Latest vulnerabilities of Tuesday, September 26, 2023

Latest vulnerabilities of Tuesday, September 26, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/26/2023 at 11:58:01 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(1) HIGH VULNERABILITIES [7.0, 8.9]

Source : zephyrproject.org

Vulnerability ID : CVE-2023-4259

First published on : 26-09-2023 00:15:11
Last modified on : 26-09-2023 21:04:17

Description :
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

CVE ID : CVE-2023-4259
Source : vulnerabilities@zephyrproject.org
CVSS Score : 8.8

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4 | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120

Vulnerability : CWE-120
Vulnerability : CWE-193

Vulnerable product(s) : cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*
Vulnerable version(s) : 3.4.0


(1) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : mitre.org

Vulnerability ID : CVE-2023-43325

First published on : 26-09-2023 00:15:10
Last modified on : 26-09-2023 14:37:19

Description :
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.

CVE ID : CVE-2023-43325
Source : cve@mitre.org
CVSS Score : 6.1

References :
https://github.com/ahrixia/CVE-2023-43325 | source : cve@mitre.org
https://moosocial.com/ | source : cve@mitre.org
https://travel.moosocial.com/ | source : cve@mitre.org

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*


(0) LOW VULNERABILITIES [0.1, 3.9]

(0) NO SCORE VULNERABILITIES [0.0, 0.0]

This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.