Latest vulnerabilities of Monday, October 30, 2023 + weekend

Latest vulnerabilities of Monday, October 30, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/30/2023 at 11:57:03 PM

(14) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : apache.org

Vulnerability ID : CVE-2023-46604

First published on : 27-10-2023 15:15:14
Last modified on : 29-10-2023 01:44:42

Description :
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.

CVE ID : CVE-2023-46604
Source : security@apache.org
CVSS Score : 10.0

References :
http://www.openwall.com/lists/oss-security/2023/10/27/5 | source : security@apache.org
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt | source : security@apache.org

Vulnerability : CWE-502


Source : wordfence.com

Vulnerability ID : CVE-2023-5199

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.

CVE ID : CVE-2023-5199
Source : security@wordfence.com
CVSS Score : 9.9

References :
https://plugins.trac.wordpress.org/browser/php-to-page/trunk/php-to-page.php?rev=441028#L22 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve | source : security@wordfence.com

Vulnerability : CWE-98


Vulnerability ID : CVE-2023-5820

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5820
Source : security@wordfence.com
CVSS Score : 9.6

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-5843

First published on : 30-10-2023 14:15:10
Last modified on : 30-10-2023 14:32:18

Description :
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.

CVE ID : CVE-2023-5843
Source : security@wordfence.com
CVSS Score : 9.0

References :
https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve | source : security@wordfence.com

Vulnerability : CWE-94


Source : fluidattacks.com

Vulnerability ID : CVE-2023-43738

First published on : 27-10-2023 03:15:07
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-43738
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44162

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44162
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44375

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44375
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44376

First published on : 27-10-2023 13:15:08
Last modified on : 29-10-2023 01:44:42

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44376
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44377

First published on : 27-10-2023 13:15:08
Last modified on : 29-10-2023 01:44:42

Description :
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44377
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ono | source : help@fluidattacks.com
https://https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44480

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44480
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/martin/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5807

First published on : 27-10-2023 13:15:08
Last modified on : 29-10-2023 01:44:42

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.

CVE ID : CVE-2023-5807
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0608 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Source : openeuler.org

Vulnerability ID : CVE-2021-33635

First published on : 29-10-2023 08:15:20
Last modified on : 30-10-2023 11:54:30

Description :
When malicious images are pulled by isula pull, attackers can execute arbitrary code.

CVE ID : CVE-2021-33635
Source : securities@openeuler.org
CVSS Score : 9.8

References :
https://gitee.com/src-openeuler/iSulad/pulls/600/files | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/627/files | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 | source : securities@openeuler.org

Vulnerability : CWE-665


Source : krcert.or.kr

Vulnerability ID : CVE-2023-45797

First published on : 30-10-2023 07:15:12
Last modified on : 30-10-2023 11:54:30

Description :
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.

CVE ID : CVE-2023-45797
Source : vuln@krcert.or.kr
CVSS Score : 9.8

References :
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020 | source : vuln@krcert.or.kr

Vulnerability : CWE-120


Source : huntr.dev

Vulnerability ID : CVE-2023-5832

First published on : 30-10-2023 13:15:31
Last modified on : 30-10-2023 14:01:39

Description :
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.

CVE ID : CVE-2023-5832
Source : security@huntr.dev
CVSS Score : 9.1

References :
https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e | source : security@huntr.dev
https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df | source : security@huntr.dev

Vulnerability : CWE-20


(39) HIGH VULNERABILITIES [7.0, 8.9]

Source : lenovo.com

Vulnerability ID : CVE-2022-34886

First published on : 27-10-2023 19:15:40
Last modified on : 29-10-2023 01:44:42

Description :
A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.

CVE ID : CVE-2022-34886
Source : psirt@lenovo.com
CVSS Score : 8.8

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2022-3701

First published on : 27-10-2023 20:15:08
Last modified on : 29-10-2023 01:44:42

Description :
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

CVE ID : CVE-2022-3701
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-3611

First published on : 27-10-2023 20:15:08
Last modified on : 29-10-2023 01:44:42

Description :
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

CVE ID : CVE-2022-3611
Source : psirt@lenovo.com
CVSS Score : 7.6

References :
https://iknow.lenovo.com.cn/detail/205280.html | source : psirt@lenovo.com

Vulnerability : CWE-200


Source : android.com

Vulnerability ID : CVE-2023-40129

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:14:25

Description :
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40129
Source : security@android.com
CVSS Score : 8.8

References :
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : CWE-787

Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40116

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:12:54

Description :
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40116
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40117

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:13:04

Description :
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40117
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945 | source : security@android.com
https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40120

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:13:13

Description :
In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40120
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40125

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:13:55

Description :
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40125
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40128

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:14:16

Description :
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40128
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : CWE-787

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40130

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:14:33

Description :
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40130
Source : security@android.com
CVSS Score : 7.8

References :
https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40131

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:14:41

Description :
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40131
Source : security@android.com
CVSS Score : 7.0

References :
https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : CWE-416

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Source : wordfence.com

Vulnerability ID : CVE-2023-5425

First published on : 28-10-2023 12:15:37
Last modified on : 29-10-2023 01:44:12

Description :
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.

CVE ID : CVE-2023-5425
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5315

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-5315
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/wp-gmappity-easy-google-maps/tags/0.6/wpgmappity-metadata.php#L127 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5583

First published on : 30-10-2023 14:15:10
Last modified on : 30-10-2023 14:32:18

Description :
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2023-5583
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve | source : security@wordfence.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-5426

First published on : 28-10-2023 12:15:38
Last modified on : 29-10-2023 01:44:12

Description :
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.

CVE ID : CVE-2023-5426
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Source : huntr.dev

Vulnerability ID : CVE-2023-5839

First published on : 29-10-2023 01:15:41
Last modified on : 29-10-2023 01:44:12

Description :
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.

CVE ID : CVE-2023-5839
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630 | source : security@huntr.dev
https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0 | source : security@huntr.dev

Vulnerability : CWE-268


Vulnerability ID : CVE-2023-5833

First published on : 30-10-2023 13:15:31
Last modified on : 30-10-2023 14:01:39

Description :
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.

CVE ID : CVE-2023-5833
Source : security@huntr.dev
CVSS Score : 8.1

References :
https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783 | source : security@huntr.dev
https://huntr.com/bounties/00ec6847-125b-43e9-9658-d3cace1751d6 | source : security@huntr.dev

Vulnerability : CWE-284


Source : openeuler.org

Vulnerability ID : CVE-2021-33636

First published on : 29-10-2023 08:15:20
Last modified on : 30-10-2023 11:54:30

Description :
When the isula load command is used to load malicious images, attackers can execute arbitrary code.

CVE ID : CVE-2021-33636
Source : securities@openeuler.org
CVSS Score : 8.4

References :
https://gitee.com/src-openeuler/iSulad/pulls/600/files | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/627/files | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 | source : securities@openeuler.org

Vulnerability : CWE-665


Vulnerability ID : CVE-2021-33637

First published on : 29-10-2023 08:15:20
Last modified on : 30-10-2023 11:54:30

Description :
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.

CVE ID : CVE-2021-33637
Source : securities@openeuler.org
CVSS Score : 8.4

References :
https://gitee.com/src-openeuler/iSulad/pulls/600/files | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/627/files | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 | source : securities@openeuler.org

Vulnerability : CWE-665


Vulnerability ID : CVE-2021-33638

First published on : 29-10-2023 08:15:20
Last modified on : 30-10-2023 11:54:30

Description :
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.

CVE ID : CVE-2021-33638
Source : securities@openeuler.org
CVSS Score : 8.4

References :
https://gitee.com/src-openeuler/iSulad/pulls/600/files | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/627/files | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 | source : securities@openeuler.org

Vulnerability : CWE-665


Source : krcert.or.kr

Vulnerability ID : CVE-2023-45798

First published on : 30-10-2023 07:15:12
Last modified on : 30-10-2023 11:54:30

Description :
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.

CVE ID : CVE-2023-45798
Source : vuln@krcert.or.kr
CVSS Score : 8.4

References :
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 | source : vuln@krcert.or.kr

Vulnerability : CWE-829


Vulnerability ID : CVE-2023-45799

First published on : 30-10-2023 07:15:12
Last modified on : 30-10-2023 11:54:30

Description :
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.

CVE ID : CVE-2023-45799
Source : vuln@krcert.or.kr
CVSS Score : 7.2

References :
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 | source : vuln@krcert.or.kr

Vulnerability : CWE-494


Source : citrix.com

Vulnerability ID : CVE-2023-4967

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CVE ID : CVE-2023-4967
Source : secure@citrix.com
CVSS Score : 8.2

References :
https://support.citrix.com/article/CTX579459/ | source : secure@citrix.com

Vulnerability : CWE-119


Source : opentext.com

Vulnerability ID : CVE-2023-4964

First published on : 30-10-2023 15:15:42
Last modified on : 30-10-2023 15:28:31

Description :
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.

CVE ID : CVE-2023-4964
Source : security@opentext.com
CVSS Score : 8.2

References :
https://portal.microfocus.com/s/article/KM000022703?language=en_US | source : security@opentext.com

Vulnerability : CWE-601


Source : rockwellautomation.com

Vulnerability ID : CVE-2023-46290

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

CVE ID : CVE-2023-46290
Source : PSIRT@rockwellautomation.com
CVSS Score : 8.1

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27854

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.

CVE ID : CVE-2023-27854
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.8

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-27858

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.

CVE ID : CVE-2023-27858
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.8

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-824


Vulnerability ID : CVE-2023-46289

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

CVE ID : CVE-2023-46289
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.5

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20


Source : vmware.com

Vulnerability ID : CVE-2023-34057

First published on : 27-10-2023 05:15:38
Last modified on : 27-10-2023 12:41:08

Description :
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

CVE ID : CVE-2023-34057
Source : security@vmware.com
CVSS Score : 7.8

References :
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34058

First published on : 27-10-2023 05:15:38
Last modified on : 27-10-2023 12:41:08

Description :
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVE ID : CVE-2023-34058
Source : security@vmware.com
CVSS Score : 7.5

References :
http://www.openwall.com/lists/oss-security/2023/10/27/1 | source : security@vmware.com
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34059

First published on : 27-10-2023 05:15:39
Last modified on : 27-10-2023 12:41:08

Description :
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

CVE ID : CVE-2023-34059
Source : security@vmware.com
CVSS Score : 7.4

References :
http://www.openwall.com/lists/oss-security/2023/10/27/2 | source : security@vmware.com
http://www.openwall.com/lists/oss-security/2023/10/27/3 | source : security@vmware.com
https://www.vmware.com/security/advisories/VMSA-2023-0024.html | source : security@vmware.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5570

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.

CVE ID : CVE-2023-5570
Source : cve@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0609 | source : cve@usom.gov.tr

Vulnerability : CWE-1320


Vulnerability ID : CVE-2023-5443

First published on : 27-10-2023 14:15:08
Last modified on : 29-10-2023 01:44:42

Description :
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.

CVE ID : CVE-2023-5443
Source : cve@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0610 | source : cve@usom.gov.tr

Vulnerability : CWE-1320


Source : us.ibm.com

Vulnerability ID : CVE-2023-40685

First published on : 29-10-2023 02:15:07
Last modified on : 30-10-2023 11:54:30

Description :
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.

CVE ID : CVE-2023-40685
Source : psirt@us.ibm.com
CVSS Score : 7.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/264116 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7060686 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Source : vuldb.com

Vulnerability ID : CVE-2023-5828

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.

CVE ID : CVE-2023-5828
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc | source : cna@vuldb.com
https://vuldb.com/?ctiid.243727 | source : cna@vuldb.com
https://vuldb.com/?id.243727 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5830

First published on : 27-10-2023 21:15:10
Last modified on : 29-10-2023 01:44:22

Description :
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.

CVE ID : CVE-2023-5830
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://vuldb.com/?ctiid.243729 | source : cna@vuldb.com
https://vuldb.com/?id.243729 | source : cna@vuldb.com

Vulnerability : CWE-287


Source : patchstack.com

Vulnerability ID : CVE-2023-46153

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.

CVE ID : CVE-2023-46153
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46208

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.

CVE ID : CVE-2023-46208
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46209

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.

CVE ID : CVE-2023-46209
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(64) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : lenovo.com

Vulnerability ID : CVE-2022-48189

First published on : 30-10-2023 15:15:39
Last modified on : 30-10-2023 15:28:31

Description :
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE ID : CVE-2022-48189
Source : psirt@lenovo.com
CVSS Score : 6.7

References :
https://support.lenovo.com/us/en/product_security/LEN-106014 | source : psirt@lenovo.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-4573

First published on : 30-10-2023 15:15:39
Last modified on : 30-10-2023 15:28:31

Description :
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE ID : CVE-2022-4573
Source : psirt@lenovo.com
CVSS Score : 6.7

References :
https://support.lenovo.com/us/en/product_security/LEN-106014 | source : psirt@lenovo.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-4574

First published on : 30-10-2023 15:15:40
Last modified on : 30-10-2023 15:28:31

Description :
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE ID : CVE-2022-4574
Source : psirt@lenovo.com
CVSS Score : 6.7

References :
https://support.lenovo.com/us/en/product_security/LEN-106014 | source : psirt@lenovo.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-4575

First published on : 30-10-2023 15:15:40
Last modified on : 30-10-2023 15:28:31

Description :
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

CVE ID : CVE-2022-4575
Source : psirt@lenovo.com
CVSS Score : 6.7

References :
https://support.lenovo.com/us/en/product_security/LEN-106014 | source : psirt@lenovo.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2022-3429

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

CVE ID : CVE-2022-3429
Source : psirt@lenovo.com
CVSS Score : 6.5

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2022-3681

First published on : 27-10-2023 20:15:08
Last modified on : 29-10-2023 01:44:42

Description :
A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.

CVE ID : CVE-2022-3681
Source : psirt@lenovo.com
CVSS Score : 6.5

References :
https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523 | source : psirt@lenovo.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2022-3700

First published on : 27-10-2023 20:15:08
Last modified on : 29-10-2023 01:44:42

Description :
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

CVE ID : CVE-2022-3700
Source : psirt@lenovo.com
CVSS Score : 6.1

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-3702

First published on : 27-10-2023 20:15:08
Last modified on : 29-10-2023 01:44:42

Description :
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.

CVE ID : CVE-2022-3702
Source : psirt@lenovo.com
CVSS Score : 6.1

References :
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2022-34887

First published on : 27-10-2023 19:15:40
Last modified on : 29-10-2023 01:44:42

Description :
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

CVE ID : CVE-2022-34887
Source : psirt@lenovo.com
CVSS Score : 4.3

References :
https://iknow.lenovo.com.cn/detail/205041.html | source : psirt@lenovo.com

Vulnerability : CWE-287


Source : patchstack.com

Vulnerability ID : CVE-2023-46211

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.

CVE ID : CVE-2023-46211
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46091

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

CVE ID : CVE-2023-46091
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46093

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions.

CVE ID : CVE-2023-46093
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46192

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.

CVE ID : CVE-2023-46192
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/internal-link-building-plugin/wordpress-internal-link-building-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46199

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions.

CVE ID : CVE-2023-46199
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32738

First published on : 27-10-2023 21:15:08
Last modified on : 29-10-2023 01:44:42

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.

CVE ID : CVE-2023-32738
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/eonet-manual-user-approve/wordpress-eonet-manual-user-approve-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46200

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.

CVE ID : CVE-2023-46200
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-3-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46194

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions.

CVE ID : CVE-2023-46194
Source : audit@patchstack.com
CVSS Score : 5.8

References :
https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-43041

First published on : 29-10-2023 01:15:41
Last modified on : 29-10-2023 01:44:12

Description :
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

CVE ID : CVE-2023-43041
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266808 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7060803 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-40686

First published on : 29-10-2023 01:15:40
Last modified on : 29-10-2023 01:44:12

Description :
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.

CVE ID : CVE-2023-40686
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/264114 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7060686 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Source : huntr.dev

Vulnerability ID : CVE-2023-5840

First published on : 29-10-2023 01:15:41
Last modified on : 29-10-2023 01:44:12

Description :
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.

CVE ID : CVE-2023-5840
Source : security@huntr.dev
CVSS Score : 6.5

References :
https://github.com/linkstackorg/linkstack/commit/fe7b99eae88f9e4c4cd4b00bab372cbf4b584b16 | source : security@huntr.dev
https://huntr.com/bounties/8042d8c3-650e-4c0d-9146-d9ccf6082b30 | source : security@huntr.dev

Vulnerability : CWE-640


Vulnerability ID : CVE-2023-5842

First published on : 30-10-2023 01:15:22
Last modified on : 30-10-2023 11:54:30

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.

CVE ID : CVE-2023-5842
Source : security@huntr.dev
CVSS Score : 4.8

References :
https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c | source : security@huntr.dev
https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5844

First published on : 30-10-2023 11:15:39
Last modified on : 30-10-2023 11:54:30

Description :
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CVE ID : CVE-2023-5844
Source : security@huntr.dev
CVSS Score : 4.3

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea | source : security@huntr.dev
https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021 | source : security@huntr.dev

Vulnerability : CWE-620


Vulnerability ID : CVE-2023-5838

First published on : 29-10-2023 01:15:41
Last modified on : 29-10-2023 01:44:12

Description :
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.

CVE ID : CVE-2023-5838
Source : security@huntr.dev
CVSS Score : 4.1

References :
https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05 | source : security@huntr.dev
https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03 | source : security@huntr.dev

Vulnerability : CWE-613


Source : wordfence.com

Vulnerability ID : CVE-2023-5051

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5051
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php#L174 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5774

First published on : 27-10-2023 11:15:13
Last modified on : 27-10-2023 12:41:08

Description :
The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5774
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2984228/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5817

First published on : 27-10-2023 11:15:13
Last modified on : 27-10-2023 12:41:08

Description :
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5817
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://drive.google.com/file/d/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3/view?usp=sharing | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984188%40neon-text&new=2984188%40neon-text&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5705

First published on : 27-10-2023 12:15:08
Last modified on : 27-10-2023 12:41:08

Description :
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5705
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/vk-filter-search/tags/2.3.1/inc/filter-search/package/class-vk-filter-search-shortcode.php#L40 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2983339/vk-filter-search#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5049

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5049
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.11.4/app/rafflepress.php#L796 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.11.4/app/rafflepress.php#L955 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2976620/rafflepress#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d663a9-3185-4c36-b9d1-878297965379?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5164

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5164
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/bellows-accordion-menu/tags/1.4.2/includes/bellows.api.php#L5 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/bellows-accordion-menu/tags/1.4.2/includes/functions.php#L12 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/50283a4f-ea59-488a-bab0-dd6bc5718556?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5250

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.

CVE ID : CVE-2023-5250
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/grid.plus.base.class.php#L19 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec?source=cve | source : security@wordfence.com

Vulnerability : CWE-98


Vulnerability ID : CVE-2023-5252

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5252
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/fareharbor/tags/3.6.7/fareharbor.php#L287 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5335

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5335
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/buzzsprout-podcasting/tags/1.8.3/buzzsprout-podcasting.php#L271 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5362

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5362
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/1.9/include/view/shortcode.php#L102 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/2.0.1/include/view/shortcode.php?rev=2981648#L102 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2981654/spice-post-slider | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5565

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5565
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/shortcode-menu/tags/3.2/shortcode-menu.php#L183 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5566

First published on : 30-10-2023 14:15:10
Last modified on : 30-10-2023 14:32:18

Description :
The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5566
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L257 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L292 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/smpl-shortcodes/tags/1.0.20/includes/shortcodes.php#L386 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5666

First published on : 30-10-2023 14:15:10
Last modified on : 30-10-2023 14:32:18

Description :
The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5666
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/accordions-wp/trunk/theme/custom-wp-accordion-themes.php?rev=2406278#L24 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2982015/accordions-wp#file370 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5251

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:32:18

Description :
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.

CVE ID : CVE-2023-5251
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L10 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L69 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5821

First published on : 27-10-2023 12:15:09
Last modified on : 27-10-2023 12:41:08

Description :
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5821
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/1263536/wp-responsive-slider-with-lightbox/trunk/wp-responsive-slider-with-lightbox.php | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-thumbnail-slider | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2023-5813

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.

CVE ID : CVE-2023-5813
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.243644 | source : cna@vuldb.com
https://vuldb.com/?id.243644 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5814

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.

CVE ID : CVE-2023-5814
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.243645 | source : cna@vuldb.com
https://vuldb.com/?id.243645 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5829

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.

CVE ID : CVE-2023-5829
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/lxxcute/Bug/blob/main/Admission%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243728 | source : cna@vuldb.com
https://vuldb.com/?id.243728 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5836

First published on : 28-10-2023 22:15:08
Last modified on : 29-10-2023 01:44:12

Description :
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.

CVE ID : CVE-2023-5836
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.243800 | source : cna@vuldb.com
https://vuldb.com/?id.243800 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2007-10003

First published on : 29-10-2023 18:15:38
Last modified on : 30-10-2023 11:54:30

Description :
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.

CVE ID : CVE-2007-10003
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/wp-plugins/the-hackers-diet/commit/7dd8acf7cd8442609840037121074425d363b694 | source : cna@vuldb.com
https://github.com/wp-plugins/the-hackers-diet/releases/tag/0.9.7b | source : cna@vuldb.com
https://vuldb.com/?ctiid.243803 | source : cna@vuldb.com
https://vuldb.com/?id.243803 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5826

First published on : 27-10-2023 18:15:22
Last modified on : 29-10-2023 01:44:42

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVE ID : CVE-2023-5826
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Cubi123123123/cve/blob/main/NS-ASG-sql-list_onlineuser.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243716 | source : cna@vuldb.com
https://vuldb.com/?id.243716 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5827

First published on : 27-10-2023 18:15:22
Last modified on : 29-10-2023 01:44:42

Description :
A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability.

CVE ID : CVE-2023-5827
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Ox1dq/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243717 | source : cna@vuldb.com
https://vuldb.com/?id.243717 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2005-10002

First published on : 29-10-2023 15:15:42
Last modified on : 30-10-2023 11:54:30

Description :
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.

CVE ID : CVE-2005-10002
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/wp-plugins/secure-files/commit/cab025e5fc2bcdad8032d833ebc38e6bd2a13c92 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243804 | source : cna@vuldb.com
https://vuldb.com/?id.243804 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-5812

First published on : 27-10-2023 02:15:07
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.

CVE ID : CVE-2023-5812
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/flusity/flusity-CMS/issues/4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243643 | source : cna@vuldb.com
https://vuldb.com/?id.243643 | source : cna@vuldb.com

Vulnerability : CWE-434


Source : openeuler.org

Vulnerability ID : CVE-2021-33634

First published on : 29-10-2023 08:15:20
Last modified on : 30-10-2023 11:54:30

Description :
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.

CVE ID : CVE-2021-33634
Source : securities@openeuler.org
CVSS Score : 6.3

References :
https://gitee.com/src-openeuler/lcr/pulls/251/files | source : securities@openeuler.org
https://gitee.com/src-openeuler/lcr/pulls/257/files | source : securities@openeuler.org
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1692 | source : securities@openeuler.org

Vulnerability : CWE-665


Source : github.com

Vulnerability ID : CVE-2023-29009

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

CVE ID : CVE-2023-29009
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://basercms.net/security/JVN_45547161 | source : security-advisories@github.com
https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0 | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43647

First published on : 30-10-2023 19:15:08
Last modified on : 30-10-2023 19:15:08

Description :
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVE ID : CVE-2023-43647
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://basercms.net/security/JVN_24381990 | source : security-advisories@github.com
https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-42803

First published on : 30-10-2023 19:15:07
Last modified on : 30-10-2023 19:15:07

Description :
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.

CVE ID : CVE-2023-42803
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/bigbluebutton/bigbluebutton/pull/15990 | source : security-advisories@github.com
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-w98f-6x8w-xhjc | source : security-advisories@github.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-43792

First published on : 30-10-2023 21:15:07
Last modified on : 30-10-2023 21:15:07

Description :
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.

CVE ID : CVE-2023-43792
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://basercms.net/security/JVN_45547161 | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6 | source : security-advisories@github.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-43648

First published on : 30-10-2023 19:15:08
Last modified on : 30-10-2023 19:15:08

Description :
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVE ID : CVE-2023-43648
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://basercms.net/security/JVN_81174674 | source : security-advisories@github.com
https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55 | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-43649

First published on : 30-10-2023 19:15:08
Last modified on : 30-10-2023 19:15:08

Description :
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVE ID : CVE-2023-43649
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://basercms.net/security/JVN_99052047 | source : security-advisories@github.com
https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6 | source : security-advisories@github.com
https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5 | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46246

First published on : 27-10-2023 19:15:41
Last modified on : 29-10-2023 01:44:42

Description :
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

CVE ID : CVE-2023-46246
Source : security-advisories@github.com
CVSS Score : 4.0

References :
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a | source : security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm | source : security-advisories@github.com

Vulnerability : CWE-190
Vulnerability : CWE-416


Source : sap.com

Vulnerability ID : CVE-2023-36920

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

CVE ID : CVE-2023-36920
Source : cna@sap.com
CVSS Score : 6.1

References :
https://launchpad.support.sap.com/#/notes/3326769 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-1021


Source : liggitt.net

Vulnerability ID : CVE-2021-25736

First published on : 30-10-2023 03:15:07
Last modified on : 30-10-2023 11:54:30

Description :
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

CVE ID : CVE-2021-25736
Source : jordan@liggitt.net
CVSS Score : 5.8

References :
https://github.com/kubernetes/kubernetes/pull/99958 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ | source : jordan@liggitt.net


Source : android.com

Vulnerability ID : CVE-2023-40121

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:13:34

Description :
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40121
Source : security@android.com
CVSS Score : 5.5

References :
https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : CWE-502

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40123

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:13:46

Description :
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40123
Source : security@android.com
CVSS Score : 5.5

References :
https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40133

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:14:49

Description :
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40133
Source : security@android.com
CVSS Score : 5.5

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Source : adobe.com

Vulnerability ID : CVE-2023-44323

First published on : 30-10-2023 15:15:40
Last modified on : 30-10-2023 15:28:31

Description :
Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44323
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323 | source : psirt@adobe.com

Vulnerability : CWE-416


Source : mitre.org

Vulnerability ID : CVE-2023-46854

First published on : 28-10-2023 22:15:08
Last modified on : 29-10-2023 01:44:12

Description :
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.

CVE ID : CVE-2023-46854
Source : cve@mitre.org
CVSS Score : 5.4

References :
https://git.proxmox.com/?p=proxmox-widget-toolkit.git;a=commit;h=1326f771b959e576d140da2249c8b5424da6c80d | source : cve@mitre.org
https://git.proxmox.com/?p=proxmox-widget-toolkit.git;a=commit;h=89699c6466cfd9cc3a81fbc926b62f122c33c23c | source : cve@mitre.org
https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo | source : cve@mitre.org


Source : themissinglink.com.au

Vulnerability ID : CVE-2023-4393

First published on : 30-10-2023 00:15:39
Last modified on : 30-10-2023 11:54:30

Description :
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

CVE ID : CVE-2023-4393
Source : vdp@themissinglink.com.au
CVSS Score : 5.4

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-4393 | source : vdp@themissinglink.com.au

Vulnerability : CWE-20
Vulnerability : CWE-74


Source : redhat.com

Vulnerability ID : CVE-2023-5349

First published on : 30-10-2023 21:15:07
Last modified on : 30-10-2023 21:15:07

Description :
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

CVE ID : CVE-2023-5349
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-5349 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247064 | source : secalert@redhat.com
https://github.com/rmagick/rmagick/issues/1401 | source : secalert@redhat.com
https://github.com/rmagick/rmagick/pull/1406 | source : secalert@redhat.com


(14) LOW VULNERABILITIES [0.1, 3.9]

Source : hashicorp.com

Vulnerability ID : CVE-2023-5834

First published on : 27-10-2023 22:15:09
Last modified on : 29-10-2023 01:44:22

Description :
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

CVE ID : CVE-2023-5834
Source : security@hashicorp.com
CVSS Score : 3.8

References :
https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568 | source : security@hashicorp.com

Vulnerability : CWE-1386


Source : vuldb.com

Vulnerability ID : CVE-2023-5835

First published on : 28-10-2023 14:15:10
Last modified on : 29-10-2023 01:44:12

Description :
A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775.

CVE ID : CVE-2023-5835
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/hu60t/hu60wap6/commit/a1cd9f12d7687243bfcb7ce295665acb83b9174e | source : cna@vuldb.com
https://vuldb.com/?ctiid.243775 | source : cna@vuldb.com
https://vuldb.com/?id.243775 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5837

First published on : 28-10-2023 22:15:08
Last modified on : 29-10-2023 01:44:12

Description :
A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5837
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/AlexanderLivanov/FotosCMS2/issues/18 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243802 | source : cna@vuldb.com
https://vuldb.com/?id.243802 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5810

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.

CVE ID : CVE-2023-5810
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 | source : cna@vuldb.com
https://github.com/flusity/flusity-CMS/issues/2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243641 | source : cna@vuldb.com
https://vuldb.com/?id.243641 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5811

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5811
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 | source : cna@vuldb.com
https://github.com/flusity/flusity-CMS/issues/3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.243642 | source : cna@vuldb.com
https://vuldb.com/?id.243642 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-41891

First published on : 30-10-2023 19:15:07
Last modified on : 30-10-2023 19:15:07

Description :
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.

CVE ID : CVE-2023-41891
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/flyteorg/flyteadmin/commit/b3177ef70f068e908140b8a4a9913dfa74f289fd | source : security-advisories@github.com
https://github.com/flyteorg/flyteadmin/security/advisories/GHSA-r847-6w6h-r8g4 | source : security-advisories@github.com
https://owasp.org/www-community/attacks/SQL_Injection# | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-42804

First published on : 30-10-2023 19:15:08
Last modified on : 30-10-2023 19:15:08

Description :
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.

CVE ID : CVE-2023-42804
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/bigbluebutton/bigbluebutton/pull/15960 | source : security-advisories@github.com
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3qjg-229m-vq84 | source : security-advisories@github.com

Vulnerability : CWE-22


Source : android.com

Vulnerability ID : CVE-2023-40127

First published on : 27-10-2023 21:15:08
Last modified on : 30-10-2023 17:18:28

Description :
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40127
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40134

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:18:42

Description :
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40134
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40135

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:19:07

Description :
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40135
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40136

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:15:40

Description :
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40136
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40137

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:15:50

Description :
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40137
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40138

First published on : 27-10-2023 21:15:09
Last modified on : 30-10-2023 17:16:08

Description :
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40138
Source : security@android.com
CVSS Score : 3.3

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*


Source : bluespice.com

Vulnerability ID : CVE-2023-42431

First published on : 30-10-2023 11:15:39
Last modified on : 30-10-2023 11:54:30

Description :
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.

CVE ID : CVE-2023-42431
Source : security@bluespice.com
CVSS Score : 2.1

References :
https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2023-02 | source : security@bluespice.com

Vulnerability : CWE-20


(168) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-42188

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-42188
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Thecosy/IceCMS/issues/17 | source : cve@mitre.org
https://topdayplus.github.io/2023/10/27/CVE-deatail/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46374

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).

CVE ID : CVE-2023-46374
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee | source : cve@mitre.org


Vulnerability ID : CVE-2023-46491

First published on : 27-10-2023 00:15:09
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.

CVE ID : CVE-2023-46491
Source : cve@mitre.org
CVSS Score : /

References :
https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46375

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-46375
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46376

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.

CVE ID : CVE-2023-46376
Source : cve@mitre.org
CVSS Score : /

References :
https://narrow-payment-2cd.notion.site/zentao-8-7-has-information-disclosure-vulnerability-CVE-2023-46376-537fae3936b84af583b51b74e6010dd7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46505

First published on : 27-10-2023 01:15:32
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.

CVE ID : CVE-2023-46505
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/FanCMS/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46813

First published on : 27-10-2023 03:15:08
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

CVE ID : CVE-2023-46813
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1212649 | source : cve@mitre.org
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-45498

First published on : 27-10-2023 04:15:10
Last modified on : 30-10-2023 15:15:41

Description :
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.

CVE ID : CVE-2023-45498
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html | source : cve@mitre.org
http://seclists.org/fulldisclosure/2023/Oct/31 | source : cve@mitre.org
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45499

First published on : 27-10-2023 04:15:10
Last modified on : 30-10-2023 15:15:41

Description :
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.

CVE ID : CVE-2023-45499
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html | source : cve@mitre.org
http://seclists.org/fulldisclosure/2023/Oct/31 | source : cve@mitre.org
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46503

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.

CVE ID : CVE-2023-46503
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/YXBOOKCMS/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46504

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.

CVE ID : CVE-2023-46504
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/YXBOOKCMS/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46815

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

CVE ID : CVE-2023-46815
Source : cve@mitre.org
CVSS Score : /

References :
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46816

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.

CVE ID : CVE-2023-46816
Source : cve@mitre.org
CVSS Score : /

References :
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-010/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46818

First published on : 27-10-2023 04:15:10
Last modified on : 27-10-2023 12:41:08

Description :
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

CVE ID : CVE-2023-46818
Source : cve@mitre.org
CVSS Score : /

References :
https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46393

First published on : 27-10-2023 14:15:08
Last modified on : 29-10-2023 01:44:42

Description :
gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.

CVE ID : CVE-2023-46393
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/gouguopen/gougucms/issues/I88TKH | source : cve@mitre.org


Vulnerability ID : CVE-2023-46394

First published on : 27-10-2023 14:15:08
Last modified on : 29-10-2023 01:44:42

Description :
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.

CVE ID : CVE-2023-46394
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/gouguopen/gougucms/issues/I88TC0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46407

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

CVE ID : CVE-2023-46407
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 | source : cve@mitre.org
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen@gmail.com/ | source : cve@mitre.org
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen@gmail.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46852

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

CVE ID : CVE-2023-46852
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 | source : cve@mitre.org
https://github.com/memcached/memcached/compare/1.6.21...1.6.22 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46853

First published on : 27-10-2023 20:15:09
Last modified on : 29-10-2023 01:44:42

Description :
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

CVE ID : CVE-2023-46853
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa | source : cve@mitre.org
https://github.com/memcached/memcached/compare/1.6.21...1.6.22 | source : cve@mitre.org


Vulnerability ID : CVE-2022-34832

First published on : 27-10-2023 21:15:08
Last modified on : 29-10-2023 01:44:42

Description :
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.

CVE ID : CVE-2022-34832
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/xxe-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-34833

First published on : 27-10-2023 21:15:08
Last modified on : 29-10-2023 01:44:42

Description :
An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.

CVE ID : CVE-2022-34833
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/1-stored-xss-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-34834

First published on : 27-10-2023 21:15:08
Last modified on : 29-10-2023 01:44:42

Description :
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

CVE ID : CVE-2022-34834
Source : cve@mitre.org
CVSS Score : /

References :
https://crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg | source : cve@mitre.org
https://www.vermeg.com/agile-reporter/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-35794

First published on : 27-10-2023 21:15:08
Last modified on : 29-10-2023 01:44:42

Description :
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.

CVE ID : CVE-2023-35794
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking | source : cve@mitre.org
https://www.cassianetworks.com/products/iot-access-controller/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46509

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.

CVE ID : CVE-2023-46509
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46510

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.

CVE ID : CVE-2023-46510
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ATonysan/58ace23d539981441bca16ce0f7585e2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46490

First published on : 27-10-2023 22:15:09
Last modified on : 29-10-2023 01:44:22

Description :
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

CVE ID : CVE-2023-46490
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53 | source : cve@mitre.org
https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c | source : cve@mitre.org


Vulnerability ID : CVE-2023-46587

First published on : 27-10-2023 23:15:07
Last modified on : 29-10-2023 01:44:12

Description :
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.

CVE ID : CVE-2023-46587
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43322

First published on : 28-10-2023 01:15:51
Last modified on : 29-10-2023 01:44:12

Description :
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.

CVE ID : CVE-2023-43322
Source : cve@mitre.org
CVSS Score : /

References :
https://psirt.zpesystems.com/portal/en/kb/articles/security-advisory-zpe-ng-2023-001-12-10-2023 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46467

First published on : 28-10-2023 01:15:51
Last modified on : 29-10-2023 01:44:12

Description :
Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.

CVE ID : CVE-2023-46467
Source : cve@mitre.org
CVSS Score : /

References :
https://www.sumor.top/index.php/archives/872/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46468

First published on : 28-10-2023 01:15:51
Last modified on : 29-10-2023 01:44:12

Description :
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.

CVE ID : CVE-2023-46468
Source : cve@mitre.org
CVSS Score : /

References :
https://www.sumor.top/index.php/archives/875/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46569

First published on : 28-10-2023 02:15:07
Last modified on : 29-10-2023 01:44:12

Description :
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.

CVE ID : CVE-2023-46569
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8 | source : cve@mitre.org
https://github.com/radareorg/radare2/issues/22334 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46570

First published on : 28-10-2023 02:15:07
Last modified on : 29-10-2023 01:44:12

Description :
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

CVE ID : CVE-2023-46570
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6 | source : cve@mitre.org
https://github.com/radareorg/radare2/issues/22333 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45897

First published on : 28-10-2023 21:15:07
Last modified on : 29-10-2023 01:44:12

Description :
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.

CVE ID : CVE-2023-45897
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 | source : cve@mitre.org
https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae | source : cve@mitre.org
https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf | source : cve@mitre.org
https://github.com/exfatprogs/exfatprogs/releases/tag/1.2.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46858

First published on : 29-10-2023 01:15:41
Last modified on : 29-10-2023 01:44:12

Description :
** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

CVE ID : CVE-2023-46858
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle | source : cve@mitre.org
https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd | source : cve@mitre.org


Vulnerability ID : CVE-2023-46862

First published on : 29-10-2023 04:15:11
Last modified on : 30-10-2023 11:54:30

Description :
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

CVE ID : CVE-2023-46862
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46 | source : cve@mitre.org


Vulnerability ID : CVE-2023-44002

First published on : 30-10-2023 00:15:39
Last modified on : 30-10-2023 00:15:39

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-44002
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-46863

First published on : 30-10-2023 00:15:39
Last modified on : 30-10-2023 11:54:30

Description :
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.

CVE ID : CVE-2023-46863
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Peppermint-Lab/peppermint/issues/108 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46864

First published on : 30-10-2023 00:15:39
Last modified on : 30-10-2023 11:54:30

Description :
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.

CVE ID : CVE-2023-46864
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Peppermint-Lab/peppermint/issues/171 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46865

First published on : 30-10-2023 01:15:21
Last modified on : 30-10-2023 11:54:30

Description :
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

CVE ID : CVE-2023-46865
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/crater-invoice/crater/issues/1267 | source : cve@mitre.org
https://github.com/crater-invoice/crater/pull/1271 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46866

First published on : 30-10-2023 03:15:07
Last modified on : 30-10-2023 11:54:30

Description :
In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.

CVE ID : CVE-2023-46866
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 | source : cve@mitre.org
https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46867

First published on : 30-10-2023 03:15:07
Last modified on : 30-10-2023 11:54:30

Description :
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.

CVE ID : CVE-2023-46867
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 | source : cve@mitre.org
https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 | source : cve@mitre.org


Vulnerability ID : CVE-2018-11103

First published on : 30-10-2023 14:15:08
Last modified on : 30-10-2023 14:15:08

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2018-11103
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2020-25870

First published on : 30-10-2023 14:15:08
Last modified on : 30-10-2023 14:15:08

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2020-25870
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-40943

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:15:09

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-40943
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-41605

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:15:09

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-41605
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-44078

First published on : 30-10-2023 14:15:09
Last modified on : 30-10-2023 14:15:09

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-44078
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-47090

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 21:15:07

Description :
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

CVE ID : CVE-2023-47090
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/30/1 | source : cve@mitre.org
https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/10/13/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47101

First published on : 30-10-2023 18:15:10
Last modified on : 30-10-2023 18:21:38

Description :
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.

CVE ID : CVE-2023-47101
Source : cve@mitre.org
CVSS Score : /

References :
https://cyvisory.group/advisory/CYADV-2023-012 | source : cve@mitre.org
https://sourceforge.net/p/securepoint/news/2023/08/2040-is-now-available/ | source : cve@mitre.org


Vulnerability ID : CVE-2020-36767

First published on : 30-10-2023 19:15:07
Last modified on : 30-10-2023 19:15:07

Description :
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.

CVE ID : CVE-2020-36767
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/servo/servo/issues/25498#issuecomment-703527082 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47104

First published on : 30-10-2023 19:15:08
Last modified on : 30-10-2023 19:15:08

Description :
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.

CVE ID : CVE-2023-47104
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/servo/servo/issues/25498#issuecomment-703527082 | source : cve@mitre.org
https://sourceforge.net/p/tinyfiledialogs/code/ci/ac9f9f6d8cdf45ca8d9b4cf1f201ee472301e114/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-39172

First published on : 30-10-2023 22:15:09
Last modified on : 30-10-2023 22:15:09

Description :
A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process.

CVE ID : CVE-2022-39172
Source : cve@mitre.org
CVSS Score : /

References :
https://sec-consult.com/vulnerability-lab/advisory/stored-cross-site-scripting-in-mb-support-broker-management-solution-openviva-c2/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-42323

First published on : 30-10-2023 22:15:10
Last modified on : 30-10-2023 22:15:10

Description :
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.

CVE ID : CVE-2023-42323
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mnbvcxz131421/douhaocms/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45956

First published on : 30-10-2023 22:15:10
Last modified on : 30-10-2023 22:15:10

Description :
An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.

CVE ID : CVE-2023-45956
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Govee%20LED%20Strip%20Vulnerability%20Report.pdf | source : cve@mitre.org


Source : sonicwall.com

Vulnerability ID : CVE-2023-44219

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.

CVE ID : CVE-2023-44219
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016 | source : PSIRT@sonicwall.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-44220

First published on : 27-10-2023 08:15:31
Last modified on : 27-10-2023 12:41:08

Description :
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

CVE ID : CVE-2023-44220
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 | source : PSIRT@sonicwall.com

Vulnerability : CWE-427


Source : android.com

Vulnerability ID : CVE-2023-40139

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40139
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40140

First published on : 27-10-2023 21:15:09
Last modified on : 29-10-2023 01:44:22

Description :
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40140
Source : security@android.com
CVSS Score : /

References :
https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243 | source : security@android.com
https://source.android.com/security/bulletin/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2021-39810

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2021-39810
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2022-20264

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2022-20264
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21293

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21293
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21294

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21294
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21295

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21295
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21296

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-21296
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21297

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21297
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21298

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21298
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21299

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21299
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21300

First published on : 30-10-2023 17:15:47
Last modified on : 30-10-2023 17:20:42

Description :
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21300
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21301

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21301
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21302

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21302
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21303

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21303
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21304

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21304
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21305

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21305
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21306

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21306
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21307

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-21307
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21308

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21308
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21309

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21309
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21310

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21310
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21311

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21311
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21312

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21312
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21313

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21313
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21314

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21314
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21315

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21315
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21316

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21316
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21317

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21317
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21318

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21318
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21319

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21319
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21320

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21320
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21321

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21321
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21323

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21323
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21324

First published on : 30-10-2023 17:15:48
Last modified on : 30-10-2023 17:20:42

Description :
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21324
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21325

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21325
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21326

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21326
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21327

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21327
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21328

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21328
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21329

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21329
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21330

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21330
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21331

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21331
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21332

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21332
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21333

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21333
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21334

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21334
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21335

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21335
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21336

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21336
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21337

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21337
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21338

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21338
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21339

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21339
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21340

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21340
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21341

First published on : 30-10-2023 17:15:49
Last modified on : 30-10-2023 17:20:42

Description :
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21341
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21342

First published on : 30-10-2023 17:15:50
Last modified on : 30-10-2023 17:20:42

Description :
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21342
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21343

First published on : 30-10-2023 17:15:50
Last modified on : 30-10-2023 17:20:42

Description :
In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21343
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21344

First published on : 30-10-2023 17:15:50
Last modified on : 30-10-2023 17:20:42

Description :
In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21344
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21345

First published on : 30-10-2023 17:15:50
Last modified on : 30-10-2023 17:20:42

Description :
In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21345
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21346

First published on : 30-10-2023 17:15:50
Last modified on : 30-10-2023 17:20:42

Description :
In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21346
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21347

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21347
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21348

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21348
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21349

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21349
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21350

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21350
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21351

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21351
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21352

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21352
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21353

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21353
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21354

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21354
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21355

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21355
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21356

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21356
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21357

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21357
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21358

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21358
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21359

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21359
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21360

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21360
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21361

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21361
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21362

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21362
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21364

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21364
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21365

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21365
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21366

First published on : 30-10-2023 17:15:51
Last modified on : 30-10-2023 17:20:42

Description :
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21366
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21367

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21367
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21368

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21368
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21369

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-21369
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21370

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21370
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21371

First published on : 30-10-2023 17:15:52
Last modified on : 30-10-2023 17:20:42

Description :
In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21371
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21372

First published on : 30-10-2023 18:15:08
Last modified on : 30-10-2023 18:21:38

Description :
In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21372
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21373

First published on : 30-10-2023 18:15:08
Last modified on : 30-10-2023 18:21:38

Description :
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21373
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21374

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21374
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21375

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21375
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21376

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21376
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21377

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21377
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21378

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21378
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21379

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21379
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21380

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21380
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21381

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21381
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21382

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21382
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21383

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-21383
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21384

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21384
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21385

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21385
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21387

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21387
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21388

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21388
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21389

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21389
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21390

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21390
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21391

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21391
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21392

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21392
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21393

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21393
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21394

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21394
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21395

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21395
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21396

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21396
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21397

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21397
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-21398

First published on : 30-10-2023 18:15:09
Last modified on : 30-10-2023 18:21:38

Description :
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-21398
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-40101

First published on : 30-10-2023 18:15:10
Last modified on : 30-10-2023 18:21:38

Description :
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40101
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Vulnerability ID : CVE-2023-45780

First published on : 30-10-2023 18:15:10
Last modified on : 30-10-2023 18:21:38

Description :
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE ID : CVE-2023-45780
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/android-14 | source : security@android.com


Source : apache.org

Vulnerability ID : CVE-2023-46215

First published on : 28-10-2023 08:15:07
Last modified on : 29-10-2023 01:44:12

Description :
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

CVE ID : CVE-2023-46215
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/28/1 | source : security@apache.org
https://github.com/apache/airflow/pull/34954 | source : security@apache.org
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n | source : security@apache.org

Vulnerability : CWE-532


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-44141

First published on : 30-10-2023 04:15:10
Last modified on : 30-10-2023 11:54:30

Description :
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

CVE ID : CVE-2023-44141
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211 | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN48057522/ | source : vultures@jpcert.or.jp
https://www.inkdrop.app/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-45746

First published on : 30-10-2023 05:15:09
Last modified on : 30-10-2023 11:54:30

Description :
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.

CVE ID : CVE-2023-45746
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN39139884/ | source : vultures@jpcert.or.jp
https://movabletype.org/news/2023/10/mt-79020-released.html | source : vultures@jpcert.or.jp


Source : lenovo.com

Vulnerability ID : CVE-2022-48190

First published on : 30-10-2023 14:15:08
Last modified on : 30-10-2023 14:15:08

Description :
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2022-48190
Source : psirt@lenovo.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.