Latest vulnerabilities of Thursday, October 19, 2023

Latest vulnerabilities of Thursday, October 19, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/19/2023 at 11:58:02 PM

(6) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2023-5204

First published on : 19-10-2023 06:15:08
Last modified on : 19-10-2023 12:59:29

Description :
The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-5204
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/chatbot/trunk/qcld-wpwbot-search.php?rev=2957286#L177 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ad12146-200b-48e5-82de-7572541edcc4?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5212

First published on : 19-10-2023 06:15:11
Last modified on : 19-10-2023 12:59:29

Description :
The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account.

CVE ID : CVE-2023-5212
Source : security@wordfence.com
CVSS Score : 9.6

References :
https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php?rev=2957286#L576 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve | source : security@wordfence.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-5241

First published on : 19-10-2023 06:15:11
Last modified on : 19-10-2023 12:59:29

Description :
The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

CVE ID : CVE-2023-5241
Source : security@wordfence.com
CVSS Score : 9.6

References :
https://plugins.trac.wordpress.org/browser/chatbot/trunk/includes/openai/qcld-bot-openai.php#L376 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993?source=cve | source : security@wordfence.com

Vulnerability : CWE-22


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-38584

First published on : 19-10-2023 20:15:09
Last modified on : 19-10-2023 20:15:09

Description :
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

CVE ID : CVE-2023-38584
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-43492

First published on : 19-10-2023 20:15:09
Last modified on : 19-10-2023 20:15:09

Description :
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

CVE ID : CVE-2023-43492
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-121


Source : ncsc.nl

Vulnerability ID : CVE-2022-26941

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

CVE ID : CVE-2022-26941
Source : cert@ncsc.nl
CVSS Score : 9.6

References :
https://tetraburst.com/ | source : cert@ncsc.nl


(30) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5336

First published on : 19-10-2023 02:15:07
Last modified on : 19-10-2023 12:59:35

Description :
The iPanorama 360 โ€“ WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-5336
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/ipanorama-360-virtual-tour-builder-lite/tags/1.8.0/includes/plugin.php#L439 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2980553/ipanorama-360-virtual-tour-builder-lite#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3566b602-c991-488f-9de2-57236c4735b5?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Source : ncsc.nl

Vulnerability ID : CVE-2022-24401

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.

CVE ID : CVE-2022-24401
Source : cert@ncsc.nl
CVSS Score : 8.8

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-24402

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.

CVE ID : CVE-2022-24402
Source : cert@ncsc.nl
CVSS Score : 8.8

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-26943

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.

CVE ID : CVE-2022-26943
Source : cert@ncsc.nl
CVSS Score : 8.8

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-25333

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.

CVE ID : CVE-2022-25333
Source : cert@ncsc.nl
CVSS Score : 8.2

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-25334

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.

CVE ID : CVE-2022-25334
Source : cert@ncsc.nl
CVSS Score : 8.2

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-26942

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.

CVE ID : CVE-2022-26942
Source : cert@ncsc.nl
CVSS Score : 8.2

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-27813

First published on : 19-10-2023 10:15:10
Last modified on : 19-10-2023 12:59:29

Description :
Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.

CVE ID : CVE-2022-27813
Source : cert@ncsc.nl
CVSS Score : 8.1

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-24400

First published on : 19-10-2023 10:15:08
Last modified on : 19-10-2023 12:59:29

Description :
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

CVE ID : CVE-2022-24400
Source : cert@ncsc.nl
CVSS Score : 7.5

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Source : solarwinds.com

Vulnerability ID : CVE-2023-35182

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

CVE ID : CVE-2023-35182
Source : psirt@solarwinds.com
CVSS Score : 8.8

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35182 | source : psirt@solarwinds.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-35184

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.

CVE ID : CVE-2023-35184
Source : psirt@solarwinds.com
CVSS Score : 8.8

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35184 | source : psirt@solarwinds.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-35185

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.

CVE ID : CVE-2023-35185
Source : psirt@solarwinds.com
CVSS Score : 8.8

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35185 | source : psirt@solarwinds.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-35187

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

CVE ID : CVE-2023-35187
Source : psirt@solarwinds.com
CVSS Score : 8.8

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35187 | source : psirt@solarwinds.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-35180

First published on : 19-10-2023 15:15:08
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.

CVE ID : CVE-2023-35180
Source : psirt@solarwinds.com
CVSS Score : 8.0

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35180 | source : psirt@solarwinds.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-35186

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

CVE ID : CVE-2023-35186
Source : psirt@solarwinds.com
CVSS Score : 8.0

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 | source : psirt@solarwinds.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-35181

First published on : 19-10-2023 15:15:08
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

CVE ID : CVE-2023-35181
Source : psirt@solarwinds.com
CVSS Score : 7.8

References :
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 | source : psirt@solarwinds.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-35183

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

CVE ID : CVE-2023-35183
Source : psirt@solarwinds.com
CVSS Score : 7.8

References :
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183 | source : psirt@solarwinds.com

Vulnerability : CWE-276


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-40145

First published on : 19-10-2023 20:15:09
Last modified on : 19-10-2023 20:15:09

Description :
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

CVE ID : CVE-2023-40145
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41089

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.

CVE ID : CVE-2023-41089
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.0

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-35986

First published on : 19-10-2023 18:15:09
Last modified on : 19-10-2023 19:36:55

Description :
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-35986
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-39431

First published on : 19-10-2023 18:15:09
Last modified on : 19-10-2023 19:36:55

Description :
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-39431
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-5059

First published on : 19-10-2023 18:15:09
Last modified on : 19-10-2023 19:36:55

Description :
Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE ID : CVE-2023-5059
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-34437

First published on : 19-10-2023 00:15:16
Last modified on : 19-10-2023 12:59:35

Description :
Baker Hughes โ€“ Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.

CVE ID : CVE-2023-34437
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-200


Source : hcl.com

Vulnerability ID : CVE-2023-37503

First published on : 19-10-2023 03:15:08
Last modified on : 19-10-2023 12:59:35

Description :
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.

CVE ID : CVE-2023-37503
Source : psirt@hcl.com
CVSS Score : 8.1

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107512 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-37504

First published on : 19-10-2023 01:15:08
Last modified on : 19-10-2023 12:59:35

Description :
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.

CVE ID : CVE-2023-37504
Source : psirt@hcl.com
CVSS Score : 7.1

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107511 | source : psirt@hcl.com


Source : cisco.com

Vulnerability ID : CVE-2023-35126

First published on : 19-10-2023 17:15:10
Last modified on : 19-10-2023 18:15:09

Description :
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35126
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://jvn.jp/en/jp/JVN28846531/index.html | source : talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-34366

First published on : 19-10-2023 18:15:08
Last modified on : 19-10-2023 19:36:55

Description :
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-34366
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://jvn.jp/en/jp/JVN28846531/index.html | source : talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-38127

First published on : 19-10-2023 18:15:09
Last modified on : 19-10-2023 19:36:55

Description :
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-38127
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://jvn.jp/en/jp/JVN28846531/index.html | source : talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808 | source : talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1808 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38128

First published on : 19-10-2023 18:15:09
Last modified on : 19-10-2023 19:36:55

Description :
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-38128
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://jvn.jp/en/jp/JVN28846531/index.html | source : talos-cna@cisco.com
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809 | source : talos-cna@cisco.com

Vulnerability : CWE-843


Source : github.com

Vulnerability ID : CVE-2023-45823

First published on : 19-10-2023 21:15:09
Last modified on : 19-10-2023 21:15:09

Description :
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45823
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0 | source : security-advisories@github.com
https://github.com/artifacthub/hub/security/advisories/GHSA-hmq4-c2r4-5q8h | source : security-advisories@github.com

Vulnerability : CWE-22


(18) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-34441

First published on : 19-10-2023 00:15:16
Last modified on : 19-10-2023 12:59:35

Description :
Baker Hughes โ€“ Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

CVE ID : CVE-2023-34441
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-41088

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.

CVE ID : CVE-2023-41088
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-42435

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.

CVE ID : CVE-2023-42435
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-36857

First published on : 19-10-2023 00:15:16
Last modified on : 19-10-2023 12:59:35

Description :
Baker Hughes โ€“ Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.

CVE ID : CVE-2023-36857
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-294


Vulnerability ID : CVE-2023-40153

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.

CVE ID : CVE-2023-40153
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-42666

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used.

CVE ID : CVE-2023-42666
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-271-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-200


Source : snyk.io

Vulnerability ID : CVE-2023-5654

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URLโ€™s via the victim's browser.

CVE ID : CVE-2023-5654
Source : report@snyk.io
CVSS Score : 6.5

References :
https://gist.github.com/CalumHutton/1fb89b64409570a43f89d1fd3274b231 | source : report@snyk.io

Vulnerability : CWE-285


Source : github.com

Vulnerability ID : CVE-2023-45826

First published on : 19-10-2023 19:15:16
Last modified on : 19-10-2023 19:36:55

Description :
Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45826
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/Leantime/leantime/commit/be75f1e0f311d11c00a0bdc7079a62eef3594bf0 | source : security-advisories@github.com
https://github.com/Leantime/leantime/security/advisories/GHSA-559g-3h98-g3fj | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45820

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.

CVE ID : CVE-2023-45820
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb | source : security-advisories@github.com
https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m | source : security-advisories@github.com

Vulnerability : CWE-755


Vulnerability ID : CVE-2023-45825

First published on : 19-10-2023 19:15:16
Last modified on : 19-10-2023 19:36:55

Description :
ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using `fmt.Errorf("something went wrong (credentials: %q)", credentials)` during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read sensitive information (i.e. credentials) information and use it to get access to the database. ydb-go-sdk contains this problem in versions from v3.48.6 to v3.53.2. The fix for this problem has been released in version v3.53.3. Users are advised to upgrade. Users unable to upgrade should implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state.

CVE ID : CVE-2023-45825
Source : security-advisories@github.com
CVSS Score : 5.5

References :
https://github.com/ydb-platform/ydb-go-sdk/blob/master/credentials/credentials.go#L10 | source : security-advisories@github.com
https://github.com/ydb-platform/ydb-go-sdk/blob/v3.48.6/internal/balancer/balancer.go#L71 | source : security-advisories@github.com
https://github.com/ydb-platform/ydb-go-sdk/pull/859 | source : security-advisories@github.com
https://github.com/ydb-platform/ydb-go-sdk/security/advisories/GHSA-q24m-6h38-5xj8 | source : security-advisories@github.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-45821

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it'd be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. <https://artifacthub.io/> uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45821
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0 | source : security-advisories@github.com
https://github.com/artifacthub/hub/security/advisories/GHSA-g6pq-x539-7w4j | source : security-advisories@github.com

Vulnerability : CWE-494


Source : wordfence.com

Vulnerability ID : CVE-2023-5638

First published on : 19-10-2023 02:15:07
Last modified on : 19-10-2023 12:59:35

Description :
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5638
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.2/includes/shortcodes/class-wcj-general-shortcodes.php#L1122 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.3/includes/functions/wcj-functions-general.php#L1205 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.3/includes/shortcodes/class-wcj-general-shortcodes.php#L1122 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f0257620-3a0e-4011-9378-7aa423e7c0b2?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5639

First published on : 19-10-2023 02:15:08
Last modified on : 19-10-2023 12:59:35

Description :
The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5639
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/team-showcase/trunk/team-manager-free.php?rev=2912143#L489 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/team-showcase/trunk/team-manager-free.php?rev=2912143#L893 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2980614/team-showcase | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b26060-294e-4d4c-9295-0b08f533d5c4?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4645

First published on : 19-10-2023 02:15:07
Last modified on : 19-10-2023 12:59:35

Description :
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.

CVE ID : CVE-2023-4645
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/ad-inserter/trunk/ad-inserter.php#L6529 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5254

First published on : 19-10-2023 06:15:12
Last modified on : 19-10-2023 12:59:29

Description :
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.

CVE ID : CVE-2023-5254
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/chatbot/trunk/functions.php#L1224 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d897daf8-5320-4546-9a63-1d34a15b2a58?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Source : ncsc.nl

Vulnerability ID : CVE-2022-24404

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.

CVE ID : CVE-2022-24404
Source : cert@ncsc.nl
CVSS Score : 5.9

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Vulnerability ID : CVE-2022-25332

First published on : 19-10-2023 10:15:09
Last modified on : 19-10-2023 12:59:29

Description :
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).

CVE ID : CVE-2022-25332
Source : cert@ncsc.nl
CVSS Score : 4.4

References :
https://tetraburst.com/ | source : cert@ncsc.nl


Source : vmware.com

Vulnerability ID : CVE-2023-34050

First published on : 19-10-2023 08:15:08
Last modified on : 19-10-2023 12:59:29

Description :
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content

CVE ID : CVE-2023-34050
Source : security@vmware.com
CVSS Score : 5.0

References :
https://spring.io/security/cve-2023-34050 | source : security@vmware.com


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-45822

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45822
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0 | source : security-advisories@github.com
https://github.com/artifacthub/hub/security/advisories/GHSA-9pc8-m4vp-ggvf | source : security-advisories@github.com
https://www.openpolicyagent.org/ | source : security-advisories@github.com
https://www.openpolicyagent.org/docs/latest/#rego | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-45809

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45809
Source : security-advisories@github.com
CVSS Score : 2.7

References :
https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b | source : security-advisories@github.com
https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-425


(30) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-46228

First published on : 19-10-2023 05:15:58
Last modified on : 19-10-2023 12:59:29

Description :
zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c.

CVE ID : CVE-2023-46228
Source : cve@mitre.org
CVSS Score : /

References :
https://bugzilla.suse.com/show_bug.cgi?id=1216268 | source : cve@mitre.org
https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe | source : cve@mitre.org
https://github.com/zchunk/zchunk/compare/1.3.1...1.3.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46229

First published on : 19-10-2023 05:15:58
Last modified on : 19-10-2023 12:59:29

Description :
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

CVE ID : CVE-2023-46229
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8 | source : cve@mitre.org
https://github.com/langchain-ai/langchain/pull/11925 | source : cve@mitre.org


Vulnerability ID : CVE-2022-37830

First published on : 19-10-2023 13:15:09
Last modified on : 19-10-2023 16:41:16

Description :
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).

CVE ID : CVE-2022-37830
Source : cve@mitre.org
CVSS Score : /

References :
http://webjet.com | source : cve@mitre.org
https://citadelo.com/download/CVE-2022-37830.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-43252

First published on : 19-10-2023 13:15:10
Last modified on : 19-10-2023 16:41:16

Description :
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.

CVE ID : CVE-2023-43252
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html | source : cve@mitre.org
http://seclists.org/fulldisclosure/2023/Oct/15 | source : cve@mitre.org
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer%20Overrun | source : cve@mitre.org
https://www.xnview.com/en/nconvert/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45379

First published on : 19-10-2023 13:15:10
Last modified on : 19-10-2023 16:41:16

Description :
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.

CVE ID : CVE-2023-45379
Source : cve@mitre.org
CVSS Score : /

References :
http://posrotatorimg.com | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/17/posrotatorimg.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45384

First published on : 19-10-2023 13:15:10
Last modified on : 19-10-2023 16:41:16

Description :
KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php

CVE ID : CVE-2023-45384
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/processus-rapide-commande/18016-one-page-checkout-social-login-mailchimp.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/17/supercheckout.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45883

First published on : 19-10-2023 13:15:10
Last modified on : 19-10-2023 16:41:16

Description :
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.

CVE ID : CVE-2023-45883
Source : cve@mitre.org
CVSS Score : /

References :
https://hackandpwn.com/disclosures/CVE-2023-45883.pdf | source : cve@mitre.org
https://www.vidyo.com/enterprise-video-management/qumu | source : cve@mitre.org


Vulnerability ID : CVE-2023-31046

First published on : 19-10-2023 14:15:08
Last modified on : 19-10-2023 16:41:16

Description :
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server's filesystem.

CVE ID : CVE-2023-31046
Source : cve@mitre.org
CVSS Score : /

References :
https://research.aurainfosec.io/disclosure/papercut/ | source : cve@mitre.org
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications | source : cve@mitre.org
https://www.papercut.com/kb/Main/SecurityBulletinJune2023 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43251

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE ID : CVE-2023-43251
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html | source : cve@mitre.org
http://seclists.org/fulldisclosure/2023/Oct/15 | source : cve@mitre.org
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH | source : cve@mitre.org
https://www.xnview.com/en/nconvert/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46042

First published on : 19-10-2023 15:15:09
Last modified on : 19-10-2023 16:41:16

Description :
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().

CVE ID : CVE-2023-46042
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS | source : cve@mitre.org


Vulnerability ID : CVE-2022-47583

First published on : 19-10-2023 16:15:08
Last modified on : 19-10-2023 16:41:16

Description :
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

CVE ID : CVE-2022-47583
Source : cve@mitre.org
CVSS Score : /

References :
https://dgl.cx/2023/09/ansi-terminal-security#mintty | source : cve@mitre.org
https://github.com/mintty/mintty/releases/tag/3.6.3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46033

First published on : 19-10-2023 16:15:09
Last modified on : 19-10-2023 16:41:16

Description :
** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.

CVE ID : CVE-2023-46033
Source : cve@mitre.org
CVSS Score : /

References :
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357 | source : cve@mitre.org
https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router | source : cve@mitre.org
https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router | source : cve@mitre.org


Vulnerability ID : CVE-2023-45277

First published on : 19-10-2023 17:15:10
Last modified on : 19-10-2023 17:56:52

Description :
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

CVE ID : CVE-2023-45277
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | source : cve@mitre.org
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | source : cve@mitre.org


Vulnerability ID : CVE-2023-45278

First published on : 19-10-2023 17:15:10
Last modified on : 19-10-2023 17:56:52

Description :
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

CVE ID : CVE-2023-45278
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | source : cve@mitre.org
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | source : cve@mitre.org


Vulnerability ID : CVE-2023-45281

First published on : 19-10-2023 17:15:10
Last modified on : 19-10-2023 17:56:52

Description :
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.

CVE ID : CVE-2023-45281
Source : cve@mitre.org
CVSS Score : /

References :
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | source : cve@mitre.org


Vulnerability ID : CVE-2023-43986

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.

CVE ID : CVE-2023-43986
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/declinaisons-personnalisation/20343-configurateur-avance-de-produit-sur-mesure-par-etape.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/19/configurator.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45381

First published on : 19-10-2023 19:15:15
Last modified on : 19-10-2023 19:36:55

Description :
In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`

CVE ID : CVE-2023-45381
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/pop-up/39348-creative-popup.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/19/creativepopup.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45992

First published on : 19-10-2023 19:15:16
Last modified on : 19-10-2023 19:36:55

Description :
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal.

CVE ID : CVE-2023-45992
Source : cve@mitre.org
CVSS Score : /

References :
http://ruckus.com | source : cve@mitre.org
https://github.com/harry935/CVE-2023-45992 | source : cve@mitre.org
https://server.cloudpath/ | source : cve@mitre.org
https://server.cloudpath/admin/enrollmentData/ | source : cve@mitre.org
https://support.ruckuswireless.com/security_bulletins/322 | source : cve@mitre.org


Vulnerability ID : CVE-2022-42150

First published on : 19-10-2023 20:15:08
Last modified on : 19-10-2023 20:15:08

Description :
TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

CVE ID : CVE-2022-42150
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements | source : cve@mitre.org
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json | source : cve@mitre.org
https://github.com/tinyclub/linux-lab/issues/14 | source : cve@mitre.org
https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo | source : cve@mitre.org
https://www.usenix.org/conference/usenixsecurity23/presentation/he | source : cve@mitre.org


Vulnerability ID : CVE-2023-27791

First published on : 19-10-2023 20:15:08
Last modified on : 19-10-2023 20:15:08

Description :
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.

CVE ID : CVE-2023-27791
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Vulnerability ID : CVE-2023-30633

First published on : 19-10-2023 20:15:08
Last modified on : 19-10-2023 20:15:08

Description :
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices).

CVE ID : CVE-2023-30633
Source : cve@mitre.org
CVSS Score : /

References :
https://www.insyde.com/security-pledge | source : cve@mitre.org
https://www.insyde.com/security-pledge/SA-2023045 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45376

First published on : 19-10-2023 20:15:09
Last modified on : 19-10-2023 20:15:09

Description :
In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().`

CVE ID : CVE-2023-45376
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-27792

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories.

CVE ID : CVE-2023-27792
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Vulnerability ID : CVE-2023-27793

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.

CVE ID : CVE-2023-27793
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Vulnerability ID : CVE-2023-27795

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.

CVE ID : CVE-2023-27795
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Vulnerability ID : CVE-2023-30131

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.

CVE ID : CVE-2023-30131
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Vulnerability ID : CVE-2023-30132

First published on : 19-10-2023 21:15:08
Last modified on : 19-10-2023 21:15:08

Description :
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.

CVE ID : CVE-2023-30132
Source : cve@mitre.org
CVSS Score : /

References :
https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-25753

First published on : 19-10-2023 09:15:08
Last modified on : 19-10-2023 12:59:29

Description :
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 .

CVE ID : CVE-2023-25753
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d | source : security@apache.org

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-46227

First published on : 19-10-2023 10:15:10
Last modified on : 19-10-2023 12:59:29

Description :
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814

CVE ID : CVE-2023-46227
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/m8txor4f76tmrxksrmc87tw42g57nz33 | source : security@apache.org

Vulnerability : CWE-502


Source : github.com

Vulnerability ID : CVE-2023-45665

First published on : 19-10-2023 17:15:10
Last modified on : 19-10-2023 17:15:10

Description :
** REJECT ** This CVE is a duplicate of another CVE.

CVE ID : CVE-2023-45665
Source : security-advisories@github.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.