Latest vulnerabilities of Tuesday, November 21, 2023

Latest vulnerabilities of Tuesday, November 21, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/21/2023 at 11:57:02 PM

(7) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-40151

First published on : 21-11-2023 00:15:06
Last modified on : 21-11-2023 01:38:10

Description :
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

CVE ID : CVE-2023-40151
Source : ics-cert@hq.dhs.gov
CVSS Score : 10.0

References :
https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-749


Vulnerability ID : CVE-2023-42770

First published on : 21-11-2023 01:15:07
Last modified on : 21-11-2023 01:38:10

Description :
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

CVE ID : CVE-2023-42770
Source : ics-cert@hq.dhs.gov
CVSS Score : 10.0

References :
https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-288


Source : mitre.org

Vulnerability ID : CVE-2023-49103

First published on : 21-11-2023 22:15:08
Last modified on : 21-11-2023 22:15:08

Description :
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.

CVE ID : CVE-2023-49103
Source : cve@mitre.org
CVSS Score : 10.0

References :
https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/ | source : cve@mitre.org
https://owncloud.org/security | source : cve@mitre.org


Vulnerability ID : CVE-2023-49105

First published on : 21-11-2023 22:15:08
Last modified on : 21-11-2023 22:15:08

Description :
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.

CVE ID : CVE-2023-49105
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/ | source : cve@mitre.org
https://owncloud.org/security | source : cve@mitre.org


Source : asrg.io

Vulnerability ID : CVE-2023-6248

First published on : 21-11-2023 22:15:08
Last modified on : 21-11-2023 22:15:08

Description :
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )

CVE ID : CVE-2023-6248
Source : cve@asrg.io
CVSS Score : 10.0

References :
https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/ | source : cve@asrg.io

Vulnerability : CWE-200
Vulnerability : CWE-287
Vulnerability : CWE-319
Vulnerability : CWE-94


Source : cert.vde.com

Vulnerability ID : CVE-2023-4149

First published on : 21-11-2023 07:15:10
Last modified on : 21-11-2023 14:08:14

Description :
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

CVE ID : CVE-2023-4149
Source : info@cert.vde.com
CVSS Score : 9.8

References :
https://cert.vde.com/en/advisories/VDE-2023-037 | source : info@cert.vde.com

Vulnerability : CWE-78


Source : fluidattacks.com

Vulnerability ID : CVE-2023-6144

First published on : 21-11-2023 00:15:07
Last modified on : 21-11-2023 01:38:10

Description :
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

CVE ID : CVE-2023-6144
Source : help@fluidattacks.com
CVSS Score : 9.1

References :
https://fluidattacks.com/advisories/almighty/ | source : help@fluidattacks.com
https://github.com/Armanidrisi/devblog/ | source : help@fluidattacks.com

Vulnerability : CWE-639


(16) HIGH VULNERABILITIES [7.0, 8.9]

Source : mitre.org

Vulnerability ID : CVE-2023-49104

First published on : 21-11-2023 22:15:08
Last modified on : 21-11-2023 22:15:08

Description :
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.

CVE ID : CVE-2023-49104
Source : cve@mitre.org
CVSS Score : 8.7

References :
https://owncloud.com/security-advisories/subdomain-validation-bypass/ | source : cve@mitre.org
https://owncloud.org/security | source : cve@mitre.org


Source : atlassian.com

Vulnerability ID : CVE-2023-22516

First published on : 21-11-2023 18:15:07
Last modified on : 21-11-2023 20:31:33

Description :
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program

CVE ID : CVE-2023-22516
Source : security@atlassian.com
CVSS Score : 8.5

References :
https://confluence.atlassian.com/pages/viewpage.action?pageId=1318881573 | source : security@atlassian.com
https://jira.atlassian.com/browse/BAM-25168 | source : security@atlassian.com


Vulnerability ID : CVE-2023-22521

First published on : 21-11-2023 18:15:08
Last modified on : 21-11-2023 20:31:33

Description :
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program

CVE ID : CVE-2023-22521
Source : security@atlassian.com
CVSS Score : 8.0

References :
https://confluence.atlassian.com/pages/viewpage.action?pageId=1318881573 | source : security@atlassian.com
https://jira.atlassian.com/browse/CWD-6139 | source : security@atlassian.com


Source : github.com

Vulnerability ID : CVE-2023-48239

First published on : 21-11-2023 21:15:08
Last modified on : 21-11-2023 21:15:08

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.

CVE ID : CVE-2023-48239
Source : security-advisories@github.com
CVSS Score : 8.5

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f962-hw26-g267 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/41123 | source : security-advisories@github.com
https://hackerone.com/reports/2212627 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-48228

First published on : 21-11-2023 21:15:08
Last modified on : 21-11-2023 21:15:08

Description :
authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request with out it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue.

CVE ID : CVE-2023-48228
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/goauthentik/authentik/blob/dd4e9030b4e667d3720be2feda24c08972602274/authentik/providers/oauth2/views/token.py#L225 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/commit/3af77ab3821fe9c7df8055ba5eade3d1ecea03a6 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/commit/6b9afed21f7c39f171a4a445654cfe415bba37d5 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/commit/b88e39411c12e3f9e04125a7887f12354f760a14 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/pull/7666 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/pull/7668 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/pull/7669 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.4 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.5 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/security/advisories/GHSA-fm34-v8xq-f2c3 | source : security-advisories@github.com

Vulnerability : CWE-287


Source : zephyrproject.org

Vulnerability ID : CVE-2023-4424

First published on : 21-11-2023 07:15:10
Last modified on : 21-11-2023 14:08:14

Description :
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.

CVE ID : CVE-2023-4424
Source : vulnerabilities@zephyrproject.org
CVSS Score : 8.3

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j4qm-xgpf-qjw3 | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-5055

First published on : 21-11-2023 18:15:09
Last modified on : 21-11-2023 20:31:33

Description :
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.

CVE ID : CVE-2023-5055
Source : vulnerabilities@zephyrproject.org
CVSS Score : 8.3

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-121


Source : incibe.es

Vulnerability ID : CVE-2023-6235

First published on : 21-11-2023 13:15:07
Last modified on : 21-11-2023 14:08:14

Description :
An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code.

CVE ID : CVE-2023-6235
Source : cve-coordination@incibe.es
CVSS Score : 7.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display | source : cve-coordination@incibe.es

Vulnerability : CWE-427


Source : hq.dhs.gov

Vulnerability ID : CVE-2021-38405

First published on : 21-11-2023 19:15:07
Last modified on : 21-11-2023 20:31:33

Description :
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVE ID : CVE-2021-38405
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-119


Vulnerability ID : CVE-2021-27502

First published on : 21-11-2023 18:15:07
Last modified on : 21-11-2023 20:31:33

Description :
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

CVE ID : CVE-2021-27502
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | source : ics-cert@hq.dhs.gov
https://www.ti.com/tool/TI-RTOS-MCU | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-190


Vulnerability ID : CVE-2021-27504

First published on : 21-11-2023 18:15:07
Last modified on : 21-11-2023 20:31:33

Description :
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.

CVE ID : CVE-2021-27504
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | source : ics-cert@hq.dhs.gov
https://www.ti.com/tool/TI-RTOS-MCU | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-190


Source : axis.com

Vulnerability ID : CVE-2023-5553

First published on : 21-11-2023 07:15:11
Last modified on : 21-11-2023 14:08:14

Description :
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-5553
Source : product-security@axis.com
CVSS Score : 7.6

References :
https://www.axis.com/dam/public/0a/66/25/cve-2023-5553-en-US-417789.pdf | source : product-security@axis.com


Vulnerability ID : CVE-2023-21416

First published on : 21-11-2023 07:15:08
Last modified on : 21-11-2023 14:08:14

Description :
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21416
Source : product-security@axis.com
CVSS Score : 7.1

References :
https://www.axis.com/dam/public/35/2a/a6/cve-2023-21416-en-US-417790.pdf | source : product-security@axis.com


Vulnerability ID : CVE-2023-21417

First published on : 21-11-2023 07:15:09
Last modified on : 21-11-2023 14:08:14

Description :
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21417
Source : product-security@axis.com
CVSS Score : 7.1

References :
https://www.axis.com/dam/public/2a/82/12/cve-2023-21417-en-US-417791.pdf | source : product-security@axis.com


Vulnerability ID : CVE-2023-21418

First published on : 21-11-2023 07:15:09
Last modified on : 21-11-2023 14:08:14

Description :
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-21418
Source : product-security@axis.com
CVSS Score : 7.1

References :
https://www.axis.com/dam/public/49/93/55/cve-2023-21418-en-US-417792.pdf | source : product-security@axis.com


Source : redhat.com

Vulnerability ID : CVE-2023-6238

First published on : 21-11-2023 21:15:09
Last modified on : 21-11-2023 21:15:09

Description :
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

CVE ID : CVE-2023-6238
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-6238 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2250834 | source : secalert@redhat.com

Vulnerability : CWE-119


(13) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : cisco.com

Vulnerability ID : CVE-2023-20272

First published on : 21-11-2023 19:15:08
Last modified on : 21-11-2023 20:31:33

Description :
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

CVE ID : CVE-2023-20272
Source : ykramarz@cisco.com
CVSS Score : 6.7

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20274

First published on : 21-11-2023 19:15:09
Last modified on : 21-11-2023 20:31:33

Description :
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.

CVE ID : CVE-2023-20274
Source : ykramarz@cisco.com
CVSS Score : 6.3

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5 | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20265

First published on : 21-11-2023 19:15:08
Last modified on : 21-11-2023 20:31:33

Description :
A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

CVE ID : CVE-2023-20265
Source : ykramarz@cisco.com
CVSS Score : 5.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20208

First published on : 21-11-2023 19:15:08
Last modified on : 21-11-2023 20:31:33

Description :
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device.

CVE ID : CVE-2023-20208
Source : ykramarz@cisco.com
CVSS Score : 4.8

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR | source : ykramarz@cisco.com


Source : github.com

Vulnerability ID : CVE-2023-48226

First published on : 21-11-2023 20:15:07
Last modified on : 21-11-2023 20:31:33

Description :
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available.

CVE ID : CVE-2023-48226
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://bugcrowd.com/vulnerability-rating-taxonomy | source : security-advisories@github.com
https://capec.mitre.org/data/definitions/242.html | source : security-advisories@github.com
https://cwe.mitre.org/data/definitions/20.html | source : security-advisories@github.com
https://github.com/openreplay/openreplay/blob/main/api/chalicelib/utils/html/invitation.html#L421 | source : security-advisories@github.com
https://github.com/openreplay/openreplay/security/advisories/GHSA-xpfv-454c-3fj4 | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-94


Vulnerability ID : CVE-2023-48230

First published on : 21-11-2023 21:15:08
Last modified on : 21-11-2023 21:15:08

Description :
Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected. If KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto, but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected. This issue is fixed in Cap'n Proto 1.0.1.1.

CVE ID : CVE-2023-48230
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59 | source : security-advisories@github.com
https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff | source : security-advisories@github.com
https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3 | source : security-advisories@github.com

Vulnerability : CWE-124


Vulnerability ID : CVE-2023-48299

First published on : 21-11-2023 21:15:09
Last modified on : 21-11-2023 21:15:09

Description :
TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability.

CVE ID : CVE-2023-48299
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb | source : security-advisories@github.com
https://github.com/pytorch/serve/pull/2634 | source : security-advisories@github.com
https://github.com/pytorch/serve/releases/tag/v0.9.0 | source : security-advisories@github.com
https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48304

First published on : 21-11-2023 22:15:08
Last modified on : 21-11-2023 22:15:08

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.

CVE ID : CVE-2023-48304
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3 | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/40292 | source : security-advisories@github.com
https://hackerone.com/reports/2112973 | source : security-advisories@github.com

Vulnerability : CWE-639


Source : fluidattacks.com

Vulnerability ID : CVE-2023-6142

First published on : 21-11-2023 00:15:07
Last modified on : 21-11-2023 01:38:10

Description :
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.

CVE ID : CVE-2023-6142
Source : help@fluidattacks.com
CVSS Score : 6.4

References :
https://fluidattacks.com/advisories/bunny/ | source : help@fluidattacks.com
https://github.com/Armanidrisi/devblog/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : 3ds.com

Vulnerability ID : CVE-2023-5598

First published on : 21-11-2023 10:15:07
Last modified on : 21-11-2023 14:08:14

Description :
Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.

CVE ID : CVE-2023-5598
Source : 3DS.Information-Security@3ds.com
CVSS Score : 5.4

References :
https://www.3ds.com/vulnerability/advisories | source : 3DS.Information-Security@3ds.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5599

First published on : 21-11-2023 10:15:08
Last modified on : 21-11-2023 14:08:14

Description :
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

CVE ID : CVE-2023-5599
Source : 3DS.Information-Security@3ds.com
CVSS Score : 5.4

References :
https://www.3ds.com/vulnerability/advisories | source : 3DS.Information-Security@3ds.com

Vulnerability : CWE-79


Source : zscaler.com

Vulnerability ID : CVE-2023-28802

First published on : 21-11-2023 11:15:08
Last modified on : 21-11-2023 14:08:14

Description :
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.

CVE ID : CVE-2023-28802
Source : cve@zscaler.com
CVSS Score : 4.9

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2 | source : cve@zscaler.com

Vulnerability : CWE-354


Source : wordfence.com

Vulnerability ID : CVE-2023-5776

First published on : 21-11-2023 09:15:07
Last modified on : 21-11-2023 14:08:14

Description :
The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5776
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.svn.wordpress.org/post-meta-data-manager/tags/1.2.1/readme.txt | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2981559%40post-meta-data-manager&new=2981559%40post-meta-data-manager&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2994271%40post-meta-data-manager&new=2994271%40post-meta-data-manager&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=cve | source : security@wordfence.com


(4) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-48301

First published on : 21-11-2023 22:15:07
Last modified on : 21-11-2023 22:15:07

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.

CVE ID : CVE-2023-48301
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/nextcloud/circles/pull/1415 | source : security-advisories@github.com
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6 | source : security-advisories@github.com
https://hackerone.com/reports/2210038 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48302

First published on : 21-11-2023 22:15:07
Last modified on : 21-11-2023 22:15:07

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.

CVE ID : CVE-2023-48302
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87 | source : security-advisories@github.com
https://github.com/nextcloud/text/pull/4877 | source : security-advisories@github.com
https://hackerone.com/reports/2211561 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47643

First published on : 21-11-2023 20:15:07
Last modified on : 21-11-2023 20:31:33

Description :
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds.

CVE ID : CVE-2023-47643
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/salesagility/SuiteCRM-Core/commit/117dd8172793a239f71c91222606bf00677eeb33 | source : security-advisories@github.com
https://github.com/salesagility/SuiteCRM-Core/security/advisories/GHSA-fxww-jqfv-9rrr | source : security-advisories@github.com
https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/ | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-48303

First published on : 21-11-2023 22:15:07
Last modified on : 21-11-2023 22:15:07

Description :
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available.

CVE ID : CVE-2023-48303
Source : security-advisories@github.com
CVSS Score : 2.4

References :
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2448-44rp-c7hh | source : security-advisories@github.com
https://github.com/nextcloud/server/pull/39895 | source : security-advisories@github.com
https://hackerone.com/reports/2107934 | source : security-advisories@github.com

Vulnerability : CWE-284


(16) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-45886

First published on : 21-11-2023 06:15:42
Last modified on : 21-11-2023 14:08:14

Description :
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

CVE ID : CVE-2023-45886
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling | source : cve@mitre.org
https://my.f5.com/manage/s/article/K000137315 | source : cve@mitre.org
https://www.ipinfusion.com/doc_prod_cat/zebos/ | source : cve@mitre.org
https://www.kb.cert.org/vuls/id/347067 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46935

First published on : 21-11-2023 07:15:09
Last modified on : 21-11-2023 14:08:14

Description :
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.

CVE ID : CVE-2023-46935
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weng-xianhu/eyoucms/issues/55 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48124

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component.

CVE ID : CVE-2023-48124
Source : cve@mitre.org
CVSS Score : /

References :
https://patelvarshil.medium.com/cve-2023-48124-xss-vulnerability-in-an-e-commerce-platform-ad7d4ab77af4 | source : cve@mitre.org
https://www.sourcecodester.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46377

First published on : 21-11-2023 16:15:42
Last modified on : 21-11-2023 16:15:42

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-46377
Source : cve@mitre.org
CVSS Score : /

References :


Source : mozilla.org

Vulnerability ID : CVE-2023-49060

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

CVE ID : CVE-2023-49060
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1861405 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-51/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-49061

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

CVE ID : CVE-2023-49061
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1861420 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-51/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6204

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6204
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6205

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6205
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6206

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6206
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6207

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6207
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1861344 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6208

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Thunderbird on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6208
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1855345 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6209

First published on : 21-11-2023 15:15:07
Last modified on : 21-11-2023 16:30:00

Description :
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6209
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1858570 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6210

First published on : 21-11-2023 15:15:08
Last modified on : 21-11-2023 16:30:00

Description :
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

CVE ID : CVE-2023-6210
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1801501 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6211

First published on : 21-11-2023 15:15:08
Last modified on : 21-11-2023 16:30:00

Description :
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

CVE ID : CVE-2023-6211
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1850200 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6212

First published on : 21-11-2023 15:15:08
Last modified on : 21-11-2023 16:30:00

Description :
Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

CVE ID : CVE-2023-6212
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-50/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-52/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-6213

First published on : 21-11-2023 15:15:08
Last modified on : 21-11-2023 16:30:00

Description :
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.

CVE ID : CVE-2023-6213
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-49/ | source : security@mozilla.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.