Latest vulnerabilities of Thursday, October 5, 2023

Latest vulnerabilities of Thursday, October 5, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/05/2023 at 11:58:02 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : 1e.com

Vulnerability ID : CVE-2023-45160

First published on : 05-10-2023 16:15:12
Last modified on : 05-10-2023 16:22:20

Description :
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down

CVE ID : CVE-2023-45160
Source : security@1e.com
CVSS Score : 10.0

References :
https://www.1e.com/trust-security-compliance/cve-info/ | source : security@1e.com

Vulnerability : CWE-552


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-2306

First published on : 05-10-2023 17:15:11
Last modified on : 05-10-2023 19:13:42

Description :
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.

CVE ID : CVE-2023-2306
Source : ics-cert@hq.dhs.gov
CVSS Score : 10.0

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-798


Source : emc.com

Vulnerability ID : CVE-2023-32485

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

CVE ID : CVE-2023-32485
Source : security_alert@emc.com
CVSS Score : 9.8

References :
https://www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-20


(5) HIGH VULNERABILITIES [7.0, 8.9]

Source : ni.com

Vulnerability ID : CVE-2023-4570

First published on : 05-10-2023 16:15:12
Last modified on : 05-10-2023 16:22:20

Description :
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

CVE ID : CVE-2023-4570
Source : security@ni.com
CVSS Score : 8.8

References :
https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html | source : security@ni.com

Vulnerability : CWE-420


Source : emc.com

Vulnerability ID : CVE-2023-43068

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

CVE ID : CVE-2023-43068
Source : security_alert@emc.com
CVSS Score : 7.8

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-43069

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

CVE ID : CVE-2023-43069
Source : security_alert@emc.com
CVSS Score : 7.8

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-4401

First published on : 05-10-2023 18:15:13
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the โ€˜moreโ€™ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

CVE ID : CVE-2023-4401
Source : security_alert@emc.com
CVSS Score : 7.8

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-77


Source : 1e.com

Vulnerability ID : CVE-2023-45159

First published on : 05-10-2023 11:15:14
Last modified on : 05-10-2023 12:53:40

Description :
1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.

CVE ID : CVE-2023-45159
Source : security@1e.com
CVSS Score : 7.3

References :
https://www.1e.com/trust-security-compliance/cve-info/ | source : security@1e.com

Vulnerability : CWE-59


(14) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : redhat.com

Vulnerability ID : CVE-2023-40745

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVE ID : CVE-2023-40745
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-40745 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2235265 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-41175

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVE ID : CVE-2023-41175
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-41175 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2235264 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-42755

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

CVE ID : CVE-2023-42755
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-42755 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239847 | source : secalert@redhat.com
https://seclists.org/oss-sec/2023/q3/229 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-42754

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CVE ID : CVE-2023-42754
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-42754 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239845 | source : secalert@redhat.com
https://seclists.org/oss-sec/2023/q4/14 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-3248

First published on : 05-10-2023 14:15:09
Last modified on : 05-10-2023 16:22:20

Description :
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

CVE ID : CVE-2022-3248
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2022-3248 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2072188 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4145

First published on : 05-10-2023 13:15:09
Last modified on : 05-10-2023 16:22:20

Description :
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

CVE ID : CVE-2022-4145
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/security/cve/CVE-2022-4145 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2148667 | source : secalert@redhat.com


Source : emc.com

Vulnerability ID : CVE-2023-43070

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

CVE ID : CVE-2023-43070
Source : security_alert@emc.com
CVSS Score : 6.3

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-43071

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

CVE ID : CVE-2023-43071
Source : security_alert@emc.com
CVSS Score : 4.4

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-1236


Vulnerability ID : CVE-2023-43072

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

CVE ID : CVE-2023-43072
Source : security_alert@emc.com
CVSS Score : 4.4

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-43073

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.

CVE ID : CVE-2023-43073
Source : security_alert@emc.com
CVSS Score : 4.3

References :
https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-20


Source : huntr.dev

Vulnerability ID : CVE-2023-5441

First published on : 05-10-2023 21:15:11
Last modified on : 05-10-2023 21:15:11

Description :
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

CVE ID : CVE-2023-5441
Source : security@huntr.dev
CVSS Score : 6.2

References :
https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 | source : security@huntr.dev
https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2 | source : security@huntr.dev

Vulnerability : CWE-476


Source : github.com

Vulnerability ID : CVE-2023-44390

First published on : 05-10-2023 14:15:09
Last modified on : 05-10-2023 16:22:20

Description :
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).

CVE ID : CVE-2023-44390
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/mganss/HtmlSanitizer/commit/ab29319866c020f0cc11e6b92228cd8039196c6e | source : security-advisories@github.com
https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-43cp-6p3q-2pc4 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44386

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

CVE ID : CVE-2023-44386
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3 | source : security-advisories@github.com
https://github.com/vapor/vapor/releases/tag/4.84.2 | source : security-advisories@github.com
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm | source : security-advisories@github.com

Vulnerability : CWE-231
Vulnerability : CWE-617
Vulnerability : CWE-696


Source : vuldb.com

Vulnerability ID : CVE-2023-5423

First published on : 05-10-2023 18:15:13
Last modified on : 05-10-2023 19:13:42

Description :
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.

CVE ID : CVE-2023-5423
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://vuldb.com/?ctiid.241384 | source : cna@vuldb.com
https://vuldb.com/?id.241384 | source : cna@vuldb.com

Vulnerability : CWE-89


(1) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-44387

First published on : 05-10-2023 18:15:12
Last modified on : 05-10-2023 19:13:42

Description :
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.

CVE ID : CVE-2023-44387
Source : security-advisories@github.com
CVSS Score : 3.2

References :
https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 | source : security-advisories@github.com
https://github.com/gradle/gradle/releases/tag/v7.6.3 | source : security-advisories@github.com
https://github.com/gradle/gradle/releases/tag/v8.4.0 | source : security-advisories@github.com
https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9 | source : security-advisories@github.com

Vulnerability : CWE-732


(25) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-26236

First published on : 05-10-2023 01:15:10
Last modified on : 05-10-2023 12:53:40

Description :
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.

CVE ID : CVE-2023-26236
Source : cve@mitre.org
CVSS Score : /

References :
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 | source : cve@mitre.org


Vulnerability ID : CVE-2023-26237

First published on : 05-10-2023 01:15:10
Last modified on : 05-10-2023 12:53:40

Description :
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.

CVE ID : CVE-2023-26237
Source : cve@mitre.org
CVSS Score : /

References :
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00005 | source : cve@mitre.org


Vulnerability ID : CVE-2023-26238

First published on : 05-10-2023 01:15:10
Last modified on : 05-10-2023 12:53:40

Description :
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.

CVE ID : CVE-2023-26238
Source : cve@mitre.org
CVSS Score : /

References :
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00006 | source : cve@mitre.org


Vulnerability ID : CVE-2023-26239

First published on : 05-10-2023 01:15:10
Last modified on : 05-10-2023 12:53:40

Description :
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.

CVE ID : CVE-2023-26239
Source : cve@mitre.org
CVSS Score : /

References :
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00007 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45198

First published on : 05-10-2023 05:15:42
Last modified on : 05-10-2023 12:53:40

Description :
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.

CVE ID : CVE-2023-45198
Source : cve@mitre.org
CVSS Score : /

References :
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95 | source : cve@mitre.org
https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-44828

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44828
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/CheckPasswdSettings_CurrentPassword | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44829

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44829
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetDeviceSettings_AdminPassword | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44830

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44830
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_EndTime | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44831

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44831
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_Type | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44832

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44832
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWanSettings_MacAddress | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44833

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44833
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_GuardInt | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44834

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44834
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_%20StartTime | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44835

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44835
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetParentsControlInfo_Mac | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44836

First published on : 05-10-2023 16:15:11
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44836
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_SSID | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44837

First published on : 05-10-2023 16:15:12
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44837
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWanSettings_Password | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44838

First published on : 05-10-2023 16:15:12
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44838
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSettings_TXPower | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44839

First published on : 05-10-2023 16:15:12
Last modified on : 05-10-2023 16:22:20

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2023-44839
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bugfinder0/public_bug/tree/main/dlink/dir823g/SetWLanRadioSecurity_Encryption | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43260

First published on : 05-10-2023 19:15:11
Last modified on : 05-10-2023 19:15:11

Description :
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

CVE ID : CVE-2023-43260
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40920

First published on : 05-10-2023 20:15:13
Last modified on : 05-10-2023 20:15:13

Description :
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().

CVE ID : CVE-2023-40920
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/05/prixanconnect.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43284

First published on : 05-10-2023 20:15:13
Last modified on : 05-10-2023 20:15:13

Description :
An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.

CVE ID : CVE-2023-43284
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MateusTesser/CVE-2023-43284 | source : cve@mitre.org
https://youtu.be/Y8osw_xU6-0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43981

First published on : 05-10-2023 20:15:13
Last modified on : 05-10-2023 20:15:13

Description :
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.

CVE ID : CVE-2023-43981
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/03/testsitecreator.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43983

First published on : 05-10-2023 20:15:13
Last modified on : 05-10-2023 20:15:13

Description :
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

CVE ID : CVE-2023-43983
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/03/attributegrid.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-44024

First published on : 05-10-2023 20:15:13
Last modified on : 05-10-2023 20:15:13

Description :
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.

CVE ID : CVE-2023-44024
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/05/supercheckout.html | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-5346

First published on : 05-10-2023 18:15:13
Last modified on : 05-10-2023 19:13:42

Description :
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-5346
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://crbug.com/1485829 | source : chrome-cve-admin@google.com


Source : golang.org

Vulnerability ID : CVE-2023-39323

First published on : 05-10-2023 21:15:11
Last modified on : 05-10-2023 21:15:11

Description :
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

CVE ID : CVE-2023-39323
Source : security@golang.org
CVSS Score : /

References :
https://go.dev/cl/533215 | source : security@golang.org
https://go.dev/issue/63211 | source : security@golang.org
https://groups.google.com/g/golang-announce/c/XBa1oHDevAo | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2095 | source : security@golang.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.