Latest vulnerabilities of Saturday, November 11, 2023

Latest vulnerabilities of Saturday, November 11, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/11/2023 at 11:57:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-43057

First published on : 11-11-2023 16:15:31
Last modified on : 11-11-2023 16:15:31

Description :
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

CVE ID : CVE-2023-43057
Source : psirt@us.ibm.com
CVSS Score : 4.6

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267484 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7070736 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-5959

First published on : 11-11-2023 09:15:26
Last modified on : 11-11-2023 09:15:26

Description :
A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5959
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/Changboqian/cve/blob/main/reset_password_improperly.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.244992 | source : cna@vuldb.com
https://vuldb.com/?id.244992 | source : cna@vuldb.com

Vulnerability : CWE-640


(0) LOW VULNERABILITIES [0.1, 3.9]

(3) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : openvpn.net

Vulnerability ID : CVE-2023-46849

First published on : 11-11-2023 01:15:07
Last modified on : 11-11-2023 01:15:07

Description :
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

CVE ID : CVE-2023-46849
Source : security@openvpn.net
CVSS Score : /

References :
https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 | source : security@openvpn.net
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ | source : security@openvpn.net

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-46850

First published on : 11-11-2023 01:15:07
Last modified on : 11-11-2023 01:15:07

Description :
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

CVE ID : CVE-2023-46850
Source : security@openvpn.net
CVSS Score : /

References :
https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 | source : security@openvpn.net
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ | source : security@openvpn.net

Vulnerability : CWE-416


Source : mitre.org

Vulnerability ID : CVE-2023-47390

First published on : 11-11-2023 18:15:14
Last modified on : 11-11-2023 18:15:14

Description :
Headscale through 0.22.3 writes bearer tokens to info-level logs.

CVE ID : CVE-2023-47390
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/juanfont/headscale/issues/1259 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.