.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2023-5167

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.

CVE ID : CVE-2023-5167
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/78ea6fe0-5fac-4923-949c-023c85fe2437 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5177

First published on : 16-10-2023 20:15:17
Last modified on : 16-10-2023 20:15:17

Description :
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.

CVE ID : CVE-2023-5177
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/a67b9c21-a35a-4cdb-9627-a5932334e5f0 | source : contact@wpscan.com

Vulnerability : CWE-209


Vulnerability ID : CVE-2023-5561

First published on : 16-10-2023 20:15:18
Last modified on : 16-10-2023 20:15:18

Description :
The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE ID : CVE-2023-5561
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ | source : contact@wpscan.com
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 | source : contact@wpscan.com

Vulnerability : CWE-200


Source : rapid7.con

Vulnerability ID : CVE-2023-45685

First published on : 16-10-2023 17:15:09
Last modified on : 16-10-2023 18:33:43

Description :
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

CVE ID : CVE-2023-45685
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45686

First published on : 16-10-2023 17:15:10
Last modified on : 16-10-2023 18:33:43

Description :
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

CVE ID : CVE-2023-45686
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45687

First published on : 16-10-2023 17:15:10
Last modified on : 16-10-2023 18:33:43

Description :
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

CVE ID : CVE-2023-45687
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-384


Vulnerability ID : CVE-2023-45688

First published on : 16-10-2023 17:15:10
Last modified on : 16-10-2023 18:33:43

Description :
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

CVE ID : CVE-2023-45688
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45689

First published on : 16-10-2023 17:15:10
Last modified on : 16-10-2023 18:33:43

Description :
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

CVE ID : CVE-2023-45689
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45690

First published on : 16-10-2023 17:15:10
Last modified on : 16-10-2023 18:33:43

Description :
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem

CVE ID : CVE-2023-45690
Source : cve@rapid7.con
CVSS Score : /

References :
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 | source : cve@rapid7.con
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ | source : cve@rapid7.con

Vulnerability : CWE-276


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.