Latest vulnerabilities of Thursday, November 23, 2023

Latest vulnerabilities of Thursday, November 23, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/23/2023 at 11:57:13 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-3377

First published on : 23-11-2023 09:15:33
Last modified on : 23-11-2023 09:15:33

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3377
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://https://www.usom.gov.tr/bildirim/tr-23-0655 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-3631

First published on : 23-11-2023 10:15:07
Last modified on : 23-11-2023 10:15:07

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3631
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://https://www.usom.gov.tr/bildirim/tr-23-0656 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Source : hikvision.com

Vulnerability ID : CVE-2023-28812

First published on : 23-11-2023 09:15:32
Last modified on : 23-11-2023 09:15:32

Description :
There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.

CVE ID : CVE-2023-28812
Source : hsrc@hikvision.com
CVSS Score : 9.1

References :
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/ | source : hsrc@hikvision.com


Source : pandorafms.com

Vulnerability ID : CVE-2023-41807

First published on : 23-11-2023 15:15:09
Last modified on : 23-11-2023 15:15:09

Description :
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41807
Source : security@pandorafms.com
CVSS Score : 9.1

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-269


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : pandorafms.com

Vulnerability ID : CVE-2023-41808

First published on : 23-11-2023 15:15:09
Last modified on : 23-11-2023 15:15:09

Description :
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41808
Source : security@pandorafms.com
CVSS Score : 8.5

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-41791

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41791
Source : security@pandorafms.com
CVSS Score : 8.4

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41806

First published on : 23-11-2023 15:15:09
Last modified on : 23-11-2023 15:15:09

Description :
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41806
Source : security@pandorafms.com
CVSS Score : 8.2

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-41788

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41788
Source : security@pandorafms.com
CVSS Score : 7.6

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-41789

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41789
Source : security@pandorafms.com
CVSS Score : 7.6

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41790

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41790
Source : security@pandorafms.com
CVSS Score : 7.6

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-4677

First published on : 23-11-2023 15:15:10
Last modified on : 23-11-2023 15:15:10

Description :
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.

CVE ID : CVE-2023-4677
Source : security@pandorafms.com
CVSS Score : 7.0

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-287


Source : hikvision.com

Vulnerability ID : CVE-2023-28813

First published on : 23-11-2023 09:15:33
Last modified on : 23-11-2023 09:15:33

Description :
An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.

CVE ID : CVE-2023-28813
Source : hsrc@hikvision.com
CVSS Score : 8.1

References :
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/ | source : hsrc@hikvision.com


Vulnerability ID : CVE-2023-28811

First published on : 23-11-2023 07:15:43
Last modified on : 23-11-2023 07:15:43

Description :
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE ID : CVE-2023-28811
Source : hsrc@hikvision.com
CVSS Score : 7.4

References :
https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/ | source : hsrc@hikvision.com


Source : incibe.es

Vulnerability ID : CVE-2023-4595

First published on : 23-11-2023 13:15:12
Last modified on : 23-11-2023 13:15:12

Description :
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

CVE ID : CVE-2023-4595
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | source : cve-coordination@incibe.es

Vulnerability : CWE-538


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6118

First published on : 23-11-2023 15:15:10
Last modified on : 23-11-2023 15:15:10

Description :
: Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.

CVE ID : CVE-2023-6118
Source : iletisim@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0658 | source : iletisim@usom.gov.tr

Vulnerability : CWE-25


Source : emc.com

Vulnerability ID : CVE-2023-39253

First published on : 23-11-2023 07:15:45
Last modified on : 23-11-2023 07:15:45

Description :
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

CVE ID : CVE-2023-39253
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000217699/dsa-2023-336-security-update-for-a-dell-os-recovery-tool-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-43086

First published on : 23-11-2023 07:15:46
Last modified on : 23-11-2023 07:15:46

Description :
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

CVE ID : CVE-2023-43086
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000218424/dsa-2023-387-security-update-for-a-dell-command-configure-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-44289

First published on : 23-11-2023 07:15:46
Last modified on : 23-11-2023 07:15:46

Description :
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

CVE ID : CVE-2023-44289
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-44290

First published on : 23-11-2023 07:15:47
Last modified on : 23-11-2023 07:15:47

Description :
Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

CVE ID : CVE-2023-44290
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000218628/dsa-2023-390-security-update-for-dell-command-configure-and-dell-command-monitor-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-284


Source : patchstack.com

Vulnerability ID : CVE-2023-47790

First published on : 23-11-2023 00:15:08
Last modified on : 23-11-2023 00:15:08

Description :
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.

CVE ID : CVE-2023-47790
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/pz-linkcard/wordpress-pz-linkcard-plugin-2-4-8-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352
Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-5972

First published on : 23-11-2023 18:15:07
Last modified on : 23-11-2023 18:15:07

Description :
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

CVE ID : CVE-2023-5972
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-5972 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2248189 | source : secalert@redhat.com
https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7 | source : secalert@redhat.com
https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80 | source : secalert@redhat.com

Vulnerability : CWE-476


(18) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : pandorafms.com

Vulnerability ID : CVE-2023-41786

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.

CVE ID : CVE-2023-41786
Source : security@pandorafms.com
CVSS Score : 6.8

References :
https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-41787

First published on : 23-11-2023 15:15:08
Last modified on : 23-11-2023 15:15:08

Description :
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772.

CVE ID : CVE-2023-41787
Source : security@pandorafms.com
CVSS Score : 6.0

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-41792

First published on : 23-11-2023 15:15:09
Last modified on : 23-11-2023 15:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41792
Source : security@pandorafms.com
CVSS Score : 5.9

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-41812

First published on : 23-11-2023 15:15:10
Last modified on : 23-11-2023 15:15:10

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41812
Source : security@pandorafms.com
CVSS Score : 5.7

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-41811

First published on : 23-11-2023 15:15:10
Last modified on : 23-11-2023 15:15:10

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41811
Source : security@pandorafms.com
CVSS Score : 5.3

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41810

First published on : 23-11-2023 15:15:09
Last modified on : 23-11-2023 15:15:09

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773.

CVE ID : CVE-2023-41810
Source : security@pandorafms.com
CVSS Score : 4.0

References :
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | source : security@pandorafms.com

Vulnerability : CWE-79


Source : patchstack.com

Vulnerability ID : CVE-2023-40002

First published on : 23-11-2023 00:15:08
Last modified on : 23-11-2023 00:15:08

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions.

CVE ID : CVE-2023-40002
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-wordpress-option-disclosure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-47834

First published on : 23-11-2023 00:15:08
Last modified on : 23-11-2023 00:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions.

CVE ID : CVE-2023-47834
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47835

First published on : 23-11-2023 00:15:09
Last modified on : 23-11-2023 00:15:09

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz โ€“ WordPress Quizzes Builder plugin <= 1.2.32 versions.

CVE ID : CVE-2023-47835
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47839

First published on : 23-11-2023 00:15:09
Last modified on : 23-11-2023 00:15:09

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.

CVE ID : CVE-2023-47839
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ecommerce-product-catalog/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47833

First published on : 23-11-2023 00:15:08
Last modified on : 23-11-2023 00:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions.

CVE ID : CVE-2023-47833
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/theatre/wordpress-theater-for-wordpress-plugin-0-18-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47668

First published on : 23-11-2023 00:15:08
Last modified on : 23-11-2023 00:15:08

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin โ€“ Restrict Content plugin <= 3.2.7 versions.

CVE ID : CVE-2023-47668
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/restrict-content/wordpress-restrict-content-plugin-3-2-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-47244

First published on : 23-11-2023 21:15:07
Last modified on : 23-11-2023 21:15:07

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.

CVE ID : CVE-2023-47244
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/omnisend-connect/wordpress-email-marketing-for-woocommerce-by-omnisend-plugin-1-13-7-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-47529

First published on : 23-11-2023 21:15:07
Last modified on : 23-11-2023 21:15:07

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.

CVE ID : CVE-2023-47529
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/templates-patterns-collection/wordpress-cloud-templates-patterns-collection-plugin-1-2-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-23978

First published on : 23-11-2023 00:15:07
Last modified on : 23-11-2023 00:15:07

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.

CVE ID : CVE-2023-23978
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-client-reports/wordpress-wp-client-reports-plugin-1-0-16-subscriber-sensitive-data-exposure?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Source : incibe.es

Vulnerability ID : CVE-2023-4593

First published on : 23-11-2023 13:15:11
Last modified on : 23-11-2023 13:15:11

Description :
Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file.

CVE ID : CVE-2023-4593
Source : cve-coordination@incibe.es
CVSS Score : 6.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | source : cve-coordination@incibe.es

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-4594

First published on : 23-11-2023 13:15:12
Last modified on : 23-11-2023 13:15:12

Description :
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.

CVE ID : CVE-2023-4594
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : usom.gov.tr

Vulnerability ID : CVE-2023-4406

First published on : 23-11-2023 10:15:07
Last modified on : 23-11-2023 10:15:07

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4406
Source : iletisim@usom.gov.tr
CVSS Score : 6.1

References :
https://https://www.usom.gov.tr/bildirim/tr-23-0657 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


(0) LOW VULNERABILITIES [0.1, 3.9]

(17) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : hackerone.com

Vulnerability ID : CVE-2023-30581

First published on : 23-11-2023 00:15:07
Last modified on : 23-11-2023 00:15:07

Description :
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

CVE ID : CVE-2023-30581
Source : support@hackerone.com
CVSS Score : /

References :
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases | source : support@hackerone.com


Source : autodesk.com

Vulnerability ID : CVE-2023-29073

First published on : 23-11-2023 03:15:41
Last modified on : 23-11-2023 03:15:41

Description :
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-29073
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-29074

First published on : 23-11-2023 04:15:07
Last modified on : 23-11-2023 04:15:07

Description :
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-29074
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-29075

First published on : 23-11-2023 04:15:07
Last modified on : 23-11-2023 04:15:07

Description :
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-29075
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-29076

First published on : 23-11-2023 04:15:07
Last modified on : 23-11-2023 04:15:07

Description :
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE ID : CVE-2023-29076
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com


Vulnerability ID : CVE-2023-41139

First published on : 23-11-2023 04:15:07
Last modified on : 23-11-2023 04:15:07

Description :
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE ID : CVE-2023-41139
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com

Vulnerability : CWE-822


Vulnerability ID : CVE-2023-41140

First published on : 23-11-2023 04:15:07
Last modified on : 23-11-2023 04:15:07

Description :
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-41140
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | source : psirt@autodesk.com

Vulnerability : CWE-122


Source : apache.org

Vulnerability ID : CVE-2023-43123

First published on : 23-11-2023 10:15:07
Last modified on : 23-11-2023 15:15:10

Description :
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead. We recommend that all users upgrade to the latest version of Apache Storm.

CVE ID : CVE-2023-43123
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/23/1 | source : security@apache.org
https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l | source : security@apache.org

Vulnerability : CWE-200


Source : mitre.org

Vulnerability ID : CVE-2022-44010

First published on : 23-11-2023 16:15:07
Last modified on : 23-11-2023 16:15:07

Description :
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

CVE ID : CVE-2022-44010
Source : cve@mitre.org
CVSS Score : /

References :
https://clickhouse.com/docs/en/whats-new/security-changelog | source : cve@mitre.org


Vulnerability ID : CVE-2022-44011

First published on : 23-11-2023 16:15:07
Last modified on : 23-11-2023 16:15:07

Description :
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

CVE ID : CVE-2022-44011
Source : cve@mitre.org
CVSS Score : /

References :
https://clickhouse.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-33202

First published on : 23-11-2023 16:15:07
Last modified on : 23-11-2023 16:15:07

Description :
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

CVE ID : CVE-2023-33202
Source : cve@mitre.org
CVSS Score : /

References :
https://bouncycastle.org | source : cve@mitre.org
https://github.com/bcgit/bc-java/wiki/CVE-2023-33202 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49208

First published on : 23-11-2023 18:15:07
Last modified on : 23-11-2023 18:15:07

Description :
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.

CVE ID : CVE-2023-49208
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812 | source : cve@mitre.org
https://github.com/babelouest/glewlwyd/releases/tag/v2.7.6 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49210

First published on : 23-11-2023 20:15:07
Last modified on : 23-11-2023 20:15:07

Description :
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2023-49210
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e | source : cve@mitre.org
https://github.com/ossf/malicious-packages/tree/main/malicious/npm | source : cve@mitre.org
https://www.npmjs.com/package/openssl | source : cve@mitre.org


Vulnerability ID : CVE-2023-49213

First published on : 23-11-2023 22:15:07
Last modified on : 23-11-2023 22:15:07

Description :
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.

CVE ID : CVE-2023-49213
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.ironmansoftware.com/powershell-universal-apis-cve/ | source : cve@mitre.org
https://docs.powershelluniversal.com/changelogs/changelog | source : cve@mitre.org


Vulnerability ID : CVE-2023-49214

First published on : 23-11-2023 22:15:07
Last modified on : 23-11-2023 22:15:07

Description :
Usedesk before 1.7.57 allows chat template injection.

CVE ID : CVE-2023-49214
Source : cve@mitre.org
CVSS Score : /

References :
https://usedesk.ru/updates_september23 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49215

First published on : 23-11-2023 22:15:07
Last modified on : 23-11-2023 22:15:07

Description :
Usedesk before 1.7.57 allows filter reflected XSS.

CVE ID : CVE-2023-49215
Source : cve@mitre.org
CVSS Score : /

References :
https://usedesk.ru/updates_september23 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49216

First published on : 23-11-2023 22:15:07
Last modified on : 23-11-2023 22:15:07

Description :
Usedesk before 1.7.57 allows profile stored XSS.

CVE ID : CVE-2023-49216
Source : cve@mitre.org
CVSS Score : /

References :
https://usedesk.ru/updates_september23 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.