Latest vulnerabilities of Sunday, October 1, 2023

Latest vulnerabilities of Sunday, October 1, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/01/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(3) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : huntr.dev

Vulnerability ID : CVE-2023-5323

First published on : 01-10-2023 01:15:24
Last modified on : 01-10-2023 03:02:09

Description :
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.

CVE ID : CVE-2023-5323
Source : security@huntr.dev
CVSS Score : 5.4

References :
https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15 | source : security@huntr.dev
https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8 | source : security@huntr.dev

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-5322

First published on : 01-10-2023 05:15:09
Last modified on : 01-10-2023 05:15:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2023-5322
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000%E5%AD%98%E5%9C%A8sql%E6%B3%A8%E5%85%A5:sysmanage:edit_manageadmin.php.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240992 | source : cna@vuldb.com
https://vuldb.com/?id.240992 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5324

First published on : 01-10-2023 21:15:42
Last modified on : 01-10-2023 21:15:42

Description :
A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024.

CVE ID : CVE-2023-5324
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/nomis/eero-zero-length-ipv6-options-header-dos | source : cna@vuldb.com
https://vuldb.com/?ctiid.241024 | source : cna@vuldb.com
https://vuldb.com/?id.241024 | source : cna@vuldb.com

Vulnerability : CWE-404


(0) LOW VULNERABILITIES [0.1, 3.9]

(2) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43907

First published on : 01-10-2023 01:15:24
Last modified on : 01-10-2023 03:02:09

Description :
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.

CVE ID : CVE-2023-43907
Source : cve@mitre.org
CVSS Score : /

References :
http://optipng.sourceforge.net/ | source : cve@mitre.org
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md | source : cve@mitre.org
https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download= | source : cve@mitre.org


Source : arm.com

Vulnerability ID : CVE-2023-4211

First published on : 01-10-2023 18:15:09
Last modified on : 01-10-2023 18:15:09

Description :
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

CVE ID : CVE-2023-4211
Source : arm-security@arm.com
CVSS Score : /

References :
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities | source : arm-security@arm.com

Vulnerability : CWE-416


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.