Latest vulnerabilities of Thursday, October 12, 2023

Latest vulnerabilities of Thursday, October 12, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/12/2023 at 11:58:02 PM

(9) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-5045

First published on : 12-10-2023 12:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.

CVE ID : CVE-2023-5045
Source : cve@usom.gov.tr
CVSS Score : 10.0

References :
https://www.usom.gov.tr/bildirim/tr-23-0580 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5046

First published on : 12-10-2023 12:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.

CVE ID : CVE-2023-5046
Source : cve@usom.gov.tr
CVSS Score : 10.0

References :
https://www.usom.gov.tr/bildirim/tr-23-0581 | source : cve@usom.gov.tr

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-45138

First published on : 12-10-2023 17:15:09
Last modified on : 12-10-2023 19:42:47

Description :
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It's possible to workaround the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit.

CVE ID : CVE-2023-45138
Source : security-advisories@github.com
CVSS Score : 10.0

References :
https://github.com/xwiki-contrib/application-changerequest/commit/7565e720117f73102f5a276239eabfe85e15cff4 | source : security-advisories@github.com
https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-f776-w9v2-7vfj | source : security-advisories@github.com
https://jira.xwiki.org/browse/CRAPP-298 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45133

First published on : 12-10-2023 17:15:09
Last modified on : 12-10-2023 19:42:47

Description :
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.

CVE ID : CVE-2023-45133
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 | source : security-advisories@github.com
https://github.com/babel/babel/pull/16033 | source : security-advisories@github.com
https://github.com/babel/babel/releases/tag/v7.23.2 | source : security-advisories@github.com
https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4 | source : security-advisories@github.com
https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 | source : security-advisories@github.com

Vulnerability : CWE-184


Source : zabbix.com

Vulnerability ID : CVE-2023-29453

First published on : 12-10-2023 06:15:13
Last modified on : 12-10-2023 12:59:34

Description :
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.

CVE ID : CVE-2023-29453
Source : security@zabbix.com
CVSS Score : 9.8

References :
https://support.zabbix.com/browse/ZBX-23388 | source : security@zabbix.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-32722

First published on : 12-10-2023 07:15:10
Last modified on : 12-10-2023 12:59:34

Description :
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

CVE ID : CVE-2023-32722
Source : security@zabbix.com
CVSS Score : 9.6

References :
https://support.zabbix.com/browse/ZBX-23390 | source : security@zabbix.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-32724

First published on : 12-10-2023 07:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

CVE ID : CVE-2023-32724
Source : security@zabbix.com
CVSS Score : 9.1

References :
https://support.zabbix.com/browse/ZBX-23391 | source : security@zabbix.com

Vulnerability : CWE-732


Source : patchstack.com

Vulnerability ID : CVE-2023-23737

First published on : 12-10-2023 12:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.

CVE ID : CVE-2023-23737
Source : audit@patchstack.com
CVSS Score : 9.3

References :
https://patchstack.com/database/vulnerability/mainwp-broken-links-checker-extension/wordpress-mainwp-broken-links-checker-extension-plugin-4-0-unauthenticated-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Source : cisco.com

Vulnerability ID : CVE-2023-27395

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 18:15:09

Description :
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE ID : CVE-2023-27395
Source : talos-cna@cisco.com
CVSS Score : 9.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-122


(15) HIGH VULNERABILITIES [7.0, 8.9]

Source : zabbix.com

Vulnerability ID : CVE-2023-32723

First published on : 12-10-2023 07:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Request to LDAP is sent before user permissions are checked.

CVE ID : CVE-2023-32723
Source : security@zabbix.com
CVSS Score : 8.5

References :
https://support.zabbix.com/browse/ZBX-23230 | source : security@zabbix.com

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-32721

First published on : 12-10-2023 07:15:09
Last modified on : 12-10-2023 12:59:34

Description :
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

CVE ID : CVE-2023-32721
Source : security@zabbix.com
CVSS Score : 7.6

References :
https://support.zabbix.com/browse/ZBX-23389 | source : security@zabbix.com

Vulnerability : CWE-20


Source : patchstack.com

Vulnerability ID : CVE-2023-23651

First published on : 12-10-2023 12:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions.

CVE ID : CVE-2023-23651
Source : audit@patchstack.com
CVSS Score : 8.5

References :
https://patchstack.com/database/vulnerability/mainwp-google-analytics-extension/wordpress-mainwp-google-analytics-extension-plugin-4-0-4-subscriber-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45047

First published on : 12-10-2023 09:15:15
Last modified on : 12-10-2023 12:59:34

Description :
Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.

CVE ID : CVE-2023-45047
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-request-forgery-csrf-leading-to-form-deactivation-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : netapp.com

Vulnerability ID : CVE-2023-27313

First published on : 12-10-2023 19:15:11
Last modified on : 12-10-2023 19:42:47

Description :
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.

CVE ID : CVE-2023-27313
Source : security-alert@netapp.com
CVSS Score : 8.3

References :
https://security.netapp.com/advisory/ntap-20230713-0002/ | source : security-alert@netapp.com

Vulnerability : CWE-250


Vulnerability ID : CVE-2023-27314

First published on : 12-10-2023 19:15:11
Last modified on : 12-10-2023 19:42:47

Description :
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

CVE ID : CVE-2023-27314
Source : security-alert@netapp.com
CVSS Score : 7.5

References :
https://security.netapp.com/advisory/ntap-20231009-0001/ | source : security-alert@netapp.com

Vulnerability : CWE-400


Source : liggitt.net

Vulnerability ID : CVE-2023-1943

First published on : 12-10-2023 00:15:10
Last modified on : 12-10-2023 12:59:34

Description :
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

CVE ID : CVE-2023-1943
Source : jordan@liggitt.net
CVSS Score : 8.0

References :
https://github.com/kubernetes/kops/issues/15539 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/yrCE1x89oaU | source : jordan@liggitt.net

Vulnerability : CWE-250


Source : cisco.com

Vulnerability ID : CVE-2023-32634

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 16:52:07

Description :
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

CVE ID : CVE-2023-32634
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-300


Vulnerability ID : CVE-2023-22308

First published on : 12-10-2023 16:15:09
Last modified on : 12-10-2023 16:52:07

Description :
An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

CVE ID : CVE-2023-22308
Source : talos-cna@cisco.com
CVSS Score : 7.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737 | source : talos-cna@cisco.com

Vulnerability : CWE-191


Vulnerability ID : CVE-2023-23581

First published on : 12-10-2023 16:15:10
Last modified on : 12-10-2023 16:52:07

Description :
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.

CVE ID : CVE-2023-23581
Source : talos-cna@cisco.com
CVSS Score : 7.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741 | source : talos-cna@cisco.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-25774

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 16:52:07

Description :
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVE ID : CVE-2023-25774
Source : talos-cna@cisco.com
CVSS Score : 7.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743 | source : talos-cna@cisco.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-27516

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 16:52:07

Description :
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-27516
Source : talos-cna@cisco.com
CVSS Score : 7.3

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-453


Source : github.com

Vulnerability ID : CVE-2023-45142

First published on : 12-10-2023 17:15:09
Last modified on : 12-10-2023 19:42:47

Description :
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.

CVE ID : CVE-2023-45142
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/advisories/GHSA-cg3q-j54f-5p7p | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223 | source : security-advisories@github.com
https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159 | source : security-advisories@github.com

Vulnerability : CWE-770


Source : google.com

Vulnerability ID : CVE-2023-5072

First published on : 12-10-2023 17:15:10
Last modified on : 12-10-2023 20:15:12

Description :
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CVE ID : CVE-2023-5072
Source : cve-coordination@google.com
CVSS Score : 7.5

References :
https://github.com/stleary/JSON-java/issues/758 | source : cve-coordination@google.com
https://github.com/stleary/JSON-java/issues/771 | source : cve-coordination@google.com

Vulnerability : CWE-770


Source : huntr.dev

Vulnerability ID : CVE-2023-5555

First published on : 12-10-2023 11:15:23
Last modified on : 12-10-2023 12:59:34

Description :
Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.

CVE ID : CVE-2023-5555
Source : security@huntr.dev
CVSS Score : 7.1

References :
https://github.com/frappe/lms/commit/5614a6203fb7d438be8e2b1e3030e4528d170ec4 | source : security@huntr.dev
https://huntr.dev/bounties/f6d688ee-b049-4f85-ac3e-f4d3e29e7b9f | source : security@huntr.dev

Vulnerability : CWE-79


(23) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : netapp.com

Vulnerability ID : CVE-2023-27315

First published on : 12-10-2023 14:15:10
Last modified on : 12-10-2023 16:08:32

Description :
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials

CVE ID : CVE-2023-27315
Source : security-alert@netapp.com
CVSS Score : 6.5

References :
https://security.netapp.com/advisory/ntap-20231009-0002/ | source : security-alert@netapp.com

Vulnerability : CWE-256


Vulnerability ID : CVE-2023-27312

First published on : 12-10-2023 19:15:11
Last modified on : 12-10-2023 19:42:47

Description :
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.

CVE ID : CVE-2023-27312
Source : security-alert@netapp.com
CVSS Score : 5.4

References :
https://security.netapp.com/advisory/ntap-20230713-0001/ | source : security-alert@netapp.com

Vulnerability : CWE-250


Source : wordfence.com

Vulnerability ID : CVE-2023-5470

First published on : 12-10-2023 07:15:11
Last modified on : 12-10-2023 12:59:34

Description :
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5470
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/etsy-shop/tags/3.0.4/etsy-shop.php#L417 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/etsy-shop/tags/3.0.4/etsy-shop.php#L94 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2977260/etsy-shop#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4696f7a-8b87-4376-b4c9-596eca30b38c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5531

First published on : 12-10-2023 06:15:14
Last modified on : 12-10-2023 12:59:34

Description :
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5531
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/055b7ed5-268a-485e-ac7d-8082dc9fb2ad?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Source : knime.com

Vulnerability ID : CVE-2023-5562

First published on : 12-10-2023 20:15:12
Last modified on : 12-10-2023 20:15:12

Description :
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently. KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks. KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.

CVE ID : CVE-2023-5562
Source : security@knime.com
CVSS Score : 6.1

References :
https://www.knime.com/security/advisories#CVE-2023-5562 | source : security@knime.com

Vulnerability : CWE-79


Source : cisco.com

Vulnerability ID : CVE-2023-22325

First published on : 12-10-2023 16:15:10
Last modified on : 12-10-2023 16:52:07

Description :
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE ID : CVE-2023-22325
Source : talos-cna@cisco.com
CVSS Score : 5.9

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-835


Vulnerability ID : CVE-2023-32275

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 16:52:07

Description :
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

CVE ID : CVE-2023-32275
Source : talos-cna@cisco.com
CVSS Score : 5.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-201


Vulnerability ID : CVE-2023-31192

First published on : 12-10-2023 16:15:11
Last modified on : 12-10-2023 16:52:07

Description :
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE ID : CVE-2023-31192
Source : talos-cna@cisco.com
CVSS Score : 5.3

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768 | source : talos-cna@cisco.com
https://www.softether.org/9-about/News/904-SEVPN202301 | source : talos-cna@cisco.com

Vulnerability : CWE-457


Source : redhat.com

Vulnerability ID : CVE-2023-43789

First published on : 12-10-2023 12:15:10
Last modified on : 12-10-2023 12:59:34

Description :
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

CVE ID : CVE-2023-43789
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-43789 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2242249 | source : secalert@redhat.com


Source : patchstack.com

Vulnerability ID : CVE-2023-45048

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.

CVE ID : CVE-2023-45048
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/social-testimonials-and-reviews-widget/wordpress-social-proof-testimonials-and-reviews-by-repuso-plugin-4-97-cross-site-request-forgery-csrf?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45060

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

CVE ID : CVE-2023-45060
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45068

First published on : 12-10-2023 13:15:11
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.

CVE ID : CVE-2023-45068
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45102

First published on : 12-10-2023 15:15:47
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.

CVE ID : CVE-2023-45102
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/blog-manager-light/wordpress-blog-manager-light-plugin-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-44998

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.

CVE ID : CVE-2023-44998
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-category-meta/wordpress-category-meta-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45011

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

CVE ID : CVE-2023-45011
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-power-stats/wordpress-wp-power-stats-plugin-2-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45052

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.

CVE ID : CVE-2023-45052
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/api-bing-map-2018/wordpress-wp-bing-map-pro-plugin-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45058

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.

CVE ID : CVE-2023-45058
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/shorten-url/wordpress-short-url-plugin-1-6-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45063

First published on : 12-10-2023 13:15:10
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

CVE ID : CVE-2023-45063
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/ai-content-writing-assistant/wordpress-ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-32124

First published on : 12-10-2023 15:15:46
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.

CVE ID : CVE-2023-32124
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/publish-confirm-message/wordpress-publish-confirm-message-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-41131

First published on : 12-10-2023 15:15:46
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions.

CVE ID : CVE-2023-41131
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/spotify-play-button-for-wordpress/wordpress-sp-tify-play-button-for-wordpress-plugin-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45103

First published on : 12-10-2023 15:15:47
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

CVE ID : CVE-2023-45103
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45106

First published on : 12-10-2023 15:15:47
Last modified on : 12-10-2023 16:08:32

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.

CVE ID : CVE-2023-45106
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/urvanov-syntax-highlighter/wordpress-urvanov-syntax-highlighter-plugin-2-8-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : huntr.dev

Vulnerability ID : CVE-2023-5556

First published on : 12-10-2023 11:15:23
Last modified on : 12-10-2023 12:59:34

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.

CVE ID : CVE-2023-5556
Source : security@huntr.dev
CVSS Score : 5.3

References :
https://github.com/structurizr/onpremises/commit/6cff4f792b010dfb1ff6a0b4ae1c6e398f8f8a18 | source : security@huntr.dev
https://huntr.dev/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b | source : security@huntr.dev

Vulnerability : CWE-79


(1) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-45143

First published on : 12-10-2023 17:15:10
Last modified on : 12-10-2023 19:42:47

Description :
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.

CVE ID : CVE-2023-45143
Source : security-advisories@github.com
CVSS Score : 3.9

References :
https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 | source : security-advisories@github.com
https://github.com/nodejs/undici/releases/tag/v5.26.2 | source : security-advisories@github.com
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp | source : security-advisories@github.com
https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g | source : security-advisories@github.com
https://hackerone.com/reports/2166948 | source : security-advisories@github.com

Vulnerability : CWE-200


(12) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-42298

First published on : 12-10-2023 04:15:13
Last modified on : 12-10-2023 12:59:34

Description :
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

CVE ID : CVE-2023-42298
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2567 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40829

First published on : 12-10-2023 05:15:46
Last modified on : 12-10-2023 12:59:34

Description :
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.

CVE ID : CVE-2023-40829
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/wwwziziyu/85bdf8d56b415974c4827a5668f493e9 | source : cve@mitre.org


Vulnerability ID : CVE-2023-44793

First published on : 12-10-2023 05:15:46
Last modified on : 12-10-2023 05:15:46

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-44793
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-40833

First published on : 12-10-2023 06:15:14
Last modified on : 12-10-2023 12:59:34

Description :
An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.

CVE ID : CVE-2023-40833
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Sholway/93f05987dbf35c15c26de32b1e5590ec | source : cve@mitre.org


Vulnerability ID : CVE-2023-43147

First published on : 12-10-2023 16:15:12
Last modified on : 12-10-2023 18:15:10

Description :
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.

CVE ID : CVE-2023-43147
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MinoTauro2020/CVE-2023-43147/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-37637

First published on : 12-10-2023 18:15:10
Last modified on : 12-10-2023 18:15:10

Description :
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-38817. Reason: This record is a reservation duplicate of CVE-2023-38817. Notes: All CVE users should reference CVE-2023-38817 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-37637
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-43149

First published on : 12-10-2023 18:15:10
Last modified on : 12-10-2023 19:42:47

Description :
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.

CVE ID : CVE-2023-43149
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MinoTauro2020/CVE-2023-43149 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43148

First published on : 12-10-2023 19:15:12
Last modified on : 12-10-2023 19:42:47

Description :
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.

CVE ID : CVE-2023-43148
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MinoTauro2020/CVE-2023-43148 | source : cve@mitre.org


Vulnerability ID : CVE-2023-23632

First published on : 12-10-2023 20:15:12
Last modified on : 12-10-2023 20:15:12

Description :
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.

CVE ID : CVE-2023-23632
Source : cve@mitre.org
CVSS Score : /

References :
https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-45510

First published on : 12-10-2023 21:15:11
Last modified on : 12-10-2023 21:15:11

Description :
tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

CVE ID : CVE-2023-45510
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/justdan96/tsMuxer | source : cve@mitre.org
https://github.com/justdan96/tsMuxer/issues/778 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45511

First published on : 12-10-2023 21:15:11
Last modified on : 12-10-2023 21:15:11

Description :
A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

CVE ID : CVE-2023-45511
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/justdan96/tsMuxer | source : cve@mitre.org
https://github.com/justdan96/tsMuxer/issues/780 | source : cve@mitre.org


Source : linecorp.com

Vulnerability ID : CVE-2023-5554

First published on : 12-10-2023 10:15:13
Last modified on : 12-10-2023 12:59:34

Description :
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.

CVE ID : CVE-2023-5554
Source : dl_cve@linecorp.com
CVSS Score : /

References :
https://hackerone.com/reports/2106827 | source : dl_cve@linecorp.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.