Latest vulnerabilities of Sunday, October 15, 2023

Latest vulnerabilities of Sunday, October 15, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/15/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-40378

First published on : 15-10-2023 02:15:09
Last modified on : 15-10-2023 02:15:09

Description :
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.

CVE ID : CVE-2023-40378
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263584 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7047240 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Source : huntr.dev

Vulnerability ID : CVE-2023-5586

First published on : 15-10-2023 01:15:09
Last modified on : 15-10-2023 01:15:09

Description :
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE ID : CVE-2023-5586
Source : security@huntr.dev
CVSS Score : 4.4

References :
https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc | source : security@huntr.dev
https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 | source : security@huntr.dev

Vulnerability : CWE-476


(1) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-5585

First published on : 15-10-2023 00:15:10
Last modified on : 15-10-2023 00:15:10

Description :
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5585
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://vuldb.com/?ctiid.242170 | source : cna@vuldb.com
https://vuldb.com/?id.242170 | source : cna@vuldb.com

Vulnerability : CWE-79


(3) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-45871

First published on : 15-10-2023 01:15:09
Last modified on : 15-10-2023 01:15:09

Description :
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

CVE ID : CVE-2023-45871
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3 | source : cve@mitre.org
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f | source : cve@mitre.org


Vulnerability ID : CVE-2018-25091

First published on : 15-10-2023 19:15:09
Last modified on : 15-10-2023 19:15:09

Description :
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

CVE ID : CVE-2018-25091
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc | source : cve@mitre.org
https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2 | source : cve@mitre.org
https://github.com/urllib3/urllib3/issues/1510 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38312

First published on : 15-10-2023 19:15:09
Last modified on : 15-10-2023 19:15:09

Description :
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.

CVE ID : CVE-2023-38312
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.