Latest vulnerabilities of Monday, September 25, 2023 + weekend

Latest vulnerabilities of Monday, September 25, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/25/2023 at 11:58:02 PM

(21) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : google.com

Vulnerability ID : CVE-2023-5129

First published on : 25-09-2023 21:15:16
Last modified on : 25-09-2023 21:15:16

Description :
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.

CVE ID : CVE-2023-5129
Source : cve-coordination@google.com
CVSS Score : 10.0

References :
https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 | source : cve-coordination@google.com
https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a | source : cve-coordination@google.com

Vulnerability : CWE-20


Source : mitre.org

Vulnerability ID : CVE-2023-31719

First published on : 22-09-2023 00:15:11
Last modified on : 25-09-2023 16:44:19

Description :
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.

CVE ID : CVE-2023-31719
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/MateusTesser/CVE-2023-31719 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/cjb2KYpV6dY | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.1.12


Vulnerability ID : CVE-2023-43144

First published on : 22-09-2023 15:15:12
Last modified on : 25-09-2023 16:45:30

Description :
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.

CVE ID : CVE-2023-43144
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2 | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:projectworlds:asset_management_system_project_in_php:1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-43270

First published on : 22-09-2023 19:15:11
Last modified on : 25-09-2023 13:43:34

Description :
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.

CVE ID : CVE-2023-43270
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE | source : cve@mitre.org

Vulnerability : CWE-94

Vulnerable product(s) : cpe:2.3:a:dst-admin_project:dst-admin:1.5.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-40989

First published on : 22-09-2023 20:15:09
Last modified on : 25-09-2023 13:47:01

Description :
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

CVE ID : CVE-2023-40989
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989 | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:jeecg:jeecg_boot:3.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:jeecg:jeecg_boot:3.5.3:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-43468

First published on : 23-09-2023 00:15:20
Last modified on : 25-09-2023 13:52:41

Description :
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.

CVE ID : CVE-2023-43468
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://gist.github.com/ae6e361b/30d56c116d9f727b91c418d044f42fd3 | source : cve@mitre.org
https://github.com/ae6e361b/Online-Job-Portal | source : cve@mitre.org
https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:online_job_portal_project:online_job_portal:2020:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-43469

First published on : 23-09-2023 00:15:20
Last modified on : 25-09-2023 13:52:25

Description :
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.

CVE ID : CVE-2023-43469
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://gist.github.com/ae6e361b/28ffc44d39e406ce1bc627c0c5c3a7de | source : cve@mitre.org
https://github.com/ae6e361b/Online-Job-Portal-Forget | source : cve@mitre.org
https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:online_job_portal_project:online_job_portal:2020:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-43470

First published on : 23-09-2023 00:15:20
Last modified on : 25-09-2023 13:51:55

Description :
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.

CVE ID : CVE-2023-43470
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://gist.github.com/ae6e361b/1ed56fbfbbfd368835b8a8089f8ee64a | source : cve@mitre.org
https://github.com/ae6e361b/Online-Voting-System | source : cve@mitre.org
https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:janobe:online_voting_system:1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41419

First published on : 25-09-2023 12:15:11
Last modified on : 25-09-2023 18:44:06

Description :
An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

CVE ID : CVE-2023-41419
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c | source : cve@mitre.org
https://github.com/gevent/gevent/issues/1989 | source : cve@mitre.org

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:a:gevent:gevent:*:*:*:*:*:*:*:*


Source : huawei.com

Vulnerability ID : CVE-2023-41294

First published on : 25-09-2023 12:15:10
Last modified on : 25-09-2023 17:59:10

Description :
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.

CVE ID : CVE-2023-41294
Source : psirt@huawei.com
CVSS Score : 9.8

References :
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41297

First published on : 25-09-2023 12:15:11
Last modified on : 25-09-2023 17:41:16

Description :
Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

CVE ID : CVE-2023-41297
Source : psirt@huawei.com
CVSS Score : 9.8

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-39407

First published on : 25-09-2023 09:15:10
Last modified on : 25-09-2023 17:15:48

Description :
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE ID : CVE-2023-39407
Source : psirt@huawei.com
CVSS Score : 9.1

References :
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-22

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41296

First published on : 25-09-2023 12:15:10
Last modified on : 25-09-2023 17:19:10

Description :
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE ID : CVE-2023-41296
Source : psirt@huawei.com
CVSS Score : 9.1

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-862

Vulnerability : CWE-862

Vulnerable product(s) : cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Source : docker.com

Vulnerability ID : CVE-2023-0625

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 18:19:42

Description :
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.

CVE ID : CVE-2023-0625
Source : security@docker.com
CVSS Score : 9.8

References :
https://docs.docker.com/desktop/release-notes/#4120 | source : security@docker.com

Vulnerability : CWE-94

Vulnerability : CWE-79
Vulnerability : CWE-829
Vulnerability : CWE-94

Vulnerable product(s) : cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-0626

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 18:13:28

Description :
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.

CVE ID : CVE-2023-0626
Source : security@docker.com
CVSS Score : 9.8

References :
https://docs.docker.com/desktop/release-notes/#4120 | source : security@docker.com

Vulnerability : CWE-94

Vulnerability : CWE-94

Vulnerable product(s) : cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*


Source : cisco.com

Vulnerability ID : CVE-2023-32284

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 18:41:26

Description :
An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-32284
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1750 | source : talos-cna@cisco.com

Vulnerability : CWE-787

Vulnerability : CWE-119

Vulnerable product(s) : cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-32653

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 16:16:30

Description :
An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-32653
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802 | source : talos-cna@cisco.com

Vulnerability : CWE-191


Vulnerability ID : CVE-2023-35002

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35002
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-39453

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability.

CVE ID : CVE-2023-39453
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-40163

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 18:46:35

Description :
An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-40163
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1836 | source : talos-cna@cisco.com

Vulnerability : CWE-787

Vulnerability : CWE-787

Vulnerable product(s) : cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*


Source : github.com

Vulnerability ID : CVE-2023-43644

First published on : 25-09-2023 20:15:11
Last modified on : 25-09-2023 20:15:11

Description :
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.

CVE ID : CVE-2023-43644
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/SagerNet/sing-box/security/advisories/GHSA-r5hm-mp3j-285g | source : security-advisories@github.com

Vulnerability : CWE-306


(49) HIGH VULNERABILITIES [7.0, 8.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23362

First published on : 22-09-2023 04:15:50
Last modified on : 22-09-2023 13:24:08

Description :
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

CVE ID : CVE-2023-23362
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-18 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-23363

First published on : 22-09-2023 04:15:53
Last modified on : 22-09-2023 13:24:08

Description :
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later

CVE ID : CVE-2023-23363
Source : security@qnapsecurity.com.tw
CVSS Score : 8.1

References :
https://www.qnap.com/en/security-advisory/qsa-23-25 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-23364

First published on : 22-09-2023 04:15:54
Last modified on : 22-09-2023 13:24:08

Description :
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later

CVE ID : CVE-2023-23364
Source : security@qnapsecurity.com.tw
CVSS Score : 8.1

References :
https://www.qnap.com/en/security-advisory/qsa-23-29 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Source : puiterwijk.org

Vulnerability ID : CVE-2023-5002

First published on : 22-09-2023 14:15:47
Last modified on : 25-09-2023 18:03:36

Description :
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CVE ID : CVE-2023-5002
Source : patrick@puiterwijk.org
CVSS Score : 8.8

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2239164 | source : patrick@puiterwijk.org
https://github.com/pgadmin-org/pgadmin4/issues/6763 | source : patrick@puiterwijk.org

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*


Source : vuldb.com

Vulnerability ID : CVE-2023-5147

First published on : 25-09-2023 01:15:19
Last modified on : 25-09-2023 13:26:14

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5147
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20updateos.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240243 | source : cna@vuldb.com
https://vuldb.com/?id.240243 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerable product(s) : cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5148

First published on : 25-09-2023 01:15:19
Last modified on : 25-09-2023 13:26:12

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240244. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5148
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20uploadfile.md | source : cna@vuldb.com
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20uploadfile.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240244 | source : cna@vuldb.com
https://vuldb.com/?id.240244 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerable product(s) : cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*

Vulnerable product(s) : cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5149

First published on : 25-09-2023 01:15:19
Last modified on : 25-09-2023 13:26:11

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240245 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5149
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20userattestation.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240245 | source : cna@vuldb.com
https://vuldb.com/?id.240245 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerable product(s) : cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5150

First published on : 25-09-2023 02:15:10
Last modified on : 25-09-2023 13:26:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5150
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md | source : cna@vuldb.com
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240246 | source : cna@vuldb.com
https://vuldb.com/?id.240246 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerability : CWE-434

Vulnerable product(s) : cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*

Vulnerable product(s) : cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5151

First published on : 25-09-2023 02:15:10
Last modified on : 25-09-2023 13:26:04

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5151
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20autheditpwd.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240247 | source : cna@vuldb.com
https://vuldb.com/?id.240247 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5154

First published on : 25-09-2023 03:15:09
Last modified on : 25-09-2023 13:25:52

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5154
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20changelogo.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240250 | source : cna@vuldb.com
https://vuldb.com/?id.240250 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerable product(s) : cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*


Source : cisco.com

Vulnerability ID : CVE-2023-23567

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 17:56:12

Description :
A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-23567
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1729 | source : talos-cna@cisco.com

Vulnerability : CWE-787

Vulnerability : CWE-119

Vulnerable product(s) : cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-28393

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 17:57:45

Description :
A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-28393
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1742 | source : talos-cna@cisco.com

Vulnerability : CWE-787

Vulnerability : CWE-121

Vulnerable product(s) : cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-32614

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 16:16:30

Description :
A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-32614
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749 | source : talos-cna@cisco.com

Vulnerability : CWE-124


Source : github.com

Vulnerability ID : CVE-2023-40581

First published on : 25-09-2023 19:15:09
Last modified on : 25-09-2023 19:15:09

Description :
yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.

CVE ID : CVE-2023-40581
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.09.24.003044 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/releases/tag/2023.09.24 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg | source : security-advisories@github.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-42798

First published on : 22-09-2023 16:15:09
Last modified on : 22-09-2023 16:38:32

Description :
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.

CVE ID : CVE-2023-42798
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/ChewKeanHo/AutomataCI/issues/93 | source : security-advisories@github.com
https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-42821

First published on : 22-09-2023 17:15:14
Last modified on : 23-09-2023 03:46:18

Description :
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

CVE ID : CVE-2023-42821
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69 | source : security-advisories@github.com
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940 | source : security-advisories@github.com
https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2 | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-43642

First published on : 25-09-2023 20:15:11
Last modified on : 25-09-2023 20:15:11

Description :
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.

CVE ID : CVE-2023-43642
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 | source : security-advisories@github.com
https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv | source : security-advisories@github.com

Vulnerability : CWE-770


Source : redhat.com

Vulnerability ID : CVE-2022-4137

First published on : 25-09-2023 20:15:09
Last modified on : 25-09-2023 20:15:09

Description :
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

CVE ID : CVE-2022-4137
Source : secalert@redhat.com
CVSS Score : 8.1

References :
https://access.redhat.com/errata/RHSA-2023:1043 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1044 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1045 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1049 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4137 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2148496 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3874

First published on : 22-09-2023 14:15:44
Last modified on : 22-09-2023 16:38:32

Description :
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

CVE ID : CVE-2022-3874
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/security/cve/CVE-2022-3874 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2140577 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4039

First published on : 22-09-2023 15:15:09
Last modified on : 22-09-2023 16:38:32

Description :
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

CVE ID : CVE-2022-4039
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:1047 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4039 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2143416 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1260

First published on : 24-09-2023 01:15:42
Last modified on : 25-09-2023 01:35:47

Description :
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

CVE ID : CVE-2023-1260
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:3976 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4093 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4312 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4898 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-1260 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2176267 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1625

First published on : 24-09-2023 01:15:43
Last modified on : 25-09-2023 01:35:47

Description :
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

CVE ID : CVE-2023-1625
Source : secalert@redhat.com
CVSS Score : 7.4

References :
https://access.redhat.com/security/cve/CVE-2023-1625 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181621 | source : secalert@redhat.com
https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb | source : secalert@redhat.com
https://launchpad.net/bugs/1999665 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-42753

First published on : 25-09-2023 21:15:15
Last modified on : 25-09-2023 21:15:15

Description :
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

CVE ID : CVE-2023-42753
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-42753 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239843 | source : secalert@redhat.com
https://www.openwall.com/lists/oss-security/2023/09/22/10 | source : secalert@redhat.com


Source : exodusintel.com

Vulnerability ID : CVE-2023-41027

First published on : 22-09-2023 17:15:09
Last modified on : 23-09-2023 03:46:18

Description :
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

CVE ID : CVE-2023-41027
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-credential-disclosure-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-210


Vulnerability ID : CVE-2023-41029

First published on : 22-09-2023 17:15:10
Last modified on : 23-09-2023 03:46:18

Description :
Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

CVE ID : CVE-2023-41029
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-41031

First published on : 22-09-2023 17:15:14
Last modified on : 23-09-2023 03:46:18

Description :
Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

CVE ID : CVE-2023-41031
Source : disclosures@exodusintel.com
CVSS Score : 8.0

References :
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/ | source : disclosures@exodusintel.com

Vulnerability : CWE-77


Source : docker.com

Vulnerability ID : CVE-2023-5166

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.

CVE ID : CVE-2023-5166
Source : security@docker.com
CVSS Score : 8.0

References :
https://docs.docker.com/desktop/release-notes/#4230 | source : security@docker.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-0627

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 18:15:27

Description :
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

CVE ID : CVE-2023-0627
Source : security@docker.com
CVSS Score : 7.8

References :
https://docs.docker.com/desktop/release-notes/#4120 | source : security@docker.com

Vulnerability : NVD-CWE-Other

Vulnerability : CWE-501

Vulnerable product(s) : cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-0633

First published on : 25-09-2023 16:15:13
Last modified on : 25-09-2023 18:32:19

Description :
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

CVE ID : CVE-2023-0633
Source : security@docker.com
CVSS Score : 7.8

References :
https://docs.docker.com/desktop/release-notes/#4120 | source : security@docker.com

Vulnerability : CWE-88

Vulnerability : CWE-88

Vulnerable product(s) : cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5165

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

CVE ID : CVE-2023-5165
Source : security@docker.com
CVSS Score : 7.1

References :
https://docs.docker.com/desktop/release-notes/#4230 | source : security@docker.com

Vulnerability : CWE-424
Vulnerability : CWE-862


Source : mitre.org

Vulnerability ID : CVE-2023-31716

First published on : 22-09-2023 00:15:09
Last modified on : 25-09-2023 16:40:36

Description :
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log

CVE ID : CVE-2023-31716
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://github.com/MateusTesser/CVE-2023-31716 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.1.12


Vulnerability ID : CVE-2023-31717

First published on : 22-09-2023 00:15:11
Last modified on : 25-09-2023 16:42:17

Description :
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.

CVE ID : CVE-2023-31717
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://github.com/MateusTesser/CVE-2023-31717 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/IBMXTEI_5wY | source : cve@mitre.org

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.1.12


Vulnerability ID : CVE-2023-31718

First published on : 22-09-2023 00:15:11
Last modified on : 25-09-2023 16:43:50

Description :
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.

CVE ID : CVE-2023-31718
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://github.com/MateusTesser/CVE-2023-31718 | source : cve@mitre.org
https://github.com/frangoteam/FUXA | source : cve@mitre.org
https://youtu.be/VCQkEGntN04 | source : cve@mitre.org

Vulnerability : NVD-CWE-Other

Vulnerable product(s) : cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.1.12


Vulnerability ID : CVE-2023-43783

First published on : 22-09-2023 06:15:10
Last modified on : 25-09-2023 18:07:32

Description :
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.

CVE ID : CVE-2023-43783
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://bugzilla.suse.com/show_bug.cgi?id=1213985 | source : cve@mitre.org
https://github.com/falkTX/Cadence | source : cve@mitre.org

Vulnerability : CWE-668

Vulnerable product(s) : cpe:2.3:a:falktx:cadence:*:*:*:*:*:*:*:*
Vulnerable version(s) : 0.9.2


Source : huawei.com

Vulnerability ID : CVE-2023-39408

First published on : 25-09-2023 09:15:10
Last modified on : 25-09-2023 17:16:53

Description :
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE ID : CVE-2023-39408
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-120

Vulnerability : CWE-120

Vulnerable product(s) : cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-39409

First published on : 25-09-2023 11:15:12
Last modified on : 25-09-2023 17:25:23

Description :
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE ID : CVE-2023-39409
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-120

Vulnerability : CWE-120

Vulnerable product(s) : cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41298

First published on : 25-09-2023 12:15:11
Last modified on : 25-09-2023 17:30:38

Description :
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2023-41298
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41299

First published on : 25-09-2023 12:15:11
Last modified on : 25-09-2023 17:31:55

Description :
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE ID : CVE-2023-41299
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-120

Vulnerability : CWE-120

Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41293

First published on : 25-09-2023 13:15:10
Last modified on : 25-09-2023 17:10:42

Description :
Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2023-41293
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerability : CWE-227

Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41300

First published on : 25-09-2023 13:15:11
Last modified on : 25-09-2023 17:13:18

Description :
Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE ID : CVE-2023-41300
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerability : CWE-20

Vulnerable product(s) : cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41301

First published on : 25-09-2023 13:15:11
Last modified on : 25-09-2023 17:14:55

Description :
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-41301
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41302

First published on : 25-09-2023 13:15:11
Last modified on : 25-09-2023 17:23:27

Description :
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-41302
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : NVD-CWE-noinfo

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-41303

First published on : 25-09-2023 13:15:11
Last modified on : 25-09-2023 17:37:26

Description :
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

CVE ID : CVE-2023-41303
Source : psirt@huawei.com
CVSS Score : 7.5

References :
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com
https://https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com

Vulnerability : CWE-77

Vulnerability : CWE-20

Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*


Source : fluidattacks.com

Vulnerability ID : CVE-2023-3550

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

CVE ID : CVE-2023-3550
Source : help@fluidattacks.com
CVSS Score : 7.3

References :
https://fluidattacks.com/advisories/blondie/ | source : help@fluidattacks.com
https://www.mediawiki.org/wiki/MediaWiki/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : patchstack.com

Vulnerability ID : CVE-2023-41874

First published on : 25-09-2023 01:15:17
Last modified on : 25-09-2023 01:35:47

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.

CVE ID : CVE-2023-41874
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/order-delivery-date-for-woocommerce/wordpress-order-delivery-date-for-woocommerce-plugin-3-20-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41863

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions.

CVE ID : CVE-2023-41863
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/pepro-cf7-database/wordpress-peprodev-cf7-database-plugin-1-7-0-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41867

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.

CVE ID : CVE-2023-41867
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41868

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.

CVE ID : CVE-2023-41868
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/stagtools/wordpress-stagtools-plugin-2-3-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41871

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.

CVE ID : CVE-2023-41871
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-best-wordpress-poll-plugin-plugin-4-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(31) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : redhat.com

Vulnerability ID : CVE-2023-1633

First published on : 24-09-2023 01:15:43
Last modified on : 25-09-2023 01:35:47

Description :
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

CVE ID : CVE-2023-1633
Source : secalert@redhat.com
CVSS Score : 6.6

References :
https://access.redhat.com/security/cve/CVE-2023-1633 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181761 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-5158

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

CVE ID : CVE-2023-5158
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-5158 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2240561 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4318

First published on : 25-09-2023 20:15:10
Last modified on : 25-09-2023 20:15:10

Description :
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVE ID : CVE-2022-4318
Source : secalert@redhat.com
CVSS Score : 6.1

References :
https://access.redhat.com/errata/RHSA-2023:1033 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1503 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4318 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2152703 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1636

First published on : 24-09-2023 01:15:43
Last modified on : 25-09-2023 01:35:47

Description :
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CVE ID : CVE-2023-1636
Source : secalert@redhat.com
CVSS Score : 6.0

References :
https://access.redhat.com/security/cve/CVE-2023-1636 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2181765 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4244

First published on : 25-09-2023 20:15:10
Last modified on : 25-09-2023 20:15:10

Description :
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CVE ID : CVE-2022-4244
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/errata/RHSA-2023:3906 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4244 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2149841 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4156

First published on : 25-09-2023 18:15:11
Last modified on : 25-09-2023 18:22:53

Description :
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVE ID : CVE-2023-4156
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2023-4156 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2215930 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3962

First published on : 23-09-2023 20:15:10
Last modified on : 25-09-2023 01:35:47

Description :
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

CVE ID : CVE-2022-3962
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/errata/RHSA-2023:0542 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3962 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2148661 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4245

First published on : 25-09-2023 20:15:10
Last modified on : 25-09-2023 20:15:10

Description :
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVE ID : CVE-2022-4245
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/errata/RHSA-2023:3906 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-4245 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 | source : secalert@redhat.com


Source : github.com

Vulnerability ID : CVE-2023-23766

First published on : 22-09-2023 15:15:10
Last modified on : 25-09-2023 17:47:12

Description :
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2023-23766
Source : product-cna@github.com
CVSS Score : 6.5

References :
https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8 | source : product-cna@github.com
https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3 | source : product-cna@github.com

Vulnerability : CWE-697

Vulnerability : CWE-697

Vulnerable product(s) : cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:github:enterprise_server:3.10.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-43640

First published on : 22-09-2023 18:15:12
Last modified on : 25-09-2023 17:38:59

Description :
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.

CVE ID : CVE-2023-43640
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae | source : security-advisories@github.com
https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c | source : security-advisories@github.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:speciesfilegroup:taxonworks:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-42817

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including โ€œ%sโ€ (from โ€œ%suggest%) is parsed by sprintf() even though itโ€™s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain โ€œmodulesโ€) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.

CVE ID : CVE-2023-42817
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-m988-7375-7g2c | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-42811

First published on : 22-09-2023 16:15:10
Last modified on : 22-09-2023 17:15:14

Description :
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

CVE ID : CVE-2023-42811
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309 | source : security-advisories@github.com
https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq | source : security-advisories@github.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2023-42812

First published on : 22-09-2023 17:15:14
Last modified on : 25-09-2023 18:21:01

Description :
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

CVE ID : CVE-2023-42812
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py | source : security-advisories@github.com
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh | source : security-advisories@github.com

Vulnerability : CWE-918

Vulnerable product(s) : cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*


Source : vuldb.com

Vulnerability ID : CVE-2023-5152

First published on : 25-09-2023 02:15:10
Last modified on : 25-09-2023 13:26:02

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5152
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20importexport.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240248 | source : cna@vuldb.com
https://vuldb.com/?id.240248 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5153

First published on : 25-09-2023 03:15:09
Last modified on : 25-09-2023 13:26:00

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5153
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20querysql.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240249 | source : cna@vuldb.com
https://vuldb.com/?id.240249 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2015-12-31

Vulnerable product(s) : cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-5143

First published on : 24-09-2023 23:15:10
Last modified on : 25-09-2023 01:35:47

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5143
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/ggg48966/cve/blob/main/D-LINK%20-DAR-7000_rce_%20webmailattach.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240239 | source : cna@vuldb.com
https://vuldb.com/?id.240239 | source : cna@vuldb.com


Vulnerability ID : CVE-2023-5144

First published on : 24-09-2023 23:15:10
Last modified on : 25-09-2023 01:35:47

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5144
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20changelogo.md | source : cna@vuldb.com
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20updateos.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240240 | source : cna@vuldb.com
https://vuldb.com/?id.240240 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5145

First published on : 25-09-2023 00:15:10
Last modified on : 25-09-2023 01:35:47

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5145
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20licence.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240241 | source : cna@vuldb.com
https://vuldb.com/?id.240241 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5146

First published on : 25-09-2023 00:15:11
Last modified on : 25-09-2023 01:35:47

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240242 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5146
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20updatelib.md | source : cna@vuldb.com
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20updatelib.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240242 | source : cna@vuldb.com
https://vuldb.com/?id.240242 | source : cna@vuldb.com

Vulnerability : CWE-434


Source : mitre.org

Vulnerability ID : CVE-2023-43256

First published on : 25-09-2023 14:15:10
Last modified on : 25-09-2023 17:34:36

Description :
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.

CVE ID : CVE-2023-43256
Source : cve@mitre.org
CVSS Score : 6.5

References :
https://blog.moku.fr/cves/CVE-unassigned/ | source : cve@mitre.org
https://github.com/GladysAssistant/Gladys/commit/f27d0ea4689c3deca5739b5f9ed45a2ddbf00b7b | source : cve@mitre.org

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:a:gladysassistant:gladys_assistant:*:*:*:*:*:*:*:*
Vulnerable version(s) : 4.26.1


Vulnerability ID : CVE-2023-43771

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program.

CVE ID : CVE-2023-43771
Source : cve@mitre.org
CVSS Score : 5.5

References :
https://github.com/mikebrady/nqptp/commit/b24789982d5cc067ecf6e8f3352b701d177530ec | source : cve@mitre.org
https://github.com/mikebrady/nqptp/releases/tag/1.2.3 | source : cve@mitre.org
https://github.com/mikebrady/nqptp/releases/tag/1.2.4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43456

First published on : 25-09-2023 15:15:10
Last modified on : 25-09-2023 17:57:14

Description :
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.

CVE ID : CVE-2023-43456
Source : cve@mitre.org
CVSS Score : 5.4

References :
https://samh4cks.github.io/posts/cve-2023-43456/ | source : cve@mitre.org
https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html | source : cve@mitre.org
https://www.sourcecodester.com/users/tips23 | source : cve@mitre.org

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:oretnom23:service_provider_management_system:1.0:*:*:*:*:*:*:*


Source : patchstack.com

Vulnerability ID : CVE-2023-41872

First published on : 25-09-2023 02:15:09
Last modified on : 25-09-2023 13:04:42

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.

CVE ID : CVE-2023-41872
Source : audit@patchstack.com
CVSS Score : 6.1

References :
https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 7.2.4


Vulnerability ID : CVE-2023-41948

First published on : 25-09-2023 01:15:19
Last modified on : 25-09-2023 01:35:47

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.

CVE ID : CVE-2023-41948
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/cookie-notice-consent/wordpress-cookie-notice-consent-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41949

First published on : 25-09-2023 01:15:19
Last modified on : 25-09-2023 01:35:47

Description :
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.

CVE ID : CVE-2023-41949
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/ifolders/wordpress-ifolders-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : fluidattacks.com

Vulnerability ID : CVE-2023-4892

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.

CVE ID : CVE-2023-4892
Source : help@fluidattacks.com
CVSS Score : 5.7

References :
https://fluidattacks.com/advisories/freebird | source : help@fluidattacks.com
https://teedy.io | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : puiterwijk.org

Vulnerability ID : CVE-2023-43090

First published on : 22-09-2023 06:15:09
Last modified on : 22-09-2023 13:24:08

Description :
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVE ID : CVE-2023-43090
Source : patrick@puiterwijk.org
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-43090 | source : patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2239087 | source : patrick@puiterwijk.org
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 | source : patrick@puiterwijk.org
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 | source : patrick@puiterwijk.org


Source : wordfence.com

Vulnerability ID : CVE-2023-4716

First published on : 22-09-2023 06:15:11
Last modified on : 25-09-2023 18:02:01

Description :
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4716
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1507 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1511 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1515 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php?rev=2955933#L1531 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2963256/media-library-assistant | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=cve | source : security@wordfence.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:davidlingren:media_library_assistant:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 3.10


Vulnerability ID : CVE-2023-4774

First published on : 22-09-2023 06:15:11
Last modified on : 25-09-2023 17:59:59

Description :
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4774
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/wp-piwik/tags/1.0.28/classes/WP_Piwik/Widget/OptOut.php#L28 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2969705/wp-piwik#file164 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4f041-4740-4ebb-afb3-10019ce571be?source=cve | source : security@wordfence.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:braekling:connect_matomo:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 1.0.28


Vulnerability ID : CVE-2023-5125

First published on : 23-09-2023 05:15:31
Last modified on : 25-09-2023 13:47:46

Description :
The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5125
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/formget-contact-form/trunk/index.php?rev=2145639#L504 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdd73289-f292-4903-951e-6a89049d39a7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:formget:contact_form_by_formget:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 5.5.5


Vulnerability ID : CVE-2023-5134

First published on : 23-09-2023 08:15:10
Last modified on : 25-09-2023 13:47:32

Description :
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.

CVE ID : CVE-2023-5134
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-user.php#L835 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=cve | source : security@wordfence.com

Vulnerability : CWE-200

Vulnerable product(s) : cpe:2.3:a:easyregistrationforms:easy_registration_forms:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 2.1.1


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-5142

First published on : 24-09-2023 22:15:10
Last modified on : 25-09-2023 01:35:47

Description :
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5142
Source : cna@vuldb.com
CVSS Score : 3.7

References :
https://github.com/CJCniubi666/H3C-ER/blob/main/README.md | source : cna@vuldb.com
https://github.com/yinsel/CVE-H3C-Report | source : cna@vuldb.com
https://vuldb.com/?ctiid.240238 | source : cna@vuldb.com
https://vuldb.com/?id.240238 | source : cna@vuldb.com

Vulnerability : CWE-22


Source : redhat.com

Vulnerability ID : CVE-2023-5156

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CVE ID : CVE-2023-5156
Source : secalert@redhat.com
CVSS Score : 3.7

References :
https://access.redhat.com/security/cve/CVE-2023-5156 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2240541 | source : secalert@redhat.com
https://sourceware.org/bugzilla/show_bug.cgi?id=30884 | source : secalert@redhat.com
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 | source : secalert@redhat.com


(42) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43760

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43760
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43761

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43761
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43762

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.

CVE ID : CVE-2023-43762
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43763

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.

CVE ID : CVE-2023-43763
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn | source : cve@mitre.org


Vulnerability ID : CVE-2023-43764

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux.

CVE ID : CVE-2023-43764
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43765

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43765
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43766

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43766
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43767

First published on : 22-09-2023 05:15:09
Last modified on : 22-09-2023 10:59:53

Description :
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CVE ID : CVE-2023-43767
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43770

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 14:15:46

Description :
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

CVE ID : CVE-2023-43770
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html | source : cve@mitre.org
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released | source : cve@mitre.org


Vulnerability ID : CVE-2023-43782

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.

CVE ID : CVE-2023-43782
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1213983 | source : cve@mitre.org
https://github.com/falkTX/Cadence | source : cve@mitre.org


Vulnerability ID : CVE-2023-43784

First published on : 22-09-2023 06:15:10
Last modified on : 22-09-2023 13:24:08

Description :
** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.

CVE ID : CVE-2023-43784
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html | source : cve@mitre.org
https://talk.plesk.com/threads/why-in-plesk-firehouse-aws-keys-are-public.369925/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38346

First published on : 22-09-2023 19:15:09
Last modified on : 23-09-2023 03:46:18

Description :
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.

CVE ID : CVE-2023-38346
Source : cve@mitre.org
CVSS Score : /

References :
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346 | source : cve@mitre.org
https://support2.windriver.com/index.php?page=security-notices | source : cve@mitre.org
https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43129

First published on : 22-09-2023 23:15:09
Last modified on : 23-09-2023 03:46:18

Description :
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.

CVE ID : CVE-2023-43129
Source : cve@mitre.org
CVSS Score : /

References :
http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806 | source : cve@mitre.org
https://github.com/mmmmmx1/dlink/blob/main/DIR-806/2/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43130

First published on : 22-09-2023 23:15:10
Last modified on : 23-09-2023 03:46:18

Description :
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.

CVE ID : CVE-2023-43130
Source : cve@mitre.org
CVSS Score : /

References :
http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806 | source : cve@mitre.org
https://github.com/mmmmmx1/dlink/tree/main/DIR-806/3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43338

First published on : 23-09-2023 00:15:20
Last modified on : 23-09-2023 03:46:18

Description :
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

CVE ID : CVE-2023-43338
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cesanta/mjs/issues/250 | source : cve@mitre.org


Vulnerability ID : CVE-2015-6964

First published on : 25-09-2023 05:15:10
Last modified on : 25-09-2023 13:03:52

Description :
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).

CVE ID : CVE-2015-6964
Source : cve@mitre.org
CVSS Score : /

References :
https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43131

First published on : 25-09-2023 15:15:10
Last modified on : 25-09-2023 16:16:30

Description :
General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.

CVE ID : CVE-2023-43131
Source : cve@mitre.org
CVSS Score : /

References :
https://www.exploit-db.com/exploits/51641 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43141

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

CVE ID : CVE-2023-43141
Source : cve@mitre.org
CVSS Score : /

References :
http://totolink.com | source : cve@mitre.org
https://github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43339

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

CVE ID : CVE-2023-43339
Source : cve@mitre.org
CVSS Score : /

References :
http://www.cmsmadesimple.org/ | source : cve@mitre.org
https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md | source : cve@mitre.org
https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43382

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

CVE ID : CVE-2023-43382
Source : cve@mitre.org
CVSS Score : /

References :
https://aecous.github.io/2023/09/17/Text/?password=Aecous | source : cve@mitre.org
https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7 | source : cve@mitre.org
https://gitee.com/iteachyou/dreamer_cms/issues/I821AI | source : cve@mitre.org


Vulnerability ID : CVE-2023-39640

First published on : 25-09-2023 19:15:09
Last modified on : 25-09-2023 19:15:09

Description :
UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().

CVE ID : CVE-2023-39640
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/09/21/cookiebanner.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43319

First published on : 25-09-2023 19:15:10
Last modified on : 25-09-2023 19:15:10

Description :
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

CVE ID : CVE-2023-43319
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-43319-c2ad758ac2bc | source : cve@mitre.org


Vulnerability ID : CVE-2023-43458

First published on : 25-09-2023 20:15:11
Last modified on : 25-09-2023 20:15:11

Description :
Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.

CVE ID : CVE-2023-43458
Source : cve@mitre.org
CVSS Score : /

References :
https://samh4cks.github.io/posts/cve-2023-43458/ | source : cve@mitre.org
https://www.sourcecodester.com/php/16447/resort-reservation-system-php-and-sqlite3-source-code-free-download.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-42426

First published on : 25-09-2023 21:15:15
Last modified on : 25-09-2023 21:15:15

Description :
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

CVE ID : CVE-2023-42426
Source : cve@mitre.org
CVSS Score : /

References :
http://froala.com | source : cve@mitre.org
https://github.com/b0marek/CVE-2023-42426 | source : cve@mitre.org
https://www.youtube.com/watch?v=Me33Dx1_XqQ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43132

First published on : 25-09-2023 21:15:16
Last modified on : 25-09-2023 21:15:16

Description :
szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.

CVE ID : CVE-2023-43132
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/8FishMan/a37417d1fd97046fb00eb11a257008a7 | source : cve@mitre.org
https://gist.github.com/8FishMan/d42032b1cdcf401a9c27532aa72ccb37 | source : cve@mitre.org
https://github.com/szvone/vmqphp | source : cve@mitre.org


Vulnerability ID : CVE-2023-43457

First published on : 25-09-2023 21:15:16
Last modified on : 25-09-2023 21:15:16

Description :
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

CVE ID : CVE-2023-43457
Source : cve@mitre.org
CVSS Score : /

References :
https://samh4cks.github.io/posts/cve-2023-43457/ | source : cve@mitre.org
https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html | source : cve@mitre.org
https://www.sourcecodester.com/users/tips23 | source : cve@mitre.org


Source : xen.org

Vulnerability ID : CVE-2023-34319

First published on : 22-09-2023 14:15:45
Last modified on : 22-09-2023 16:38:32

Description :
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.

CVE ID : CVE-2023-34319
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-438.html | source : security@xen.org


Source : huawei.com

Vulnerability ID : CVE-2023-41295

First published on : 25-09-2023 12:15:10
Last modified on : 25-09-2023 13:03:52

Description :
Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

CVE ID : CVE-2023-41295
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com


Vulnerability ID : CVE-2022-48605

First published on : 25-09-2023 13:15:10
Last modified on : 25-09-2023 13:43:44

Description :
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE ID : CVE-2022-48605
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/9/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158 | source : psirt@huawei.com

Vulnerability : CWE-20


Source : wpscan.com

Vulnerability ID : CVE-2023-3226

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE ID : CVE-2023-3226
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3547

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

CVE ID : CVE-2023-3547
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78 | source : contact@wpscan.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-3664

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.

CVE ID : CVE-2023-3664
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f | source : contact@wpscan.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-4148

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE ID : CVE-2023-4148
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/aa39de78-55b3-4237-84db-6fdf6820c58d | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4238

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.

CVE ID : CVE-2023-4238
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638f | source : contact@wpscan.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4281

First published on : 25-09-2023 16:15:14
Last modified on : 25-09-2023 16:16:30

Description :
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

CVE ID : CVE-2023-4281
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49 | source : contact@wpscan.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2023-4300

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

CVE ID : CVE-2023-4300
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42 | source : contact@wpscan.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-4476

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE ID : CVE-2023-4476
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3ca22b22-fe89-42be-94ec-b164838bcf50 | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4490

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

CVE ID : CVE-2023-4490
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d | source : contact@wpscan.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4502

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.

CVE ID : CVE-2023-4502
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e4804850-2ac2-4cec-bc27-07ed191d96da | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4521

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.

CVE ID : CVE-2023-4521
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481 | source : contact@wpscan.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-4549

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

CVE ID : CVE-2023-4549
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4631

First published on : 25-09-2023 16:15:15
Last modified on : 25-09-2023 16:16:30

Description :
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.

CVE ID : CVE-2023-4631
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/28613fc7-1400-4553-bcc3-24df1cee418e | source : contact@wpscan.com

Vulnerability : CWE-290


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.