Latest vulnerabilities of Saturday, October 7, 2023

Latest vulnerabilities of Saturday, October 7, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/07/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(1) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : ubuntu.com

Vulnerability ID : CVE-2023-5182

First published on : 07-10-2023 00:15:11
Last modified on : 07-10-2023 00:15:11

Description :
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.

CVE ID : CVE-2023-5182
Source : security@ubuntu.com
CVSS Score : 5.5

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182 | source : security@ubuntu.com
https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c | source : security@ubuntu.com

Vulnerability : CWE-532


(0) LOW VULNERABILITIES [0.1, 3.9]

(3) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-36123

First published on : 07-10-2023 00:15:11
Last modified on : 07-10-2023 00:15:11

Description :
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.

CVE ID : CVE-2023-36123
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/9Bakabaka/d4559b081ce0577dbf415917afc0efb5 | source : cve@mitre.org
https://github.com/9Bakabaka/CVE-2023-36123 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43615

First published on : 07-10-2023 01:15:10
Last modified on : 07-10-2023 01:15:10

Description :
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

CVE ID : CVE-2023-43615
Source : cve@mitre.org
CVSS Score : /

References :
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45199

First published on : 07-10-2023 01:15:10
Last modified on : 07-10-2023 01:15:10

Description :
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVE ID : CVE-2023-45199
Source : cve@mitre.org
CVSS Score : /

References :
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.