Latest vulnerabilities of Tuesday, November 28, 2023

Latest vulnerabilities of Tuesday, November 28, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/28/2023 at 11:57:02 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-6201

First published on : 28-11-2023 12:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.

CVE ID : CVE-2023-6201
Source : iletisim@usom.gov.tr
CVSS Score : 9.9

References :
https://www.usom.gov.tr/bildirim/tr-23-0665 | source : iletisim@usom.gov.tr

Vulnerability : CWE-78


Source : starlabs.sg

Vulnerability ID : CVE-2023-3368

First published on : 28-11-2023 07:15:41
Last modified on : 28-11-2023 14:12:58

Description :
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

CVE ID : CVE-2023-3368
Source : info@starlabs.sg
CVSS Score : 9.8

References :
https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a | source : info@starlabs.sg
https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-3368/ | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368 | source : info@starlabs.sg

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-3533

First published on : 28-11-2023 07:15:42
Last modified on : 28-11-2023 14:12:58

Description :
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.

CVE ID : CVE-2023-3533
Source : info@starlabs.sg
CVSS Score : 9.8

References :
https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-3533/ | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-124-2023-07-13-Critical-impact-High-risk-Unauthenticated-Arbitrary-File-Write-RCE-CVE-2023-3533 | source : info@starlabs.sg

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-3545

First published on : 28-11-2023 07:15:42
Last modified on : 28-11-2023 14:12:58

Description :
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

CVE ID : CVE-2023-3545
Source : info@starlabs.sg
CVSS Score : 9.8

References :
https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549 | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-3545/ | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545 | source : info@starlabs.sg

Vulnerability : CWE-178


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : starlabs.sg

Vulnerability ID : CVE-2023-4223

First published on : 28-11-2023 08:15:08
Last modified on : 28-11-2023 14:12:58

Description :
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE ID : CVE-2023-4223
Source : info@starlabs.sg
CVSS Score : 8.8

References :
https://github.com/chamilo/chamilo-lms/commit/3d74fb7d99bd2e287730552f7a66562417a55047 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4223 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226 | source : info@starlabs.sg

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4224

First published on : 28-11-2023 08:15:09
Last modified on : 28-11-2023 14:12:58

Description :
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE ID : CVE-2023-4224
Source : info@starlabs.sg
CVSS Score : 8.8

References :
https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4224 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226 | source : info@starlabs.sg

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4225

First published on : 28-11-2023 08:15:09
Last modified on : 28-11-2023 14:12:58

Description :
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE ID : CVE-2023-4225
Source : info@starlabs.sg
CVSS Score : 8.8

References :
https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4225 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226 | source : info@starlabs.sg

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4226

First published on : 28-11-2023 08:15:10
Last modified on : 28-11-2023 14:12:58

Description :
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE ID : CVE-2023-4226
Source : info@starlabs.sg
CVSS Score : 8.8

References :
https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4226 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226 | source : info@starlabs.sg

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4220

First published on : 28-11-2023 08:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

CVE ID : CVE-2023-4220
Source : info@starlabs.sg
CVSS Score : 8.1

References :
https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49 | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4220 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220 | source : info@starlabs.sg

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4221

First published on : 28-11-2023 08:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

CVE ID : CVE-2023-4221
Source : info@starlabs.sg
CVSS Score : 7.2

References :
https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4221 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222 | source : info@starlabs.sg

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-4222

First published on : 28-11-2023 08:15:08
Last modified on : 28-11-2023 14:12:58

Description :
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

CVE ID : CVE-2023-4222
Source : info@starlabs.sg
CVSS Score : 7.2

References :
https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7 | source : info@starlabs.sg
https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db | source : info@starlabs.sg
https://starlabs.sg/advisories/23/23-4222 | source : info@starlabs.sg
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-128-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4221CVE-2023-4222 | source : info@starlabs.sg

Vulnerability : CWE-78


Source : github.com

Vulnerability ID : CVE-2023-49075

First published on : 28-11-2023 05:15:08
Last modified on : 28-11-2023 14:12:58

Description :
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.

CVE ID : CVE-2023-49075
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/pull/345 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg | source : security-advisories@github.com
https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch | source : security-advisories@github.com

Vulnerability : CWE-308


Vulnerability ID : CVE-2023-49092

First published on : 28-11-2023 21:15:08
Last modified on : 28-11-2023 21:15:08

Description :
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

CVE ID : CVE-2023-49092
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643 | source : security-advisories@github.com
https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr | source : security-advisories@github.com

Vulnerability : CWE-385


Source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability ID : CVE-2023-4667

First published on : 28-11-2023 09:15:07
Last modified on : 28-11-2023 14:12:58

Description :
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage

CVE ID : CVE-2023-4667
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 8.1

References :
https://www.idemia.com/vulnerability-information | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-42004

First published on : 28-11-2023 11:15:07
Last modified on : 28-11-2023 14:12:58

Description :
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.

CVE ID : CVE-2023-42004
Source : psirt@us.ibm.com
CVSS Score : 8.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/265262 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7069241 | source : psirt@us.ibm.com

Vulnerability : CWE-1236


Source : solarwinds.com

Vulnerability ID : CVE-2023-40056

First published on : 28-11-2023 18:15:07
Last modified on : 28-11-2023 18:29:23

Description :
SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.

CVE ID : CVE-2023-40056
Source : psirt@solarwinds.com
CVSS Score : 8.0

References :
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056 | source : psirt@solarwinds.com

Vulnerability : CWE-89


Source : zyxel.com.tw

Vulnerability ID : CVE-2023-4398

First published on : 28-11-2023 02:15:43
Last modified on : 28-11-2023 14:12:58

Description :
An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

CVE ID : CVE-2023-4398
Source : security@zyxel.com.tw
CVSS Score : 7.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-190


Source : redhat.com

Vulnerability ID : CVE-2023-5981

First published on : 28-11-2023 12:15:07
Last modified on : 28-11-2023 14:15:07

Description :
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

CVE ID : CVE-2023-5981
Source : secalert@redhat.com
CVSS Score : 7.4

References :
https://access.redhat.com/security/cve/CVE-2023-5981 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2248445 | source : secalert@redhat.com
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 | source : secalert@redhat.com

Vulnerability : CWE-203


Source : wordfence.com

Vulnerability ID : CVE-2023-6219

First published on : 28-11-2023 03:15:07
Last modified on : 28-11-2023 14:12:58

Description :
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6219
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/tags/1.0.76/core/classes/class.bookingpress_fileupload_class.php#L140 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3001484/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3001484/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_settings.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=cve | source : security@wordfence.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6150

First published on : 28-11-2023 10:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.

CVE ID : CVE-2023-6150
Source : iletisim@usom.gov.tr
CVSS Score : 7.2

References :
https://www.usom.gov.tr/bildirim/tr-23-0664 | source : iletisim@usom.gov.tr

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-6151

First published on : 28-11-2023 10:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.

CVE ID : CVE-2023-6151
Source : iletisim@usom.gov.tr
CVSS Score : 7.2

References :
https://www.usom.gov.tr/bildirim/tr-23-0664 | source : iletisim@usom.gov.tr

Vulnerability : CWE-269


(27) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-48713

First published on : 28-11-2023 04:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.

CVE ID : CVE-2023-48713
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca | source : security-advisories@github.com
https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1 | source : security-advisories@github.com
https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a | source : security-advisories@github.com
https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547 | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-32065

First published on : 28-11-2023 04:15:07
Last modified on : 28-11-2023 14:12:58

Description :
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.

CVE ID : CVE-2023-32065
Source : security-advisories@github.com
CVSS Score : 5.8

References :
https://github.com/oroinc/orocommerce/security/advisories/GHSA-88g2-xgh9-4ph2 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-49078

First published on : 28-11-2023 19:15:07
Last modified on : 28-11-2023 19:15:07

Description :
raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.

CVE ID : CVE-2023-49078
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/zediious/raptor-web/releases/tag/0.4.4.1 | source : security-advisories@github.com
https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32063

First published on : 28-11-2023 04:15:07
Last modified on : 28-11-2023 14:12:58

Description :
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

CVE ID : CVE-2023-32063
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85 | source : security-advisories@github.com
https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950 | source : security-advisories@github.com
https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-32064

First published on : 28-11-2023 04:15:07
Last modified on : 28-11-2023 14:12:58

Description :
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.

CVE ID : CVE-2023-32064
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c | source : security-advisories@github.com

Vulnerability : CWE-284


Source : wordfence.com

Vulnerability ID : CVE-2023-6225

First published on : 28-11-2023 05:15:08
Last modified on : 28-11-2023 14:12:58

Description :
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6225
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/558e36f6-4678-46a2-8154-42770fbb5574?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6226

First published on : 28-11-2023 05:15:08
Last modified on : 28-11-2023 14:12:58

Description :
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.

CVE ID : CVE-2023-6226
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve | source : security@wordfence.com


Source : apache.org

Vulnerability ID : CVE-2023-42504

First published on : 28-11-2023 18:15:08
Last modified on : 28-11-2023 18:29:23

Description :
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0

CVE ID : CVE-2023-42504
Source : security@apache.org
CVSS Score : 5.8

References :
http://www.openwall.com/lists/oss-security/2023/11/28/6 | source : security@apache.org
https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l | source : security@apache.org

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-42502

First published on : 28-11-2023 17:15:07
Last modified on : 28-11-2023 18:29:23

Description :
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

CVE ID : CVE-2023-42502
Source : security@apache.org
CVSS Score : 4.8

References :
http://www.openwall.com/lists/oss-security/2023/11/28/3 | source : security@apache.org
https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn | source : security@apache.org

Vulnerability : CWE-601


Vulnerability ID : CVE-2023-42505

First published on : 28-11-2023 17:15:08
Last modified on : 28-11-2023 18:29:23

Description :
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

CVE ID : CVE-2023-42505
Source : security@apache.org
CVSS Score : 4.3

References :
http://www.openwall.com/lists/oss-security/2023/11/28/5 | source : security@apache.org
https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y | source : security@apache.org

Vulnerability : CWE-200


Source : zyxel.com.tw

Vulnerability ID : CVE-2023-35136

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

CVE ID : CVE-2023-35136
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-37925

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.

CVE ID : CVE-2023-37925
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-37926

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

CVE ID : CVE-2023-37926
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-5650

First published on : 28-11-2023 02:15:43
Last modified on : 28-11-2023 14:12:58

Description :
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.

CVE ID : CVE-2023-5650
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-5797

First published on : 28-11-2023 03:15:07
Last modified on : 28-11-2023 14:12:58

Description :
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.

CVE ID : CVE-2023-5797
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-5960

First published on : 28-11-2023 03:15:07
Last modified on : 28-11-2023 14:12:58

Description :
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

CVE ID : CVE-2023-5960
Source : security@zyxel.com.tw
CVSS Score : 5.5

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-35139

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs.

CVE ID : CVE-2023-35139
Source : security@zyxel.com.tw
CVSS Score : 5.2

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4397

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

CVE ID : CVE-2023-4397
Source : security@zyxel.com.tw
CVSS Score : 4.4

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps | source : security@zyxel.com.tw

Vulnerability : CWE-120


Source : incibe.es

Vulnerability ID : CVE-2023-6359

First published on : 28-11-2023 12:15:07
Last modified on : 28-11-2023 14:12:58

Description :
A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page.

CVE ID : CVE-2023-6359
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : m-files.com

Vulnerability ID : CVE-2023-6239

First published on : 28-11-2023 14:15:07
Last modified on : 28-11-2023 18:29:23

Description :
Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11 before 23.11.13168.7 could produce a faulty result if an object used a specific configuration of metadata-driven permissions.

CVE ID : CVE-2023-6239
Source : security@m-files.com
CVSS Score : 5.4

References :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239/ | source : security@m-files.com

Vulnerability : CWE-281


Source : bd.com

Vulnerability ID : CVE-2023-29060

First published on : 28-11-2023 20:15:07
Last modified on : 28-11-2023 21:15:07

Description :
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

CVE ID : CVE-2023-29060
Source : cybersecurity@bd.com
CVSS Score : 5.4

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-1299


Vulnerability ID : CVE-2023-29061

First published on : 28-11-2023 21:15:07
Last modified on : 28-11-2023 21:15:07

Description :
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.

CVE ID : CVE-2023-29061
Source : cybersecurity@bd.com
CVSS Score : 5.2

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-29064

First published on : 28-11-2023 21:15:07
Last modified on : 28-11-2023 21:15:07

Description :
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.

CVE ID : CVE-2023-29064
Source : cybersecurity@bd.com
CVSS Score : 4.1

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-29065

First published on : 28-11-2023 21:15:07
Last modified on : 28-11-2023 21:15:07

Description :
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

CVE ID : CVE-2023-29065
Source : cybersecurity@bd.com
CVSS Score : 4.1

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-277


Source : vmware.com

Vulnerability ID : CVE-2023-34053

First published on : 28-11-2023 09:15:06
Last modified on : 28-11-2023 14:12:58

Description :
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

CVE ID : CVE-2023-34053
Source : security@vmware.com
CVSS Score : 5.3

References :
https://spring.io/security/cve-2023-34053 | source : security@vmware.com


Vulnerability ID : CVE-2023-34054

First published on : 28-11-2023 09:15:07
Last modified on : 28-11-2023 14:12:58

Description :
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

CVE ID : CVE-2023-34054
Source : security@vmware.com
CVSS Score : 5.3

References :
https://spring.io/security/cve-2023-34054 | source : security@vmware.com


Vulnerability ID : CVE-2023-34055

First published on : 28-11-2023 09:15:07
Last modified on : 28-11-2023 14:12:58

Description :
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath

CVE ID : CVE-2023-34055
Source : security@vmware.com
CVSS Score : 5.3

References :
https://spring.io/security/cve-2023-34055 | source : security@vmware.com


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : bd.com

Vulnerability ID : CVE-2023-29062

First published on : 28-11-2023 21:15:07
Last modified on : 28-11-2023 21:15:07

Description :
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.

CVE ID : CVE-2023-29062
Source : cybersecurity@bd.com
CVSS Score : 3.8

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-29066

First published on : 28-11-2023 21:15:08
Last modified on : 28-11-2023 21:15:08

Description :
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.

CVE ID : CVE-2023-29066
Source : cybersecurity@bd.com
CVSS Score : 3.2

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-266


Vulnerability ID : CVE-2023-29063

First published on : 28-11-2023 21:15:07
Last modified on : 28-11-2023 21:15:07

Description :
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.

CVE ID : CVE-2023-29063
Source : cybersecurity@bd.com
CVSS Score : 2.4

References :
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software | source : cybersecurity@bd.com

Vulnerability : CWE-1299


(24) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-29770

First published on : 28-11-2023 00:15:07
Last modified on : 28-11-2023 14:12:58

Description :
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

CVE ID : CVE-2023-29770
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sapplica/sentrifugo | source : cve@mitre.org
https://github.com/sapplica/sentrifugo/issues/384 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47437

First published on : 28-11-2023 00:15:07
Last modified on : 28-11-2023 14:12:58

Description :
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.

CVE ID : CVE-2023-47437
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/herombey/CVE-2023-47437 | source : cve@mitre.org
https://github.com/pachno/pachno | source : cve@mitre.org


Vulnerability ID : CVE-2023-47503

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.

CVE ID : CVE-2023-47503
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jflyfox/jfinal_cms/issues/58 | source : cve@mitre.org


Vulnerability ID : CVE-2023-24023

First published on : 28-11-2023 07:15:41
Last modified on : 28-11-2023 14:12:58

Description :
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

CVE ID : CVE-2023-24023
Source : cve@mitre.org
CVSS Score : /

References :
https://dl.acm.org/doi/10.1145/3576915.3623066 | source : cve@mitre.org
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48022

First published on : 28-11-2023 08:15:06
Last modified on : 28-11-2023 14:12:58

Description :
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

CVE ID : CVE-2023-48022
Source : cve@mitre.org
CVSS Score : /

References :
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0 | source : cve@mitre.org
https://docs.ray.io/en/latest/ray-security/index.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48023

First published on : 28-11-2023 08:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

CVE ID : CVE-2023-48023
Source : cve@mitre.org
CVSS Score : /

References :
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0 | source : cve@mitre.org
https://docs.ray.io/en/latest/ray-security/index.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48042

First published on : 28-11-2023 13:15:07
Last modified on : 28-11-2023 14:12:58

Description :
Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Site Scripting (XSS).

CVE ID : CVE-2023-48042
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html | source : cve@mitre.org
https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e | source : cve@mitre.org


Vulnerability ID : CVE-2023-49313

First published on : 28-11-2023 15:15:07
Last modified on : 28-11-2023 18:29:23

Description :
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

CVE ID : CVE-2023-49313
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/horsicq/XMachOViewer | source : cve@mitre.org
https://github.com/louiselalanne/CVE-2023-49313 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49314

First published on : 28-11-2023 15:15:07
Last modified on : 28-11-2023 18:29:23

Description :
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVE ID : CVE-2023-49314
Source : cve@mitre.org
CVSS Score : /

References :
https://asana.com/pt/download | source : cve@mitre.org
https://github.com/electron/fuses | source : cve@mitre.org
https://github.com/louiselalanne/CVE-2023-49314 | source : cve@mitre.org
https://github.com/r3ggi/electroniz3r | source : cve@mitre.org
https://www.electronjs.org/docs/latest/tutorial/fuses | source : cve@mitre.org


Vulnerability ID : CVE-2023-41264

First published on : 28-11-2023 17:15:07
Last modified on : 28-11-2023 18:29:23

Description :
Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).

CVE ID : CVE-2023-41264
Source : cve@mitre.org
CVSS Score : /

References :
https://www.netwrix.com/identity_governance_and_administration_solution.html | source : cve@mitre.org
https://www.synacktiv.com/advisories/usercube-netwrix-multiple-vulnerabilities | source : cve@mitre.org


Vulnerability ID : CVE-2023-48848

First published on : 28-11-2023 17:15:08
Last modified on : 28-11-2023 18:29:23

Description :
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

CVE ID : CVE-2023-48848
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/h00klod0er/ureport2-vuln/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48121

First published on : 28-11-2023 19:15:07
Last modified on : 28-11-2023 19:15:07

Description :
An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.

CVE ID : CVE-2023-48121
Source : cve@mitre.org
CVSS Score : /

References :
https://www.ezviz.com/data-security/security-notice/detail/911 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45539

First published on : 28-11-2023 20:15:07
Last modified on : 28-11-2023 20:15:07

Description :
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

CVE ID : CVE-2023-45539
Source : cve@mitre.org
CVSS Score : /

References :
https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6 | source : cve@mitre.org
https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html | source : cve@mitre.org
https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48193

First published on : 28-11-2023 21:15:08
Last modified on : 28-11-2023 21:15:08

Description :
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.

CVE ID : CVE-2023-48193
Source : cve@mitre.org
CVSS Score : /

References :
http://jumpserver.com | source : cve@mitre.org
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md | source : cve@mitre.org
https://github.com/jumpserver/jumpserver | source : cve@mitre.org


Vulnerability ID : CVE-2023-46944

First published on : 28-11-2023 22:15:06
Last modified on : 28-11-2023 22:15:06

Description :
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.

CVE ID : CVE-2023-46944
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gitkraken/vscode-gitlens/commit/ee2a0c42a92d33059a39fd15fbbd5dd3d5ab6440 | source : cve@mitre.org
https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/ | source : cve@mitre.org


Source : hypr.com

Vulnerability ID : CVE-2024-0069

First published on : 28-11-2023 00:15:07
Last modified on : 28-11-2023 00:15:07

Description :
Rejected reason: This CVE ID was unused by the CNA.

CVE ID : CVE-2024-0069
Source : security@hypr.com
CVSS Score : /

References :


Vulnerability ID : CVE-2024-0070

First published on : 28-11-2023 00:15:07
Last modified on : 28-11-2023 00:15:07

Description :
Rejected reason: This CVE ID was unused by the CNA.

CVE ID : CVE-2024-0070
Source : security@hypr.com
CVSS Score : /

References :


Source : hackerone.com

Vulnerability ID : CVE-2023-30585

First published on : 28-11-2023 02:15:42
Last modified on : 28-11-2023 14:12:58

Description :
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or "non-privileged") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged "msiexec.exe" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue.

CVE ID : CVE-2023-30585
Source : support@hackerone.com
CVSS Score : /

References :
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases | source : support@hackerone.com


Vulnerability ID : CVE-2023-30588

First published on : 28-11-2023 20:15:07
Last modified on : 28-11-2023 20:15:07

Description :
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CVE ID : CVE-2023-30588
Source : support@hackerone.com
CVSS Score : /

References :
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases | source : support@hackerone.com


Vulnerability ID : CVE-2023-30590

First published on : 28-11-2023 20:15:07
Last modified on : 28-11-2023 20:15:07

Description :
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.

CVE ID : CVE-2023-30590
Source : support@hackerone.com
CVSS Score : /

References :
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases | source : support@hackerone.com


Source : apache.org

Vulnerability ID : CVE-2022-41678

First published on : 28-11-2023 16:15:06
Last modified on : 28-11-2023 18:29:23

Description :
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

CVE ID : CVE-2022-41678
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/28/1 | source : security@apache.org
https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt | source : security@apache.org
https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl | source : security@apache.org

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-46589

First published on : 28-11-2023 16:15:06
Last modified on : 28-11-2023 18:29:23

Description :
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

CVE ID : CVE-2023-46589
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/28/2 | source : security@apache.org
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr | source : security@apache.org

Vulnerability : CWE-20


Source : fb.com

Vulnerability ID : CVE-2023-49062

First published on : 28-11-2023 16:15:07
Last modified on : 28-11-2023 18:29:23

Description :
Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f

CVE ID : CVE-2023-49062
Source : cve-assign@fb.com
CVSS Score : /

References :
https://github.com/facebookincubator/katran/commit/6a03106ac1eab39d0303662963589ecb2374c97f | source : cve-assign@fb.com
https://www.facebook.com/security/advisories/cve-2023-49062 | source : cve-assign@fb.com


Source : golang.org

Vulnerability ID : CVE-2023-45286

First published on : 28-11-2023 17:15:08
Last modified on : 28-11-2023 18:29:23

Description :
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.

CVE ID : CVE-2023-45286
Source : security@golang.org
CVSS Score : /

References :
https://github.com/go-resty/resty/issues/739 | source : security@golang.org
https://github.com/go-resty/resty/issues/743 | source : security@golang.org
https://github.com/go-resty/resty/pull/745 | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2328 | source : security@golang.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.