Latest vulnerabilities of Wednesday, November 15, 2023

Latest vulnerabilities of Wednesday, November 15, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/15/2023 at 11:57:02 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : mitre.org

Vulnerability ID : CVE-2023-48365

First published on : 15-11-2023 22:15:28
Last modified on : 15-11-2023 22:15:28

Description :
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.

CVE ID : CVE-2023-48365
Source : cve@mitre.org
CVSS Score : 9.6

References :
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 | source : cve@mitre.org


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : hackerone.com

Vulnerability ID : CVE-2023-35080

First published on : 15-11-2023 00:15:07
Last modified on : 15-11-2023 02:28:40

Description :
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

CVE ID : CVE-2023-35080
Source : support@hackerone.com
CVSS Score : 8.8

References :
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release | source : support@hackerone.com


Vulnerability ID : CVE-2023-38043

First published on : 15-11-2023 00:15:07
Last modified on : 15-11-2023 02:28:40

Description :
When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.

CVE ID : CVE-2023-38043
Source : support@hackerone.com
CVSS Score : 8.8

References :
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release | source : support@hackerone.com


Vulnerability ID : CVE-2023-38543

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system.

CVE ID : CVE-2023-38543
Source : support@hackerone.com
CVSS Score : 8.8

References :
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release | source : support@hackerone.com


Vulnerability ID : CVE-2023-41718

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

CVE ID : CVE-2023-41718
Source : support@hackerone.com
CVSS Score : 7.8

References :
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release | source : support@hackerone.com


Source : github.com

Vulnerability ID : CVE-2023-47637

First published on : 15-11-2023 20:15:08
Last modified on : 15-11-2023 20:15:08

Description :
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-47637
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311 | source : security-advisories@github.com
https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0 | source : security-advisories@github.com
https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48224

First published on : 15-11-2023 21:15:08
Last modified on : 15-11-2023 21:15:08

Description :
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48224
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6 | source : security-advisories@github.com
https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358 | source : security-advisories@github.com
https://peps.python.org/pep-0506/ | source : security-advisories@github.com

Vulnerability : CWE-338


Source : 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Vulnerability ID : CVE-2023-31100

First published on : 15-11-2023 00:15:07
Last modified on : 15-11-2023 02:28:40

Description :
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138

CVE ID : CVE-2023-31100
Source : 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
CVSS Score : 8.4

References :
https://www.phoenix.com/security-notifications/ | source : 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Vulnerability : CWE-284


Source : elastic.co

Vulnerability ID : CVE-2023-46672

First published on : 15-11-2023 08:15:07
Last modified on : 15-11-2023 13:54:23

Description :
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

CVE ID : CVE-2023-46672
Source : bressers@elastic.co
CVSS Score : 8.4

References :
https://discuss.elastic.co/t/logstash-8-11-1-security-update-esa-2023-26/347191 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Source : se.com

Vulnerability ID : CVE-2023-5986

First published on : 15-11-2023 04:15:19
Last modified on : 15-11-2023 13:54:26

Description :
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.

CVE ID : CVE-2023-5986
Source : cybersecurity@se.com
CVSS Score : 8.2

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf | source : cybersecurity@se.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2023-5984

First published on : 15-11-2023 04:15:19
Last modified on : 15-11-2023 13:54:26

Description :
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure.

CVE ID : CVE-2023-5984
Source : cybersecurity@se.com
CVSS Score : 7.2

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf | source : cybersecurity@se.com

Vulnerability : CWE-494


Source : zoom.us

Vulnerability ID : CVE-2023-43590

First published on : 15-11-2023 00:15:09
Last modified on : 15-11-2023 02:28:40

Description :
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

CVE ID : CVE-2023-43590
Source : security@zoom.us
CVSS Score : 7.8

References :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnerability : CWE-59


Vulnerability ID : CVE-2023-43591

First published on : 15-11-2023 00:15:09
Last modified on : 15-11-2023 02:28:40

Description :
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

CVE ID : CVE-2023-43591
Source : security@zoom.us
CVSS Score : 7.8

References :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnerability : CWE-269


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-33873

First published on : 15-11-2023 17:15:41
Last modified on : 15-11-2023 17:15:41

Description :
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

CVE ID : CVE-2023-33873
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-250


Source : redhat.com

Vulnerability ID : CVE-2023-5720

First published on : 15-11-2023 14:15:07
Last modified on : 15-11-2023 14:15:07

Description :
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

CVE ID : CVE-2023-5720
Source : secalert@redhat.com
CVSS Score : 7.7

References :
https://access.redhat.com/security/cve/CVE-2023-5720 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2245700 | source : secalert@redhat.com

Vulnerability : CWE-526


Source : vmware.com

Vulnerability ID : CVE-2023-34062

First published on : 15-11-2023 10:15:07
Last modified on : 15-11-2023 13:54:23

Description :
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

CVE ID : CVE-2023-34062
Source : security@vmware.com
CVSS Score : 7.5

References :
https://spring.io/security/cve-2023-34062 | source : security@vmware.com


Source : jfrog.com

Vulnerability ID : CVE-2023-5245

First published on : 15-11-2023 13:15:07
Last modified on : 15-11-2023 13:54:23

Description :
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution

CVE ID : CVE-2023-5245
Source : reefs@jfrog.com
CVSS Score : 7.5

References :
https://github.com/combust/mleap/pull/866#issuecomment-1738032225 | source : reefs@jfrog.com
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ | source : reefs@jfrog.com

Vulnerability : CWE-22


Source : wdc.com

Vulnerability ID : CVE-2023-22818

First published on : 15-11-2023 20:15:07
Last modified on : 15-11-2023 20:15:07

Description :
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host.

CVE ID : CVE-2023-22818
Source : psirt@wdc.com
CVSS Score : 7.3

References :
https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25 | source : psirt@wdc.com

Vulnerability : CWE-427


(15) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-6133

First published on : 15-11-2023 07:15:14
Last modified on : 15-11-2023 13:54:23

Description :
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed.

CVE ID : CVE-2023-6133
Source : security@wordfence.com
CVSS Score : 6.6

References :
https://plugins.trac.wordpress.org/browser/forminator/tags/1.27.0/library/fields/upload.php#L356 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/forminator/tags/1.27.0/library/fields/upload.php#L372 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2995007/forminator/trunk/library/helpers/helper-fields.php#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4889

First published on : 15-11-2023 07:15:14
Last modified on : 15-11-2023 13:54:23

Description :
The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4889
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4602

First published on : 15-11-2023 13:15:07
Last modified on : 15-11-2023 13:54:23

Description :
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-4602
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://drive.google.com/file/d/1wliD7YvLqL2xWnR6jLEnWgoWRKsv9dCI/view?usp=sharing | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2966178/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d014f512-9030-49ce-945d-4900594fb373?source=cve | source : security@wordfence.com


Source : se.com

Vulnerability ID : CVE-2023-5987

First published on : 15-11-2023 04:15:19
Last modified on : 15-11-2023 13:54:23

Description :
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

CVE ID : CVE-2023-5987
Source : cybersecurity@se.com
CVSS Score : 6.1

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf | source : cybersecurity@se.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6032

First published on : 15-11-2023 04:15:19
Last modified on : 15-11-2023 13:54:23

Description :
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

CVE ID : CVE-2023-6032
Source : cybersecurity@se.com
CVSS Score : 5.3

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf | source : cybersecurity@se.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-5985

First published on : 15-11-2023 04:15:19
Last modified on : 15-11-2023 13:54:26

Description :
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.

CVE ID : CVE-2023-5985
Source : cybersecurity@se.com
CVSS Score : 4.8

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf | source : cybersecurity@se.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-48219

First published on : 15-11-2023 19:15:07
Last modified on : 15-11-2023 19:15:07

Description :
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48219
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8 | source : security-advisories@github.com
https://tiny.cloud/docs/release-notes/release-notes5109/ | source : security-advisories@github.com
https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/ | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47636

First published on : 15-11-2023 20:15:07
Last modified on : 15-11-2023 20:15:07

Description :
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-47636
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf | source : security-advisories@github.com
https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/ | source : security-advisories@github.com

Vulnerability : CWE-209


Vulnerability ID : CVE-2023-46121

First published on : 15-11-2023 00:15:09
Last modified on : 15-11-2023 02:28:40

Description :
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`.

CVE ID : CVE-2023-46121
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14 | source : security-advisories@github.com
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x | source : security-advisories@github.com

Vulnerability : CWE-444


Source : 769c9ae7-73c3-4e47-ae19-903170fc3eb8

Vulnerability ID : CVE-2023-41699

First published on : 15-11-2023 20:15:07
Last modified on : 15-11-2023 20:15:07

Description :
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

CVE ID : CVE-2023-41699
Source : 769c9ae7-73c3-4e47-ae19-903170fc3eb8
CVSS Score : 6.1

References :
https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html | source : 769c9ae7-73c3-4e47-ae19-903170fc3eb8
https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html | source : 769c9ae7-73c3-4e47-ae19-903170fc3eb8

Vulnerability : CWE-601


Source : zoom.us

Vulnerability ID : CVE-2023-43582

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

CVE ID : CVE-2023-43582
Source : security@zoom.us
CVSS Score : 5.5

References :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnerability : CWE-287


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-34982

First published on : 15-11-2023 17:15:41
Last modified on : 15-11-2023 17:15:41

Description :
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

CVE ID : CVE-2023-34982
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.5

References :
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-73


Source : tenable.com

Vulnerability ID : CVE-2023-6105

First published on : 15-11-2023 21:15:08
Last modified on : 15-11-2023 21:15:08

Description :
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.

CVE ID : CVE-2023-6105
Source : vulnreport@tenable.com
CVSS Score : 5.5

References :
https://www.tenable.com/security/research/tra-2023-35 | source : vulnreport@tenable.com

Vulnerability : CWE-200


Source : hackerone.com

Vulnerability ID : CVE-2023-38544

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.

CVE ID : CVE-2023-38544
Source : support@hackerone.com
CVSS Score : 5.3

References :
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-latest-Ivanti-Secure-Access-Client-Release | source : support@hackerone.com


Source : eclipse.org

Vulnerability ID : CVE-2023-5676

First published on : 15-11-2023 14:15:07
Last modified on : 15-11-2023 14:15:07

Description :
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

CVE ID : CVE-2023-5676
Source : emo@eclipse.org
CVSS Score : 4.1

References :
https://github.com/eclipse-openj9/openj9/pull/18085 | source : emo@eclipse.org
https://gitlab.eclipse.org/security/cve-assignement/-/issues/13 | source : emo@eclipse.org

Vulnerability : CWE-364


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : zoom.us

Vulnerability ID : CVE-2023-43588

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

CVE ID : CVE-2023-43588
Source : security@zoom.us
CVSS Score : 3.5

References :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us

Vulnerability : CWE-691


Source : checkmk.com

Vulnerability ID : CVE-2023-23549

First published on : 15-11-2023 11:15:08
Last modified on : 15-11-2023 13:54:23

Description :
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.

CVE ID : CVE-2023-23549
Source : security@checkmk.com
CVSS Score : 2.7

References :
https://checkmk.com/werk/16219 | source : security@checkmk.com

Vulnerability : CWE-20


Source : palantir.com

Vulnerability ID : CVE-2023-30954

First published on : 15-11-2023 20:15:07
Last modified on : 15-11-2023 20:15:07

Description :
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.

CVE ID : CVE-2023-30954
Source : cve-coordination@palantir.com
CVSS Score : 2.7

References :
https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567 | source : cve-coordination@palantir.com

Vulnerability : CWE-285


(31) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : hackerone.com

Vulnerability ID : CVE-2023-39335

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

CVE ID : CVE-2023-39335
Source : support@hackerone.com
CVSS Score : /

References :
https://forums.ivanti.com/s/article/CVE-2023-39335?language=en_US | source : support@hackerone.com


Vulnerability ID : CVE-2023-39337

First published on : 15-11-2023 00:15:08
Last modified on : 15-11-2023 02:28:40

Description :
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.

CVE ID : CVE-2023-39337
Source : support@hackerone.com
CVSS Score : /

References :
https://forums.ivanti.com/s/article/CVE-2023-39337?language=en_US | source : support@hackerone.com


Source : mitre.org

Vulnerability ID : CVE-2023-43979

First published on : 15-11-2023 01:15:07
Last modified on : 15-11-2023 02:28:40

Description :
ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().

CVE ID : CVE-2023-43979
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/11/14/ybc_blog.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-47308

First published on : 15-11-2023 01:15:07
Last modified on : 15-11-2023 02:28:40

Description :
In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-47308
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47309

First published on : 15-11-2023 01:15:07
Last modified on : 15-11-2023 02:28:40

Description :
Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.

CVE ID : CVE-2023-47309
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/11/14/nkmgls.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40923

First published on : 15-11-2023 06:15:27
Last modified on : 15-11-2023 13:54:23

Description :
MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

CVE ID : CVE-2023-40923
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/11/09/ordersexport.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-41597

First published on : 15-11-2023 06:15:27
Last modified on : 15-11-2023 13:54:23

Description :
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.

CVE ID : CVE-2023-41597
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/emlog/emlog/issues/238 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47445

First published on : 15-11-2023 06:15:27
Last modified on : 15-11-2023 13:54:23

Description :
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

CVE ID : CVE-2023-47445
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/termanix/PHPGrukul-Pre-School-Enrollment-System-v1.0/blob/main/CVE-2023-47445%20PHPGurukul-Pre-School-Enrollment-System-v1.0%20SQL%20Injection.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47446

First published on : 15-11-2023 06:15:27
Last modified on : 15-11-2023 13:54:23

Description :
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.

CVE ID : CVE-2023-47446
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/termanix/PHPGrukul-Pre-School-Enrollment-System-v1.0/blob/main/CVE-2023-47446%20PHPGurukul-Pre-School-Enrollment-System-v1.0%20Stored%20XSS%20Vulnerability.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48087

First published on : 15-11-2023 15:15:07
Last modified on : 15-11-2023 15:15:07

Description :
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.

CVE ID : CVE-2023-48087
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/xuxueli/xxl-job/issues/3330 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48088

First published on : 15-11-2023 15:15:07
Last modified on : 15-11-2023 15:15:07

Description :
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.

CVE ID : CVE-2023-48088
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/xuxueli/xxl-job/issues/3329 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48089

First published on : 15-11-2023 15:15:07
Last modified on : 15-11-2023 15:15:07

Description :
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.

CVE ID : CVE-2023-48089
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/xuxueli/xxl-job/issues/3333 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48011

First published on : 15-11-2023 19:15:07
Last modified on : 15-11-2023 19:15:07

Description :
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

CVE ID : CVE-2023-48011
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea | source : cve@mitre.org
https://github.com/gpac/gpac/issues/2611 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48013

First published on : 15-11-2023 19:15:07
Last modified on : 15-11-2023 19:15:07

Description :
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

CVE ID : CVE-2023-48013
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 | source : cve@mitre.org
https://github.com/gpac/gpac/issues/2612 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48014

First published on : 15-11-2023 19:15:07
Last modified on : 15-11-2023 19:15:07

Description :
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

CVE ID : CVE-2023-48014
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b | source : cve@mitre.org
https://github.com/gpac/gpac/issues/2613 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41442

First published on : 15-11-2023 22:15:27
Last modified on : 15-11-2023 22:15:27

Description :
An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.

CVE ID : CVE-2023-41442
Source : cve@mitre.org
CVSS Score : /

References :
https://writeups.ayyappan.me/v/tor-iot-mqtt/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47345

First published on : 15-11-2023 22:15:27
Last modified on : 15-11-2023 22:15:27

Description :
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

CVE ID : CVE-2023-47345
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/free5gc/free5gc/issues/483 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47347

First published on : 15-11-2023 22:15:27
Last modified on : 15-11-2023 22:15:27

Description :
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

CVE ID : CVE-2023-47347
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/free5gc/free5gc/issues/496 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47444

First published on : 15-11-2023 22:15:27
Last modified on : 15-11-2023 22:15:27

Description :
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

CVE ID : CVE-2023-47444
Source : cve@mitre.org
CVSS Score : /

References :
https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-47678

First published on : 15-11-2023 02:15:06
Last modified on : 15-11-2023 02:28:40

Description :
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.

CVE ID : CVE-2023-47678
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU96079387/ | source : vultures@jpcert.or.jp
https://www.asus.com/event/network/EOL-product/ | source : vultures@jpcert.or.jp
https://www.asus.com/support/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47580

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47580
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47581

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47581
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47582

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47582
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47583

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47583
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47584

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47584
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47585

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47585
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47586

First published on : 15-11-2023 06:15:28
Last modified on : 15-11-2023 13:54:23

Description :
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.

CVE ID : CVE-2023-47586
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://hakko-elec.co.jp/site/download/03tellus_inf/index.php | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU93840158/ | source : vultures@jpcert.or.jp
https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php | source : vultures@jpcert.or.jp


Source : wordfence.com

Vulnerability ID : CVE-2023-6079

First published on : 15-11-2023 17:15:41
Last modified on : 15-11-2023 17:15:41

Description :
Rejected reason: appears to be a duplicate of CVE-2023-40206

CVE ID : CVE-2023-6079
Source : security@wordfence.com
CVSS Score : /

References :


Source : google.com

Vulnerability ID : CVE-2023-5997

First published on : 15-11-2023 18:15:06
Last modified on : 15-11-2023 18:15:06

Description :
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-5997
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html | source : chrome-cve-admin@google.com
https://crbug.com/1497997 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6112

First published on : 15-11-2023 18:15:06
Last modified on : 15-11-2023 18:15:06

Description :
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-6112
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html | source : chrome-cve-admin@google.com
https://crbug.com/1499298 | source : chrome-cve-admin@google.com


Source : github.com

Vulnerability ID : CVE-2023-47638

First published on : 15-11-2023 21:15:08
Last modified on : 15-11-2023 21:15:08

Description :
Rejected reason: Confirm reference is not public.

CVE ID : CVE-2023-47638
Source : security-advisories@github.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.