Latest vulnerabilities of Sunday, October 22, 2023

Latest vulnerabilities of Sunday, October 22, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/22/2023 at 11:58:02 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(1) HIGH VULNERABILITIES [7.0, 8.9]

Source : mitre.org

Vulnerability ID : CVE-2023-46306

First published on : 22-10-2023 21:15:07
Last modified on : 22-10-2023 21:15:07

Description :
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.

CVE ID : CVE-2023-46306
Source : cve@mitre.org
CVSS Score : 8.4

References :
https://pentest.blog/advisory-netmodule-router-software-race-condition-leads-to-remote-code-execution/ | source : cve@mitre.org
https://share.netmodule.com/public/system-software/4.6/4.6.0.106/NRSW-RN-4.6.0.106.pdf | source : cve@mitre.org
https://share.netmodule.com/public/system-software/4.8/4.8.0.101/NRSW-RN-4.8.0.101.pdf | source : cve@mitre.org


(3) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-38275

First published on : 22-10-2023 01:15:08
Last modified on : 22-10-2023 01:15:08

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.

CVE ID : CVE-2023-38275
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-38276

First published on : 22-10-2023 02:15:07
Last modified on : 22-10-2023 02:15:07

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.

CVE ID : CVE-2023-38276
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260736 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-38735

First published on : 22-10-2023 02:15:07
Last modified on : 22-10-2023 02:15:07

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.

CVE ID : CVE-2023-38735
Source : psirt@us.ibm.com
CVSS Score : 5.7

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/262482 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-287


(0) LOW VULNERABILITIES [0.1, 3.9]

(6) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-46298

First published on : 22-10-2023 03:15:07
Last modified on : 22-10-2023 03:15:07

Description :
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

CVE ID : CVE-2023-46298
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 | source : cve@mitre.org
https://github.com/vercel/next.js/issues/45301 | source : cve@mitre.org
https://github.com/vercel/next.js/pull/54732 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46300

First published on : 22-10-2023 04:15:09
Last modified on : 22-10-2023 04:15:09

Description :
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.

CVE ID : CVE-2023-46300
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | source : cve@mitre.org
https://iterm2.com/news.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46301

First published on : 22-10-2023 04:15:09
Last modified on : 22-10-2023 04:15:09

Description :
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.

CVE ID : CVE-2023-46301
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | source : cve@mitre.org
https://iterm2.com/news.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46303

First published on : 22-10-2023 18:15:08
Last modified on : 22-10-2023 18:15:08

Description :
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

CVE ID : CVE-2023-46303
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0x1717/ssrf-via-img | source : cve@mitre.org
https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46897

First published on : 22-10-2023 19:15:08
Last modified on : 22-10-2023 19:15:08

Description :
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

CVE ID : CVE-2021-46897
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3 | source : cve@mitre.org
https://github.com/coderedcorp/coderedcms/issues/448 | source : cve@mitre.org
https://github.com/coderedcorp/coderedcms/pull/450 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46898

First published on : 22-10-2023 19:15:08
Last modified on : 22-10-2023 19:15:08

Description :
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

CVE ID : CVE-2021-46898
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2 | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/issues/975 | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/pull/976 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.