Latest vulnerabilities of Sunday, November 5, 2023

Latest vulnerabilities of Sunday, November 5, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/05/2023 at 11:57:02 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(1) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2018-25092

First published on : 05-11-2023 21:15:09
Last modified on : 05-11-2023 21:15:09

Description :
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.

CVE ID : CVE-2018-25092
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69 | source : cna@vuldb.com
https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.244483 | source : cna@vuldb.com
https://vuldb.com/?id.244483 | source : cna@vuldb.com

Vulnerability : CWE-284


(1) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2017-20187

First published on : 05-11-2023 21:15:09
Last modified on : 05-11-2023 21:15:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2017-20187
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604 | source : cna@vuldb.com
https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.244482 | source : cna@vuldb.com
https://vuldb.com/?id.244482 | source : cna@vuldb.com

Vulnerability : CWE-74


(6) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-46964

First published on : 05-11-2023 00:15:08
Last modified on : 05-11-2023 00:15:08

Description :
Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.

CVE ID : CVE-2023-46964
Source : cve@mitre.org
CVSS Score : /

References :
https://foremost-smash-52a.notion.site/Hillstone-Next-Generation-FireWall-XSS-CVE-2023-46964-6cf1fe91e7ed4795adb1d89d75030d16 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46981

First published on : 05-11-2023 00:15:08
Last modified on : 05-11-2023 00:15:08

Description :
SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.

CVE ID : CVE-2023-46981
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/JunFengDeng/Cve-List/blob/main/novel-plus/20231027/vuln/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47249

First published on : 05-11-2023 00:15:08
Last modified on : 05-11-2023 00:15:08

Description :
In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.

CVE ID : CVE-2023-47249
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47258

First published on : 05-11-2023 04:15:10
Last modified on : 05-11-2023 04:15:10

Description :
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

CVE ID : CVE-2023-47258
Source : cve@mitre.org
CVSS Score : /

References :
https://www.redmine.org/projects/redmine/wiki/Security_Advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-47259

First published on : 05-11-2023 04:15:10
Last modified on : 05-11-2023 04:15:10

Description :
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

CVE ID : CVE-2023-47259
Source : cve@mitre.org
CVSS Score : /

References :
https://www.redmine.org/projects/redmine/wiki/Security_Advisories | source : cve@mitre.org


Vulnerability ID : CVE-2023-47260

First published on : 05-11-2023 04:15:10
Last modified on : 05-11-2023 04:15:10

Description :
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

CVE ID : CVE-2023-47260
Source : cve@mitre.org
CVSS Score : /

References :
https://www.redmine.org/projects/redmine/wiki/Security_Advisories | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.