Latest vulnerabilities of Monday, September 18, 2023 + weekend

Latest vulnerabilities of Monday, September 18, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/18/2023 at 11:58:40 PM

(15) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-4662

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4662
Source : cve@usom.gov.tr
CVSS Score : 10.0

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-250


Vulnerability ID : CVE-2023-4673

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .

CVE ID : CVE-2023-4673
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0528 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4830

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228.

CVE ID : CVE-2023-4830
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0529 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4231

First published on : 15-09-2023 08:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.

CVE ID : CVE-2023-4231
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0532 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4670

First published on : 15-09-2023 08:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2.

CVE ID : CVE-2023-4670
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0531 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4831

First published on : 15-09-2023 08:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 .

CVE ID : CVE-2023-4831
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0529-2 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4661

First published on : 15-09-2023 09:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4661
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4833

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6.

CVE ID : CVE-2023-4833
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0533 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4835

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .

CVE ID : CVE-2023-4835
Source : cve@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0533 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-41084

First published on : 18-09-2023 20:15:10
Last modified on : 18-09-2023 20:15:10

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

CVE ID : CVE-2023-41084
Source : ics-cert@hq.dhs.gov
CVSS Score : 10.0

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-565


Source : wordfence.com

Vulnerability ID : CVE-2023-4994

First published on : 16-09-2023 02:15:07
Last modified on : 17-09-2023 12:01:04

Description :
The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.

CVE ID : CVE-2023-4994
Source : security@wordfence.com
CVSS Score : 9.9

References :
https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve | source : security@wordfence.com

Vulnerability : CWE-94


Source : huntr.dev

Vulnerability ID : CVE-2023-4982

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4982
Source : security@huntr.dev
CVSS Score : 9.8

References :
https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769 | source : security@huntr.dev
https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4978

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4978
Source : security@huntr.dev
CVSS Score : 9.0

References :
https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7 | source : security@huntr.dev
https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4 | source : security@huntr.dev

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-41887

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

CVE ID : CVE-2023-41887
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 | source : security-advisories@github.com
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5 | source : security-advisories@github.com

Vulnerability : CWE-89


Source : microsoft.com

Vulnerability ID : CVE-2023-36735

First published on : 15-09-2023 22:15:13
Last modified on : 17-09-2023 12:01:04

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36735
Source : secure@microsoft.com
CVSS Score : 9.6

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 | source : secure@microsoft.com


(32) HIGH VULNERABILITIES [7.0, 8.9]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-39446

First published on : 18-09-2023 21:15:56
Last modified on : 18-09-2023 21:15:56

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

CVE ID : CVE-2023-39446
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.9

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-40221

First published on : 18-09-2023 20:15:09
Last modified on : 18-09-2023 20:15:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.

CVE ID : CVE-2023-40221
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-41965

First published on : 18-09-2023 20:15:10
Last modified on : 18-09-2023 20:15:10

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

CVE ID : CVE-2023-41965
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-922


Vulnerability ID : CVE-2023-39452

First published on : 18-09-2023 21:16:04
Last modified on : 18-09-2023 21:16:04

Description :
** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.

CVE ID : CVE-2023-39452
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-256


Source : huntr.dev

Vulnerability ID : CVE-2023-4979

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4979
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03 | source : security@huntr.dev
https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4980

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4980
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97 | source : security@huntr.dev
https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4981

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4981
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7 | source : security@huntr.dev
https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4977

First published on : 15-09-2023 01:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.

CVE ID : CVE-2023-4977
Source : security@huntr.dev
CVSS Score : 7.3

References :
https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0 | source : security@huntr.dev
https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc | source : security@huntr.dev

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-5036

First published on : 18-09-2023 06:15:08
Last modified on : 18-09-2023 13:26:56

Description :
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CVE ID : CVE-2023-5036
Source : security@huntr.dev
CVSS Score : 7.3

References :
https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536 | source : security@huntr.dev
https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d | source : security@huntr.dev

Vulnerability : CWE-352


Source : usom.gov.tr

Vulnerability ID : CVE-2023-4665

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4665
Source : cve@usom.gov.tr
CVSS Score : 8.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-279


Vulnerability ID : CVE-2023-4664

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4664
Source : cve@usom.gov.tr
CVSS Score : 7.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-276


Source : cert.org.tw

Vulnerability ID : CVE-2023-41349

First published on : 18-09-2023 03:15:08
Last modified on : 18-09-2023 13:27:02

Description :
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

CVE ID : CVE-2023-41349
Source : twcert@cert.org.tw
CVSS Score : 8.8

References :
https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-134


Vulnerability ID : CVE-2023-35851

First published on : 18-09-2023 03:15:08
Last modified on : 18-09-2023 13:27:02

Description :
SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.

CVE ID : CVE-2023-35851
Source : twcert@cert.org.tw
CVSS Score : 7.5

References :
https://www.twcert.org.tw/tw/cp-132-7372-3994a-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-35850

First published on : 18-09-2023 03:15:07
Last modified on : 18-09-2023 13:27:02

Description :
SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.

CVE ID : CVE-2023-35850
Source : twcert@cert.org.tw
CVSS Score : 7.2

References :
https://www.twcert.org.tw/tw/cp-132-7373-4ef46-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-78


Source : redhat.com

Vulnerability ID : CVE-2023-0813

First published on : 15-09-2023 21:15:08
Last modified on : 17-09-2023 12:01:04

Description :
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE ID : CVE-2023-0813
Source : secalert@redhat.com
CVSS Score : 8.6

References :
https://access.redhat.com/errata/RHSA-2023:0786 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-0813 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2169468 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-0923

First published on : 15-09-2023 21:15:09
Last modified on : 17-09-2023 12:01:04

Description :
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

CVE ID : CVE-2023-0923
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:0977 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-0923 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2171870 | source : secalert@redhat.com


Source : bosch.com

Vulnerability ID : CVE-2023-34999

First published on : 18-09-2023 11:15:41
Last modified on : 18-09-2023 13:26:56

Description :
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.

CVE ID : CVE-2023-34999
Source : psirt@bosch.com
CVSS Score : 8.4

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html | source : psirt@bosch.com

Vulnerability : CWE-94


Source : github.com

Vulnerability ID : CVE-2023-42442

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).

CVE ID : CVE-2023-42442
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91 | source : security-advisories@github.com
https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a | source : security-advisories@github.com
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-42443

First published on : 18-09-2023 21:16:13
Last modified on : 18-09-2023 21:16:13

Description :
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.

CVE ID : CVE-2023-42443
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/vyperlang/vyper/issues/3609 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-40018

First published on : 15-09-2023 20:15:09
Last modified on : 17-09-2023 12:01:22

Description :
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.

CVE ID : CVE-2023-40018
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10 | source : security-advisories@github.com
https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3 | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-40019

First published on : 15-09-2023 20:15:09
Last modified on : 17-09-2023 12:01:22

Description :
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue.

CVE ID : CVE-2023-40019
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10 | source : security-advisories@github.com
https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-41886

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.

CVE ID : CVE-2023-41886
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d | source : security-advisories@github.com
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-42439

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available.

CVE ID : CVE-2023-42439
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-41325

First published on : 15-09-2023 20:15:10
Last modified on : 17-09-2023 12:01:22

Description :
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is opteeโ€™s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable โ€˜eโ€™ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.

CVE ID : CVE-2023-41325
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a | source : security-advisories@github.com
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-38507

First published on : 15-09-2023 20:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.

CVE ID : CVE-2023-38507
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/strapi/strapi/blob/32d68f1f5677ed9a9a505b718c182c0a3f885426/packages/core/admin/server/middlewares/rateLimit.js#L31 | source : security-advisories@github.com
https://github.com/strapi/strapi/releases/tag/v4.12.1 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-24q2-59hm-rh9r | source : security-advisories@github.com

Vulnerability : CWE-770


Source : vuldb.com

Vulnerability ID : CVE-2023-4991

First published on : 15-09-2023 16:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4991
Source : cna@vuldb.com
CVSS Score : 7.8

References :
https://vuldb.com/?ctiid.239804 | source : cna@vuldb.com
https://vuldb.com/?id.239804 | source : cna@vuldb.com

Vulnerability : CWE-428


Vulnerability ID : CVE-2023-5020

First published on : 17-09-2023 05:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239861 was assigned to this vulnerability.

CVE ID : CVE-2023-5020
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/chosir/exp/tree/main | source : cna@vuldb.com
https://vuldb.com/?ctiid.239861 | source : cna@vuldb.com
https://vuldb.com/?id.239861 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : suse.de

Vulnerability ID : CVE-2023-32187

First published on : 18-09-2023 13:15:08
Last modified on : 18-09-2023 13:26:56

Description :
An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.

CVE ID : CVE-2023-32187
Source : meissner@suse.de
CVSS Score : 7.5

References :
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32187https:// | source : meissner@suse.de
https://github.com/k3s-io/k3s/security/advisories/GHSA-m4hf-6vgr-75r2 | source : meissner@suse.de

Vulnerability : CWE-770


Source : fluidattacks.com

Vulnerability ID : CVE-2023-3891

First published on : 15-09-2023 03:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system

CVE ID : CVE-2023-3891
Source : help@fluidattacks.com
CVSS Score : 7.3

References :
https://fluidattacks.com/advisories/aerosmith | source : help@fluidattacks.com
https://lapce.dev | source : help@fluidattacks.com

Vulnerability : CWE-367


Source : mitre.org

Vulnerability ID : CVE-2023-41929

First published on : 18-09-2023 12:15:07
Last modified on : 18-09-2023 13:26:56

Description :
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)

CVE ID : CVE-2023-41929
Source : cve@mitre.org
CVSS Score : 7.3

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Source : wordfence.com

Vulnerability ID : CVE-2023-3025

First published on : 16-09-2023 09:15:07
Last modified on : 17-09-2023 12:00:56

Description :
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE ID : CVE-2023-3025
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve | source : security@wordfence.com

Vulnerability : CWE-918


Source : microsoft.com

Vulnerability ID : CVE-2023-36562

First published on : 15-09-2023 22:15:13
Last modified on : 17-09-2023 12:01:04

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36562
Source : secure@microsoft.com
CVSS Score : 7.1

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 | source : secure@microsoft.com


(47) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : hashicorp.com

Vulnerability ID : CVE-2023-4680

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

CVE ID : CVE-2023-4680
Source : security@hashicorp.com
CVSS Score : 6.8

References :
https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 | source : security@hashicorp.com

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-37263

First published on : 15-09-2023 19:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.

CVE ID : CVE-2023-37263
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/strapi/strapi/releases/tag/v4.12.1 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-38706

First published on : 15-09-2023 20:15:09
Last modified on : 17-09-2023 12:01:22

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-38706
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8 | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-40588

First published on : 15-09-2023 20:15:10
Last modified on : 17-09-2023 12:01:22

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-40588
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-41043

First published on : 15-09-2023 20:15:10
Last modified on : 17-09-2023 12:01:22

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.

CVE ID : CVE-2023-41043
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-36472

First published on : 15-09-2023 19:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.

CVE ID : CVE-2023-36472
Source : security-advisories@github.com
CVSS Score : 5.8

References :
https://github.com/strapi/strapi/releases/tag/v4.11.7 | source : security-advisories@github.com
https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-37281

First published on : 15-09-2023 20:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.

CVE ID : CVE-2023-37281
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/contiki-ng/contiki-ng/pull/2509 | source : security-advisories@github.com
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-37459

First published on : 15-09-2023 20:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.

CVE ID : CVE-2023-37459
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/contiki-ng/contiki-ng/pull/2510 | source : security-advisories@github.com
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-40167

First published on : 15-09-2023 20:15:09
Last modified on : 17-09-2023 12:01:22

Description :
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

CVE ID : CVE-2023-40167
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 | source : security-advisories@github.com
https://www.rfc-editor.org/rfc/rfc9110#section-8.6 | source : security-advisories@github.com

Vulnerability : CWE-130


Vulnerability ID : CVE-2023-41889

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.

CVE ID : CVE-2023-41889
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334c3ea/app/models/concerns/rdf/object.rb#L68-L72 | source : security-advisories@github.com
https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r | source : security-advisories@github.com
https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks | source : security-advisories@github.com

Vulnerability : CWE-176


Vulnerability ID : CVE-2023-42441

First published on : 18-09-2023 21:16:09
Last modified on : 18-09-2023 21:16:09

Description :
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.

CVE ID : CVE-2023-42441
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/pull/3605 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m | source : security-advisories@github.com

Vulnerability : CWE-833


Vulnerability ID : CVE-2023-41042

First published on : 15-09-2023 20:15:10
Last modified on : 17-09-2023 12:01:22

Description :
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.

CVE ID : CVE-2023-41042
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254 | source : security-advisories@github.com

Vulnerability : CWE-770


Source : redhat.com

Vulnerability ID : CVE-2023-4959

First published on : 15-09-2023 10:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victimโ€™s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).

CVE ID : CVE-2023-4959
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-4959 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2238908 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4527

First published on : 18-09-2023 17:15:55
Last modified on : 18-09-2023 18:23:59

Description :
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVE ID : CVE-2023-4527
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-4527 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2234712 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4806

First published on : 18-09-2023 17:15:55
Last modified on : 18-09-2023 18:23:59

Description :
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

CVE ID : CVE-2023-4806
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2023-4806 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2237782 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3466

First published on : 15-09-2023 14:15:08
Last modified on : 15-09-2023 16:20:53

Description :
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

CVE ID : CVE-2022-3466
Source : secalert@redhat.com
CVSS Score : 4.8

References :
https://access.redhat.com/errata/RHSA-2022:7398 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3466 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2134063 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3261

First published on : 15-09-2023 21:15:08
Last modified on : 17-09-2023 12:01:04

Description :
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

CVE ID : CVE-2022-3261
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2022-3261 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2128834 | source : secalert@redhat.com


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-38255

First published on : 18-09-2023 21:15:53
Last modified on : 18-09-2023 21:15:53

Description :
** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.

CVE ID : CVE-2023-38255
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-38582

First published on : 18-09-2023 21:15:54
Last modified on : 18-09-2023 21:15:54

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.

CVE ID : CVE-2023-38582
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-4963

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 12:51:51

Description :
The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4963
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ws-facebook-likebox/trunk/includes/shortcodes.php#L22 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5001

First published on : 16-09-2023 05:15:45
Last modified on : 17-09-2023 12:00:56

Description :
The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5001
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/horizontal-scrolling-announcement/trunk/horizontal-scrolling-announcement.php#L389 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-4974

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 16:15:07

Description :
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4974
Source : cna@vuldb.com
CVSS Score : 6.3

References :
http://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.239750 | source : cna@vuldb.com
https://vuldb.com/?id.239750 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4988

First published on : 15-09-2023 16:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.

CVE ID : CVE-2023-4988
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.239799 | source : cna@vuldb.com
https://vuldb.com/?id.239799 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5014

First published on : 17-09-2023 01:15:34
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239855.

CVE ID : CVE-2023-5014
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Food-Ordering-Website%20SQLi.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239855 | source : cna@vuldb.com
https://vuldb.com/?id.239855 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5016

First published on : 17-09-2023 02:15:08
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.

CVE ID : CVE-2023-5016
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/bayuncao/vul-cve | source : cna@vuldb.com
https://github.com/bayuncao/vul-cve/blob/main/spider-flow%20fastjson%20jdbc%20deserialization | source : cna@vuldb.com
https://vuldb.com/?ctiid.239857 | source : cna@vuldb.com
https://vuldb.com/?id.239857 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-5018

First published on : 17-09-2023 04:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.

CVE ID : CVE-2023-5018
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.239859 | source : cna@vuldb.com
https://vuldb.com/?id.239859 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5019

First published on : 17-09-2023 04:15:11
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860.

CVE ID : CVE-2023-5019
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/ggg48966/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239860 | source : cna@vuldb.com
https://vuldb.com/?id.239860 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5027

First published on : 17-09-2023 17:15:44
Last modified on : 18-09-2023 00:49:33

Description :
A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file club_validator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239869 was assigned to this vulnerability.

CVE ID : CVE-2023-5027
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/LianghaoW/CveHub/blob/main/Simple-Membership-System%20club_validator.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.239869 | source : cna@vuldb.com
https://vuldb.com/?id.239869 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5031

First published on : 18-09-2023 02:15:51
Last modified on : 18-09-2023 13:27:02

Description :
A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.

CVE ID : CVE-2023-5031
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yhy217/rapidcms-vul/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239875 | source : cna@vuldb.com
https://vuldb.com/?id.239875 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5032

First published on : 18-09-2023 04:15:11
Last modified on : 18-09-2023 13:26:56

Description :
A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/article/article-edit-run.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239876.

CVE ID : CVE-2023-5032
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yhy217/rapidcms-vul/issues/2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239876 | source : cna@vuldb.com
https://vuldb.com/?id.239876 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5033

First published on : 18-09-2023 05:15:07
Last modified on : 18-09-2023 13:26:56

Description :
A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability.

CVE ID : CVE-2023-5033
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yhy217/rapidcms-vul/issues/3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239877 | source : cna@vuldb.com
https://vuldb.com/?id.239877 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5034

First published on : 18-09-2023 05:15:07
Last modified on : 18-09-2023 13:26:56

Description :
A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5034
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://uploaddeimagens.com.br/imagens/bLNdiUE | source : cna@vuldb.com
https://vuldb.com/?ctiid.239878 | source : cna@vuldb.com
https://vuldb.com/?id.239878 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4985

First published on : 15-09-2023 15:15:07
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4985
Source : cna@vuldb.com
CVSS Score : 5.9

References :
https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.239796 | source : cna@vuldb.com
https://vuldb.com/?id.239796 | source : cna@vuldb.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-4987

First published on : 15-09-2023 15:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4987
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.239798 | source : cna@vuldb.com
https://vuldb.com/?id.239798 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5017

First published on : 17-09-2023 03:15:08
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5017
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.239858 | source : cna@vuldb.com
https://vuldb.com/?id.239858 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5022

First published on : 17-09-2023 06:15:07
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.

CVE ID : CVE-2023-5022
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/bayuncao/DEDEcms | source : cna@vuldb.com
https://vuldb.com/?ctiid.239863 | source : cna@vuldb.com
https://vuldb.com/?id.239863 | source : cna@vuldb.com

Vulnerability : CWE-36


Vulnerability ID : CVE-2023-5023

First published on : 17-09-2023 07:15:09
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864.

CVE ID : CVE-2023-5023
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/RCEraser/cve/blob/main/sql_inject_3.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239864 | source : cna@vuldb.com
https://vuldb.com/?id.239864 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5029

First published on : 17-09-2023 22:15:46
Last modified on : 18-09-2023 00:49:33

Description :
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.

CVE ID : CVE-2023-5029
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/1541284314/cve/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239871 | source : cna@vuldb.com
https://vuldb.com/?id.239871 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5030

First published on : 17-09-2023 22:15:47
Last modified on : 18-09-2023 00:49:33

Description :
A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872.

CVE ID : CVE-2023-5030
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/husterdjx/cve/blob/main/sql1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239872 | source : cna@vuldb.com
https://vuldb.com/?id.239872 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5012

First published on : 16-09-2023 21:15:47
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-239853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5012
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.239853 | source : cna@vuldb.com
https://vuldb.com/?id.239853 | source : cna@vuldb.com

Vulnerability : CWE-428


Vulnerability ID : CVE-2023-4983

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments</script>'"><img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4983
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.239794 | source : cna@vuldb.com
https://vuldb.com/?id.239794 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4984

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.

CVE ID : CVE-2023-4984
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/didi/KnowSearch/files/12135597/ad1aa7b3-ecee-44b0-a22a-80917ca0fe71.pdf4398935202801712312.pdf | source : cna@vuldb.com
https://github.com/didi/KnowSearch/issues/86 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239795 | source : cna@vuldb.com
https://vuldb.com/?id.239795 | source : cna@vuldb.com

Vulnerability : CWE-256


Source : exodusintel.com

Vulnerability ID : CVE-2023-41030

First published on : 18-09-2023 19:15:43
Last modified on : 18-09-2023 19:15:43

Description :
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.

CVE ID : CVE-2023-41030
Source : disclosures@exodusintel.com
CVSS Score : 6.3

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-hard-coded-credential-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-259


Source : usom.gov.tr

Vulnerability ID : CVE-2023-4663

First published on : 15-09-2023 09:15:08
Last modified on : 15-09-2023 12:51:51

Description :
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.

CVE ID : CVE-2023-4663
Source : cve@usom.gov.tr
CVSS Score : 6.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0535 | source : cve@usom.gov.tr

Vulnerability : CWE-80


Source : microsoft.com

Vulnerability ID : CVE-2023-36727

First published on : 15-09-2023 22:15:13
Last modified on : 17-09-2023 12:01:04

Description :
Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE ID : CVE-2023-36727
Source : secure@microsoft.com
CVSS Score : 6.1

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 | source : secure@microsoft.com


Source : emc.com

Vulnerability ID : CVE-2023-32461

First published on : 15-09-2023 07:15:09
Last modified on : 15-09-2023 12:51:51

Description :
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

CVE ID : CVE-2023-32461
Source : security_alert@emc.com
CVSS Score : 5.0

References :
https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-122


Source : cisco.com

Vulnerability ID : CVE-2022-20917

First published on : 15-09-2023 03:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.

CVE ID : CVE-2022-20917
Source : ykramarz@cisco.com
CVSS Score : 4.3

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM | source : ykramarz@cisco.com


(12) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-4973

First published on : 15-09-2023 02:15:08
Last modified on : 15-09-2023 16:15:07

Description :
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4973
Source : cna@vuldb.com
CVSS Score : 3.5

References :
http://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.239749 | source : cna@vuldb.com
https://vuldb.com/?id.239749 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5015

First published on : 17-09-2023 02:15:07
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856.

CVE ID : CVE-2023-5015
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Num-Nine/CVE/issues/3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239856 | source : cna@vuldb.com
https://vuldb.com/?id.239856 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5021

First published on : 17-09-2023 05:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5021
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.239862 | source : cna@vuldb.com
https://vuldb.com/?id.239862 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5024

First published on : 17-09-2023 07:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability.

CVE ID : CVE-2023-5024
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.239865 | source : cna@vuldb.com
https://vuldb.com/?id.239865 | source : cna@vuldb.com
https://www.planno.fr/ | source : cna@vuldb.com
https://youtu.be/evdhcUlD1EQ | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5025

First published on : 17-09-2023 07:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5025
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.239866 | source : cna@vuldb.com
https://vuldb.com/?id.239866 | source : cna@vuldb.com
https://www.youtube.com/watch?v=b5107YkpgaM | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5026

First published on : 17-09-2023 10:15:07
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868.

CVE ID : CVE-2023-5026
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Mykonos-x/cve/tree/main/cve/tongda/v11/xss | source : cna@vuldb.com
https://vuldb.com/?ctiid.239868 | source : cna@vuldb.com
https://vuldb.com/?id.239868 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5013

First published on : 16-09-2023 23:15:07
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')</script> leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-239854 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5013
Source : cna@vuldb.com
CVSS Score : 2.6

References :
https://github.com/Jacky-Y/vuls/blob/main/vul3.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.239854 | source : cna@vuldb.com
https://vuldb.com/?id.239854 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4986

First published on : 15-09-2023 15:15:08
Last modified on : 15-09-2023 16:20:53

Description :
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4986
Source : cna@vuldb.com
CVSS Score : 2.5

References :
https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.239797 | source : cna@vuldb.com
https://vuldb.com/?id.239797 | source : cna@vuldb.com

Vulnerability : CWE-916


Vulnerability ID : CVE-2023-5028

First published on : 17-09-2023 11:15:07
Last modified on : 17-09-2023 12:00:56

Description :
A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5028
Source : cna@vuldb.com
CVSS Score : 2.0

References :
https://github.com/pinglan123/-/wiki/%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%E5%AE%B6%E7%94%A8%E7%BD%91%E5%85%B3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.239870 | source : cna@vuldb.com
https://vuldb.com/?id.239870 | source : cna@vuldb.com

Vulnerability : CWE-534


Source : github.com

Vulnerability ID : CVE-2023-36479

First published on : 15-09-2023 19:15:08
Last modified on : 17-09-2023 12:01:22

Description :
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

CVE ID : CVE-2023-36479
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/eclipse/jetty.project/pull/9516 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9888 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9889 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j | source : security-advisories@github.com

Vulnerability : CWE-149


Vulnerability ID : CVE-2023-41900

First published on : 15-09-2023 21:15:11
Last modified on : 17-09-2023 12:01:04

Description :
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.

CVE ID : CVE-2023-41900
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/eclipse/jetty.project/pull/9528 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/pull/9660 | source : security-advisories@github.com
https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 | source : security-advisories@github.com

Vulnerability : CWE-1390


Vulnerability ID : CVE-2023-41880

First published on : 15-09-2023 20:15:11
Last modified on : 17-09-2023 12:01:04

Description :
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless. This issue was discovered through fuzzing of Wasmtime's code generator Cranelift. Wasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability.

CVE ID : CVE-2023-41880
Source : security-advisories@github.com
CVSS Score : 2.2

References :
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/commit/8d7eda15b0badcbea83a7aac2d08f80788b59240 | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/pull/6372 | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh | source : security-advisories@github.com
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh#:~:text=Mailing%20list%20announcement | source : security-advisories@github.com

Vulnerability : CWE-193


(55) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-39639

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.

CVE ID : CVE-2023-39639
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/2_community-developer?contributor=190902&id_category=3 | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/31/leoblog.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-39641

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().

CVE ID : CVE-2023-39641
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/referencement-payant-affiliation/26226-full-affiliates.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/31/psaffiliate.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-39642

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display().

CVE ID : CVE-2023-39642
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/remarketing-paniers-abandonnes/22077-carts-guru-marketing-automation-multicanal.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/29/cartsguru.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40955

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.

CVE ID : CVE-2023-40955
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40956

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.

CVE ID : CVE-2023-40956
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search | source : cve@mitre.org


Vulnerability ID : CVE-2023-40957

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.

CVE ID : CVE-2023-40957
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40958

First published on : 15-09-2023 00:15:07
Last modified on : 15-09-2023 00:31:20

Description :
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.

CVE ID : CVE-2023-40958
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39643

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds().

CVE ID : CVE-2023-39643
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/data-import-export/5732-xml-feeds-pro.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/08/29/xmlfeeds.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40984

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

CVE ID : CVE-2023-40984
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40985

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

CVE ID : CVE-2023-40985
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40986

First published on : 15-09-2023 01:15:07
Last modified on : 15-09-2023 12:51:51

Description :
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

CVE ID : CVE-2023-40986
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40982

First published on : 15-09-2023 03:15:09
Last modified on : 15-09-2023 12:51:51

Description :
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

CVE ID : CVE-2023-40982
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40983

First published on : 15-09-2023 04:15:10
Last modified on : 15-09-2023 12:51:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

CVE ID : CVE-2023-40983
Source : cve@mitre.org
CVSS Score : /

References :
http://webmin.com | source : cve@mitre.org
https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36658

First published on : 15-09-2023 05:15:24
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.

CVE ID : CVE-2023-36658
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36658 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36657

First published on : 15-09-2023 06:15:07
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.

CVE ID : CVE-2023-36657
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36657 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36659

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 12:51:51

Description :
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).

CVE ID : CVE-2023-36659
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opswat.com/mdkiosk | source : cve@mitre.org
https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36659 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42270

First published on : 15-09-2023 14:15:11
Last modified on : 15-09-2023 16:20:53

Description :
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-42270
Source : cve@mitre.org
CVSS Score : /

References :
http://xploit.sh/posts/cve-2023-xxxxx/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-38636

First published on : 15-09-2023 16:15:07
Last modified on : 15-09-2023 16:15:07

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2022-38636
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2022-47848

First published on : 15-09-2023 16:15:07
Last modified on : 15-09-2023 16:20:53

Description :
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.

CVE ID : CVE-2022-47848
Source : cve@mitre.org
CVSS Score : /

References :
https://00xbyte.github.io/posts/bezeq-router-auth-bypass/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-28614

First published on : 15-09-2023 17:15:14
Last modified on : 17-09-2023 12:01:22

Description :
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.

CVE ID : CVE-2023-28614
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0012.md | source : cve@mitre.org
https://www.freewillsolutions.com/smart-trade-ifis | source : cve@mitre.org
https://www.kb.cert.org/vuls/id/947701 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42398

First published on : 15-09-2023 17:15:14
Last modified on : 17-09-2023 12:01:22

Description :
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.

CVE ID : CVE-2023-42398
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/laterfuture/php-audit/blob/main/CVE-2023-42398%E2%80%94%E2%80%94ZZCMS2023%20SSRF | source : cve@mitre.org


Vulnerability ID : CVE-2023-41626

First published on : 15-09-2023 23:15:07
Last modified on : 17-09-2023 12:01:04

Description :
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

CVE ID : CVE-2023-41626
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb | source : cve@mitre.org


Vulnerability ID : CVE-2023-36160

First published on : 16-09-2023 00:15:07
Last modified on : 17-09-2023 12:01:04

Description :
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.

CVE ID : CVE-2023-36160
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-41436

First published on : 16-09-2023 00:15:08
Last modified on : 17-09-2023 12:01:04

Description :
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.

CVE ID : CVE-2023-41436
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CSZ-CMS-Stored-XSS---Pages-Content/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39612

First published on : 16-09-2023 01:15:07
Last modified on : 17-09-2023 12:01:04

Description :
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.

CVE ID : CVE-2023-39612
Source : cve@mitre.org
CVSS Score : /

References :
https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser/ | source : cve@mitre.org
https://github.com/filebrowser/filebrowser/commit/b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30 | source : cve@mitre.org
https://github.com/filebrowser/filebrowser/issues/2570 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39777

First published on : 16-09-2023 01:15:08
Last modified on : 17-09-2023 12:01:04

Description :
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.

CVE ID : CVE-2023-39777
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c | source : cve@mitre.org


Vulnerability ID : CVE-2023-42336

First published on : 16-09-2023 01:15:08
Last modified on : 17-09-2023 12:01:04

Description :
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

CVE ID : CVE-2023-42336
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-41157

First published on : 16-09-2023 06:15:07
Last modified on : 17-09-2023 12:00:56

Description :
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.

CVE ID : CVE-2023-41157
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41157 | source : cve@mitre.org
https://webmin.com/tags/webmin-changelog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-42520

First published on : 18-09-2023 06:15:08
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42520
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42526

First published on : 18-09-2023 06:15:08
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42526
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42521

First published on : 18-09-2023 07:15:37
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42521
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42522

First published on : 18-09-2023 07:15:37
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42522
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42523

First published on : 18-09-2023 07:15:37
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42523
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42524

First published on : 18-09-2023 07:15:38
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42524
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-42525

First published on : 18-09-2023 07:15:38
Last modified on : 18-09-2023 13:26:56

Description :
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-42525
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-43114

First published on : 18-09-2023 07:15:38
Last modified on : 18-09-2023 13:26:56

Description :
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

CVE ID : CVE-2023-43114
Source : cve@mitre.org
CVSS Score : /

References :
https://codereview.qt-project.org/c/qt/qtbase/+/503026 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43115

First published on : 18-09-2023 08:15:07
Last modified on : 18-09-2023 13:26:56

Description :
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

CVE ID : CVE-2023-43115
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.ghostscript.com/show_bug.cgi?id=707051 | source : cve@mitre.org
https://ghostscript.com/ | source : cve@mitre.org
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 | source : cve@mitre.org


Vulnerability ID : CVE-2020-36766

First published on : 18-09-2023 09:15:07
Last modified on : 18-09-2023 13:26:56

Description :
An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

CVE ID : CVE-2020-36766
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.6 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/6c42227c3467549ddc65efe99c869021d2f4a570 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42253

First published on : 18-09-2023 12:15:07
Last modified on : 18-09-2023 13:26:56

Description :
Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul.

CVE ID : CVE-2023-42253
Source : cve@mitre.org
CVSS Score : /

References :
https://code-projects.org/vehicle-management-in-php-with-source-code/ | source : cve@mitre.org
https://gist.github.com/Arajawat007/e37a131fd7b5f90148fa091a42de8f9d#file-cve-2023-42253 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42359

First published on : 18-09-2023 12:15:07
Last modified on : 18-09-2023 13:26:56

Description :
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.

CVE ID : CVE-2023-42359
Source : cve@mitre.org
CVSS Score : /

References :
https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-34195

First published on : 18-09-2023 13:15:08
Last modified on : 18-09-2023 13:26:56

Description :
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.

CVE ID : CVE-2023-34195
Source : cve@mitre.org
CVSS Score : /

References :
https://www.insyde.com/security-pledge | source : cve@mitre.org
https://www.insyde.com/security-pledge/SA-2023052 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42371

First published on : 18-09-2023 15:15:46
Last modified on : 18-09-2023 18:23:59

Description :
Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component.

CVE ID : CVE-2023-42371
Source : cve@mitre.org
CVSS Score : /

References :
https://hacker.soarescorp.com/cve/2023-42371/ | source : cve@mitre.org
https://summernote.org/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-42387

First published on : 18-09-2023 15:15:47
Last modified on : 18-09-2023 18:23:59

Description :
An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php.

CVE ID : CVE-2023-42387
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ranhn/TDSQL | source : cve@mitre.org
https://github.com/ranhn/TDSQL.git | source : cve@mitre.org


Vulnerability ID : CVE-2023-41595

First published on : 18-09-2023 16:15:45
Last modified on : 18-09-2023 18:23:59

Description :
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

CVE ID : CVE-2023-41595
Source : cve@mitre.org
CVSS Score : /

References :
http://xui-xray.com | source : cve@mitre.org
https://github.com/dubin12345/xui-xary/blob/main/README.md | source : cve@mitre.org
https://github.com/vaxilu/x-ui | source : cve@mitre.org


Vulnerability ID : CVE-2023-42320

First published on : 18-09-2023 16:15:45
Last modified on : 18-09-2023 18:23:59

Description :
Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.

CVE ID : CVE-2023-42320
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-42328

First published on : 18-09-2023 16:15:45
Last modified on : 18-09-2023 18:23:59

Description :
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.

CVE ID : CVE-2023-42328
Source : cve@mitre.org
CVSS Score : /

References :
https://blockomat2100.github.io/posts/2023-09-04-damn-vulnerable-ticket-system/ | source : cve@mitre.org
https://github.com/Peppermint-Lab/peppermint/blob/446a20b870bc68157eaafcb7275c289d76bfb29e/apps/client/pages/api/auth/%5B...nextauth%5D.js#L65 | source : cve@mitre.org
https://peppermint.sh/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-33831

First published on : 18-09-2023 20:15:09
Last modified on : 18-09-2023 20:15:09

Description :
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.

CVE ID : CVE-2023-33831
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831 | source : cve@mitre.org
https://youtu.be/Xxa6yRB2Fpw | source : cve@mitre.org


Vulnerability ID : CVE-2023-39039

First published on : 18-09-2023 21:15:54
Last modified on : 18-09-2023 21:15:54

Description :
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39039
Source : cve@mitre.org
CVSS Score : /

References :
http://camp.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39039.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39040

First published on : 18-09-2023 21:15:54
Last modified on : 18-09-2023 21:15:54

Description :
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39040
Source : cve@mitre.org
CVSS Score : /

References :
http://cheese.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39040.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39043

First published on : 18-09-2023 21:15:55
Last modified on : 18-09-2023 21:15:55

Description :
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39043
Source : cve@mitre.org
CVSS Score : /

References :
http://tokushimaawayokocho.com | source : cve@mitre.org
http://ykc.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39043.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39058

First published on : 18-09-2023 21:15:55
Last modified on : 18-09-2023 21:15:55

Description :
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39058
Source : cve@mitre.org
CVSS Score : /

References :
http://thebmembers.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39058.md | source : cve@mitre.org


Source : hackerone.com

Vulnerability ID : CVE-2023-38039

First published on : 15-09-2023 04:15:10
Last modified on : 16-09-2023 03:15:10

Description :
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.

CVE ID : CVE-2023-38039
Source : support@hackerone.com
CVSS Score : /

References :
https://hackerone.com/reports/2072338 | source : support@hackerone.com
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/ | source : support@hackerone.com


Vulnerability ID : CVE-2023-38040

First published on : 17-09-2023 05:15:10
Last modified on : 17-09-2023 12:00:56

Description :
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..

CVE ID : CVE-2023-38040
Source : support@hackerone.com
CVSS Score : /

References :
https://hackerone.com/reports/1694171 | source : support@hackerone.com


Source : cert.vde.com

Vulnerability ID : CVE-2023-3378

First published on : 15-09-2023 06:15:08
Last modified on : 15-09-2023 06:15:08

Description :
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2023-3378
Source : info@cert.vde.com
CVSS Score : /

References :


Source : github.com

Vulnerability ID : CVE-2023-41901

First published on : 15-09-2023 21:15:11
Last modified on : 15-09-2023 21:15:11

Description :
** REJECT ** Further research determined the issue is not a vulnerability.

CVE ID : CVE-2023-41901
Source : security-advisories@github.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.