Latest vulnerabilities of Tuesday, September 19, 2023

Latest vulnerabilities of Tuesday, September 19, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/19/2023 at 11:58:02 PM

(6) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : mitre.org

Vulnerability ID : CVE-2022-28357

First published on : 19-09-2023 02:15:54
Last modified on : 19-09-2023 21:26:22

Description :
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

CVE ID : CVE-2022-28357
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://advisories.nats.io/CVE/CVE-2022-28357.txt | source : cve@mitre.org
https://github.com/nats-io/nats-server/releases | source : cve@mitre.org

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*
Vulnerable version(s) : 2.7.4


Source : jetbrains.com

Vulnerability ID : CVE-2023-42793

First published on : 19-09-2023 17:15:08
Last modified on : 19-09-2023 17:57:31

Description :
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE ID : CVE-2023-42793
Source : security@jetbrains.com
CVSS Score : 9.8

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : security@jetbrains.com

Vulnerability : CWE-288


Source : gitlab.com

Vulnerability ID : CVE-2023-5009

First published on : 19-09-2023 08:16:07
Last modified on : 19-09-2023 13:23:09

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.

CVE ID : CVE-2023-5009
Source : cve@gitlab.com
CVSS Score : 9.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/425304 | source : cve@gitlab.com
https://hackerone.com/reports/2147126 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : incibe.es

Vulnerability ID : CVE-2022-47558

First published on : 19-09-2023 13:16:21
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.

CVE ID : CVE-2022-47558
Source : cve-coordination@incibe.es
CVSS Score : 9.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-284


Vulnerability ID : CVE-2022-47555

First published on : 19-09-2023 13:16:20
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.

CVE ID : CVE-2022-47555
Source : cve-coordination@incibe.es
CVSS Score : 9.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-78


Source : cert-in.org.in

Vulnerability ID : CVE-2023-0773

First published on : 19-09-2023 10:15:07
Last modified on : 19-09-2023 13:23:09

Description :
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

CVE ID : CVE-2023-0773
Source : vdisclose@cert-in.org.in
CVSS Score : 9.1

References :
https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm | source : vdisclose@cert-in.org.in
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270 | source : vdisclose@cert-in.org.in

Vulnerability : CWE-287


(15) HIGH VULNERABILITIES [7.0, 8.9]

Source : incibe.es

Vulnerability ID : CVE-2023-4092

First published on : 19-09-2023 13:16:23
Last modified on : 19-09-2023 13:23:09

Description :
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.

CVE ID : CVE-2023-4092
Source : cve-coordination@incibe.es
CVSS Score : 8.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | source : cve-coordination@incibe.es

Vulnerability : CWE-89


Vulnerability ID : CVE-2022-47553

First published on : 19-09-2023 13:16:18
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.

CVE ID : CVE-2022-47553
Source : cve-coordination@incibe.es
CVSS Score : 8.6

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-285


Vulnerability ID : CVE-2022-47559

First published on : 19-09-2023 14:15:15
Last modified on : 19-09-2023 17:57:31

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.

CVE ID : CVE-2022-47559
Source : cve-coordination@incibe.es
CVSS Score : 8.6

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4096

First published on : 19-09-2023 14:15:25
Last modified on : 19-09-2023 17:57:31

Description :
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.

CVE ID : CVE-2023-4096
Source : cve-coordination@incibe.es
CVSS Score : 8.6

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | source : cve-coordination@incibe.es


Vulnerability ID : CVE-2022-47554

First published on : 19-09-2023 13:16:19
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.

CVE ID : CVE-2022-47554
Source : cve-coordination@incibe.es
CVSS Score : 8.2

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-200


Source : github.com

Vulnerability ID : CVE-2023-42444

First published on : 19-09-2023 15:15:56
Last modified on : 19-09-2023 17:57:31

Description :
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-42444
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6 | source : security-advisories@github.com
https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71 | source : security-advisories@github.com
https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2 | source : security-advisories@github.com

Vulnerability : CWE-1284
Vulnerability : CWE-248
Vulnerability : CWE-392


Vulnerability ID : CVE-2023-42447

First published on : 19-09-2023 15:15:57
Last modified on : 19-09-2023 17:57:31

Description :
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.

CVE ID : CVE-2023-42447
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/whisperfish/blurhash-rs/security/advisories/GHSA-cxvp-82cq-57h2 | source : security-advisories@github.com

Vulnerability : CWE-1284
Vulnerability : CWE-248
Vulnerability : CWE-392


Vulnerability ID : CVE-2023-41890

First published on : 19-09-2023 15:15:52
Last modified on : 19-09-2023 17:57:31

Description :
Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.

CVE ID : CVE-2023-41890
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/Sustainsys/Saml2/issues/712 | source : security-advisories@github.com
https://github.com/Sustainsys/Saml2/issues/713 | source : security-advisories@github.com
https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39 | source : security-advisories@github.com

Vulnerability : CWE-289
Vulnerability : CWE-294


Vulnerability ID : CVE-2023-42451

First published on : 19-09-2023 16:15:13
Last modified on : 19-09-2023 17:57:31

Description :
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

CVE ID : CVE-2023-42451
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667 | source : security-advisories@github.com

Vulnerability : CWE-706


Source : atlassian.com

Vulnerability ID : CVE-2023-22513

First published on : 19-09-2023 17:15:08
Last modified on : 19-09-2023 19:15:51

Description :
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program

CVE ID : CVE-2023-22513
Source : security@atlassian.com
CVSS Score : 8.5

References :
https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616 | source : security@atlassian.com
https://jira.atlassian.com/browse/BSERV-14419 | source : security@atlassian.com


Source : nozominetworks.com

Vulnerability ID : CVE-2023-29245

First published on : 19-09-2023 11:16:18
Last modified on : 19-09-2023 13:23:09

Description :
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.

CVE ID : CVE-2023-29245
Source : prodsec@nozominetworks.com
CVSS Score : 8.1

References :
https://security.nozominetworks.com/NN-2023:11-01 | source : prodsec@nozominetworks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-2567

First published on : 19-09-2023 11:16:19
Last modified on : 19-09-2023 13:23:09

Description :
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

CVE ID : CVE-2023-2567
Source : prodsec@nozominetworks.com
CVSS Score : 7.6

References :
https://security.nozominetworks.com/NN-2023:9-01 | source : prodsec@nozominetworks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-32649

First published on : 19-09-2023 11:16:20
Last modified on : 19-09-2023 13:23:09

Description :
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

CVE ID : CVE-2023-32649
Source : prodsec@nozominetworks.com
CVSS Score : 7.5

References :
https://security.nozominetworks.com/NN-2023:10-01 | source : prodsec@nozominetworks.com

Vulnerability : CWE-20


Source : suse.de

Vulnerability ID : CVE-2023-32184

First published on : 19-09-2023 10:15:12
Last modified on : 19-09-2023 13:23:09

Description :
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.

CVE ID : CVE-2023-32184
Source : meissner@suse.de
CVSS Score : 7.8

References :
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184 | source : meissner@suse.de

Vulnerability : CWE-922


Vulnerability ID : CVE-2023-32186

First published on : 19-09-2023 10:15:13
Last modified on : 19-09-2023 13:23:09

Description :
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.

CVE ID : CVE-2023-32186
Source : meissner@suse.de
CVSS Score : 7.5

References :
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32186 | source : meissner@suse.de
https://github.com/rancher/rke2/security/advisories/GHSA-p45j-vfv5-wprq | source : meissner@suse.de

Vulnerability : CWE-770


(14) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : snyk.io

Vulnerability ID : CVE-2023-26143

First published on : 19-09-2023 05:17:10
Last modified on : 19-09-2023 13:23:09

Description :
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

CVE ID : CVE-2023-26143
Source : report@snyk.io
CVSS Score : 6.5

References :
https://gist.github.com/lirantal/14c3686370a86461f555d3f0703e02f9 | source : report@snyk.io
https://github.com/kucherenko/blamer/commit/0965877f115753371a2570f10a63c455d2b2cde3 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-BLAMER-5731318 | source : report@snyk.io


Source : incibe.es

Vulnerability ID : CVE-2022-47556

First published on : 19-09-2023 13:16:20
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.

CVE ID : CVE-2022-47556
Source : cve-coordination@incibe.es
CVSS Score : 6.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-4094

First published on : 19-09-2023 14:15:22
Last modified on : 19-09-2023 17:57:31

Description :
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.

CVE ID : CVE-2023-4094
Source : cve-coordination@incibe.es
CVSS Score : 6.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | source : cve-coordination@incibe.es

Vulnerability : CWE-1390


Vulnerability ID : CVE-2022-47557

First published on : 19-09-2023 13:16:20
Last modified on : 19-09-2023 13:23:09

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.

CVE ID : CVE-2022-47557
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-916


Vulnerability ID : CVE-2023-4093

First published on : 19-09-2023 14:15:22
Last modified on : 19-09-2023 17:57:31

Description :
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.

CVE ID : CVE-2023-4093
Source : cve-coordination@incibe.es
CVSS Score : 5.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4095

First published on : 19-09-2023 14:15:24
Last modified on : 19-09-2023 17:57:31

Description :
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.

CVE ID : CVE-2023-4095
Source : cve-coordination@incibe.es
CVSS Score : 5.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | source : cve-coordination@incibe.es

Vulnerability : CWE-204


Source : huntr.dev

Vulnerability ID : CVE-2023-5060

First published on : 19-09-2023 03:15:08
Last modified on : 19-09-2023 21:26:49

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.

CVE ID : CVE-2023-5060
Source : security@huntr.dev
CVSS Score : 6.1

References :
https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72 | source : security@huntr.dev
https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3 | source : security@huntr.dev

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*


Source : github.com

Vulnerability ID : CVE-2023-42452

First published on : 19-09-2023 16:15:13
Last modified on : 19-09-2023 17:57:31

Description :
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue.

CVE ID : CVE-2023-42452
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/mastodon/mastodon/commit/ff32475f5f4a84ebf9619e7eef5bf8b4c075d0e2 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-2693-xr3m-jhqr | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-42450

First published on : 19-09-2023 16:15:12
Last modified on : 19-09-2023 17:57:31

Description :
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.

CVE ID : CVE-2023-42450
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/mastodon/mastodon/commit/94893cf24fc95b32cc7a756262acbe008c20a9d2 | source : security-advisories@github.com
https://github.com/mastodon/mastodon/security/advisories/GHSA-hcqf-fw2r-52g4 | source : security-advisories@github.com

Vulnerability : CWE-918


Source : suse.de

Vulnerability ID : CVE-2023-32182

First published on : 19-09-2023 16:15:09
Last modified on : 19-09-2023 17:57:31

Description :
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

CVE ID : CVE-2023-32182
Source : meissner@suse.de
CVSS Score : 5.9

References :
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 | source : meissner@suse.de

Vulnerability : CWE-59


Source : wordfence.com

Vulnerability ID : CVE-2023-5054

First published on : 19-09-2023 07:15:51
Last modified on : 19-09-2023 13:23:09

Description :
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.

CVE ID : CVE-2023-5054
Source : security@wordfence.com
CVSS Score : 5.8

References :
https://superstorefinder.net/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Source : mimsoftware.com

Vulnerability ID : CVE-2023-3892

First published on : 19-09-2023 15:15:52
Last modified on : 19-09-2023 17:57:31

Description :
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team. We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.

CVE ID : CVE-2023-3892
Source : security@mimsoftware.com
CVSS Score : 5.6

References :
https://www.mimsoftware.com/cve-2023-3892 | source : security@mimsoftware.com

Vulnerability : CWE-611


Source : mitre.org

Vulnerability ID : CVE-2023-40788

First published on : 19-09-2023 00:15:34
Last modified on : 19-09-2023 21:25:17

Description :
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs

CVE ID : CVE-2023-40788
Source : cve@mitre.org
CVSS Score : 5.3

References :
https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7 | source : cve@mitre.org
https://github.com/chillzhuang/SpringBlade | source : cve@mitre.org
https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java | source : cve@mitre.org

Vulnerability : CWE-668

Vulnerable product(s) : cpe:2.3:a:bladex:springblade:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.6.0


Vulnerability ID : CVE-2023-41599

First published on : 19-09-2023 02:15:58
Last modified on : 19-09-2023 21:26:38

Description :
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.

CVE ID : CVE-2023-41599
Source : cve@mitre.org
CVSS Score : 5.3

References :
http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ | source : cve@mitre.org

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*


(1) LOW VULNERABILITIES [0.1, 3.9]

Source : jetbrains.com

Vulnerability ID : CVE-2023-43566

First published on : 19-09-2023 17:15:08
Last modified on : 19-09-2023 17:57:31

Description :
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

CVE ID : CVE-2023-43566
Source : security@jetbrains.com
CVSS Score : 3.5

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : security@jetbrains.com

Vulnerability : CWE-79


(15) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2021-26837

First published on : 19-09-2023 00:15:33
Last modified on : 19-09-2023 03:37:18

Description :
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.

CVE ID : CVE-2021-26837
Source : cve@mitre.org
CVSS Score : /

References :
https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview/ | source : cve@mitre.org
https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in | source : cve@mitre.org


Vulnerability ID : CVE-2023-42399

First published on : 19-09-2023 04:15:55
Last modified on : 19-09-2023 13:23:09

Description :
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.

CVE ID : CVE-2023-42399
Source : cve@mitre.org
CVSS Score : /

References :
http://jodit.com | source : cve@mitre.org
https://github.com/xdan/jodit/issues/1017 | source : cve@mitre.org
https://xdsoft.net | source : cve@mitre.org


Vulnerability ID : CVE-2023-41387

First published on : 19-09-2023 09:15:07
Last modified on : 19-09-2023 13:23:09

Description :
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.

CVE ID : CVE-2023-41387
Source : cve@mitre.org
CVSS Score : /

References :
https://pub.dev/packages/flutter_downloader/changelog | source : cve@mitre.org
https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data | source : cve@mitre.org


Vulnerability ID : CVE-2023-31808

First published on : 19-09-2023 14:15:20
Last modified on : 19-09-2023 17:57:31

Description :
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.

CVE ID : CVE-2023-31808
Source : cve@mitre.org
CVSS Score : /

References :
https://www.kb.cert.org/vuls/id/913565 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38351

First published on : 19-09-2023 16:15:10
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.

CVE ID : CVE-2023-38351
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38352

First published on : 19-09-2023 16:15:11
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack.

CVE ID : CVE-2023-38352
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38353

First published on : 19-09-2023 16:15:11
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack.

CVE ID : CVE-2023-38353
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38354

First published on : 19-09-2023 16:15:11
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

CVE ID : CVE-2023-38354
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38355

First published on : 19-09-2023 16:15:12
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

CVE ID : CVE-2023-38355
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38356

First published on : 19-09-2023 16:15:12
Last modified on : 19-09-2023 17:57:31

Description :
MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

CVE ID : CVE-2023-38356
Source : cve@mitre.org
CVSS Score : /

References :
https://0dr3f.github.io/cve/ | source : cve@mitre.org


Source : symantec.com

Vulnerability ID : CVE-2023-23957

First published on : 19-09-2023 13:16:21
Last modified on : 19-09-2023 13:23:09

Description :
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4

CVE ID : CVE-2023-23957
Source : secure@symantec.com
CVSS Score : /

References :
https://support.broadcom.com/external/content/SecurityAdvisories/0/22544 | source : secure@symantec.com


Source : apache.org

Vulnerability ID : CVE-2023-41834

First published on : 19-09-2023 13:16:22
Last modified on : 19-09-2023 21:15:25

Description :
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.

CVE ID : CVE-2023-41834
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/19/3 | source : security@apache.org
https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm | source : security@apache.org

Vulnerability : CWE-113
Vulnerability : CWE-74


Source : trendmicro.com

Vulnerability ID : CVE-2023-41179

First published on : 19-09-2023 14:15:21
Last modified on : 19-09-2023 17:57:31

Description :
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

CVE ID : CVE-2023-41179
Source : security@trendmicro.com
CVSS Score : /

References :
https://success.trendmicro.com/jp/solution/000294706 | source : security@trendmicro.com
https://success.trendmicro.com/solution/000294994 | source : security@trendmicro.com


Source : wpscan.com

Vulnerability ID : CVE-2023-2995

First published on : 19-09-2023 20:15:09
Last modified on : 19-09-2023 21:20:45

Description :
The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-2995
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f | source : contact@wpscan.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4376

First published on : 19-09-2023 20:15:09
Last modified on : 19-09-2023 21:20:45

Description :
The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4376
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/13910e52-5302-4252-8bee-49dd1f0e180a | source : contact@wpscan.com

Vulnerability : CWE-79


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.