Latest vulnerabilities of Wednesday, October 11, 2023

Latest vulnerabilities of Wednesday, October 11, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/11/2023 at 11:58:02 PM

(12) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : cisco.com

Vulnerability ID : CVE-2023-24479

First published on : 11-10-2023 16:15:12
Last modified on : 11-10-2023 16:37:00

Description :
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-24479
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1762 | source : talos-cna@cisco.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-32645

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-32645
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752 | source : talos-cna@cisco.com

Vulnerability : CWE-489


Vulnerability ID : CVE-2023-34346

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-34346
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764 | source : talos-cna@cisco.com

Vulnerability : CWE-489


Vulnerability ID : CVE-2023-34365

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-34365
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-34426

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-34426
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-35965

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.

CVE ID : CVE-2023-35965
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35966

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.

CVE ID : CVE-2023-35966
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35967

First published on : 11-10-2023 16:15:14
Last modified on : 11-10-2023 16:37:00

Description :
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.

CVE ID : CVE-2023-35967
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35968

First published on : 11-10-2023 16:15:14
Last modified on : 11-10-2023 16:37:00

Description :
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.

CVE ID : CVE-2023-35968
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Source : hcl.com

Vulnerability ID : CVE-2023-37538

First published on : 11-10-2023 13:15:09
Last modified on : 11-10-2023 14:23:06

Description :
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

CVE ID : CVE-2023-37538
Source : psirt@hcl.com
CVSS Score : 9.3

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006 | source : psirt@hcl.com


Source : github.com

Vulnerability ID : CVE-2023-43661

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

CVE ID : CVE-2023-43661
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587 | source : security-advisories@github.com
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p | source : security-advisories@github.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-45132

First published on : 11-10-2023 21:15:10
Last modified on : 11-10-2023 21:15:10

Description :
NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.

CVE ID : CVE-2023-45132
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/wargio/naxsi/commit/1b712526ed3314dd6be7e8b0259eabda63c19537 | source : security-advisories@github.com
https://github.com/wargio/naxsi/pull/103 | source : security-advisories@github.com
https://github.com/wargio/naxsi/security/advisories/GHSA-7qjc-q4j9-pc8x | source : security-advisories@github.com

Vulnerability : CWE-693


(16) HIGH VULNERABILITIES [7.0, 8.9]

Source : cisco.com

Vulnerability ID : CVE-2023-31272

First published on : 11-10-2023 16:15:12
Last modified on : 11-10-2023 16:37:00

Description :
A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-31272
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-32632

First published on : 11-10-2023 16:15:12
Last modified on : 11-10-2023 16:37:00

Description :
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE ID : CVE-2023-32632
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767 | source : talos-cna@cisco.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-35055

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.

CVE ID : CVE-2023-35055
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-35056

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.

CVE ID : CVE-2023-35056
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-27380

First published on : 11-10-2023 16:15:12
Last modified on : 11-10-2023 16:37:00

Description :
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-27380
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1780 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-28381

First published on : 11-10-2023 16:15:12
Last modified on : 11-10-2023 16:37:00

Description :
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-28381
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-34356

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-34356
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35193

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.

CVE ID : CVE-2023-35193
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35194

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.

CVE ID : CVE-2023-35194
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Source : gg.jp.panasonic.com

Vulnerability ID : CVE-2023-4990

First published on : 11-10-2023 08:15:09
Last modified on : 11-10-2023 12:54:12

Description :
Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

CVE ID : CVE-2023-4990
Source : product-security@gg.jp.panasonic.com
CVSS Score : 8.3

References :
https://www.mcl-mobilityplatform.com/downloads.php | source : product-security@gg.jp.panasonic.com

Vulnerability : CWE-22


Source : hcl.com

Vulnerability ID : CVE-2023-37536

First published on : 11-10-2023 07:15:10
Last modified on : 11-10-2023 12:54:12

Description :
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

CVE ID : CVE-2023-37536
Source : psirt@hcl.com
CVSS Score : 8.2

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 | source : psirt@hcl.com


Source : adobe.com

Vulnerability ID : CVE-2023-26370

First published on : 11-10-2023 12:15:10
Last modified on : 11-10-2023 12:54:05

Description :
Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-26370
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/photoshop/apsb23-51.html | source : psirt@adobe.com

Vulnerability : CWE-824


Source : huntr.dev

Vulnerability ID : CVE-2023-5535

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
Use After Free in GitHub repository vim/vim prior to v9.0.2010.

CVE ID : CVE-2023-5535
Source : security@huntr.dev
CVSS Score : 7.8

References :
https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d | source : security@huntr.dev
https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f | source : security@huntr.dev

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-5521

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

CVE ID : CVE-2023-5521
Source : security@huntr.dev
CVSS Score : 7.3

References :
https://github.com/tiann/kernelsu/commit/a22959beae1aad96b1f72710a5daadf529c41bda | source : security@huntr.dev
https://huntr.dev/bounties/d438eff7-4e24-45e0-bc75-d3a5b3ab2ea1 | source : security@huntr.dev

Vulnerability : CWE-863


Source : xiaomi.com

Vulnerability ID : CVE-2023-26320

First published on : 11-10-2023 07:15:10
Last modified on : 11-10-2023 12:54:12

Description :
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

CVE ID : CVE-2023-26320
Source : security@xiaomi.com
CVSS Score : 7.5

References :
https://trust.mi.com/misrc/bulletins/advisory?cveId=540 | source : security@xiaomi.com

Vulnerability : CWE-77


Source : juniper.net

Vulnerability ID : CVE-2023-44186

First published on : 11-10-2023 21:15:09
Last modified on : 11-10-2023 21:15:09

Description :
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R2. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.

CVE ID : CVE-2023-44186
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA73150 | source : sirt@juniper.net

Vulnerability : CWE-755


(17) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : xiaomi.com

Vulnerability ID : CVE-2023-26318

First published on : 11-10-2023 07:15:09
Last modified on : 11-10-2023 12:54:12

Description :
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.

CVE ID : CVE-2023-26318
Source : security@xiaomi.com
CVSS Score : 6.7

References :
https://trust.mi.com/misrc/bulletins/advisory?cveId=539 | source : security@xiaomi.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-26319

First published on : 11-10-2023 07:15:10
Last modified on : 11-10-2023 12:54:12

Description :
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

CVE ID : CVE-2023-26319
Source : security@xiaomi.com
CVSS Score : 6.7

References :
https://trust.mi.com/misrc/bulletins/advisory?cveId=536 | source : security@xiaomi.com

Vulnerability : CWE-77


Source : hcl.com

Vulnerability ID : CVE-2022-44757

First published on : 11-10-2023 07:15:09
Last modified on : 11-10-2023 12:54:12

Description :
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

CVE ID : CVE-2022-44757
Source : psirt@hcl.com
CVSS Score : 6.5

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005 | source : psirt@hcl.com


Vulnerability ID : CVE-2022-44758

First published on : 11-10-2023 07:15:09
Last modified on : 11-10-2023 12:54:12

Description :
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.

CVE ID : CVE-2022-44758
Source : psirt@hcl.com
CVSS Score : 6.5

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005 | source : psirt@hcl.com


Vulnerability ID : CVE-2022-42451

First published on : 11-10-2023 06:15:09
Last modified on : 11-10-2023 12:54:12

Description :
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.

CVE ID : CVE-2022-42451
Source : psirt@hcl.com
CVSS Score : 4.6

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108007 | source : psirt@hcl.com


Source : huntr.dev

Vulnerability ID : CVE-2023-5511

First published on : 11-10-2023 01:15:08
Last modified on : 11-10-2023 12:54:12

Description :
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

CVE ID : CVE-2023-5511
Source : security@huntr.dev
CVSS Score : 6.3

References :
https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed | source : security@huntr.dev
https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf | source : security@huntr.dev

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-5520

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE ID : CVE-2023-5520
Source : security@huntr.dev
CVSS Score : 4.0

References :
https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e | source : security@huntr.dev
https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a | source : security@huntr.dev

Vulnerability : CWE-125


Source : juniper.net

Vulnerability ID : CVE-2023-44187

First published on : 11-10-2023 21:15:09
Last modified on : 11-10-2023 21:15:09

Description :
An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO.

CVE ID : CVE-2023-44187
Source : sirt@juniper.net
CVSS Score : 5.9

References :
https://supportportal.juniper.net/JSA73151 | source : sirt@juniper.net

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-44188

First published on : 11-10-2023 21:15:10
Last modified on : 11-10-2023 21:15:10

Description :
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2; * 23.2 versions prior to 23.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.

CVE ID : CVE-2023-44188
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA73152 | source : sirt@juniper.net

Vulnerability : CWE-367


Source : adobe.com

Vulnerability ID : CVE-2023-38216

First published on : 11-10-2023 12:15:10
Last modified on : 11-10-2023 12:54:05

Description :
Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-38216
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/bridge/apsb23-49.html | source : psirt@adobe.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-38217

First published on : 11-10-2023 12:15:10
Last modified on : 11-10-2023 12:54:05

Description :
Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-38217
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/bridge/apsb23-49.html | source : psirt@adobe.com

Vulnerability : CWE-125


Source : synaptics.com

Vulnerability ID : CVE-2023-4936

First published on : 11-10-2023 17:15:11
Last modified on : 11-10-2023 21:04:52

Description :
It is possible to sideload a compromised DLL during the installation at elevated privilege.

CVE ID : CVE-2023-4936
Source : PSIRT@synaptics.com
CVSS Score : 5.5

References :
https://www.synaptics.com/ | source : PSIRT@synaptics.com
https://www.synaptics.com/products/displaylink-graphics/downloads/windows | source : PSIRT@synaptics.com
https://www.synaptics.com/sites/default/files/nr-154525-tc-synaptics_displaylink_windows_driver_security_brief_-_oct2023.pdf | source : PSIRT@synaptics.com

Vulnerability : CWE-269


Source : github.com

Vulnerability ID : CVE-2023-23930

First published on : 11-10-2023 18:15:10
Last modified on : 11-10-2023 21:04:52

Description :
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.

CVE ID : CVE-2023-23930
Source : security-advisories@github.com
CVSS Score : 5.5

References :
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/commit/e62f03bacf2247bd59eed217e2e7338c3a01a5f0 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/security/advisories/GHSA-5m22-cfq9-86x6 | source : security-advisories@github.com
https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9 | source : security-advisories@github.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-28635

First published on : 11-10-2023 20:15:09
Last modified on : 11-10-2023 21:04:47

Description :
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.

CVE ID : CVE-2023-28635
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/pull/744 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/security/advisories/GHSA-7x94-6g2m-3hp2 | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-41882

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

CVE ID : CVE-2023-41882
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/pull/711 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/security/advisories/GHSA-gc57-xhh5-m94r | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-863


Source : patchstack.com

Vulnerability ID : CVE-2023-44997

First published on : 11-10-2023 08:15:08
Last modified on : 11-10-2023 12:54:12

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions.

CVE ID : CVE-2023-44997
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : incibe.es

Vulnerability ID : CVE-2023-4957

First published on : 11-10-2023 14:15:10
Last modified on : 11-10-2023 14:23:06

Description :
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

CVE ID : CVE-2023-4957
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc | source : cve-coordination@incibe.es

Vulnerability : CWE-288


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-41881

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.

CVE ID : CVE-2023-41881
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/pull/748 | source : security-advisories@github.com
https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6 | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-708


Source : cisco.com

Vulnerability ID : CVE-2023-34354

First published on : 11-10-2023 16:15:13
Last modified on : 11-10-2023 16:37:00

Description :
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-34354
Source : talos-cna@cisco.com
CVSS Score : 3.4

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781 | source : talos-cna@cisco.com

Vulnerability : CWE-80


(46) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : jpcert.or.jp

Vulnerability ID : CVE-2023-44689

First published on : 11-10-2023 01:15:08
Last modified on : 11-10-2023 12:54:12

Description :
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.

CVE ID : CVE-2023-44689
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN15808274/ | source : vultures@jpcert.or.jp
https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-45194

First published on : 11-10-2023 01:15:08
Last modified on : 11-10-2023 12:54:12

Description :
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

CVE ID : CVE-2023-45194
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU99039725/ | source : vultures@jpcert.or.jp
https://www.mrl.co.jp/20231005_security/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-42138

First published on : 11-10-2023 09:15:10
Last modified on : 11-10-2023 12:54:12

Description :
Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.

CVE ID : CVE-2023-42138
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU94752076/index.html | source : vultures@jpcert.or.jp
https://www.keyence.com/vulnerability231001 | source : vultures@jpcert.or.jp


Source : huawei.com

Vulnerability ID : CVE-2023-44093

First published on : 11-10-2023 11:15:13
Last modified on : 11-10-2023 12:54:12

Description :
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44093
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44094

First published on : 11-10-2023 11:15:13
Last modified on : 11-10-2023 12:54:05

Description :
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE ID : CVE-2023-44094
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-843


Vulnerability ID : CVE-2023-44096

First published on : 11-10-2023 11:15:13
Last modified on : 11-10-2023 12:54:05

Description :
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44096
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-44109

First published on : 11-10-2023 11:15:14
Last modified on : 11-10-2023 12:54:05

Description :
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44109
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2023-41304

First published on : 11-10-2023 12:15:10
Last modified on : 11-10-2023 12:54:05

Description :
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE ID : CVE-2023-41304
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-44095

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

CVE ID : CVE-2023-44095
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-44097

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44097
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-44100

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44100
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44101

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

CVE ID : CVE-2023-44101
Source : psirt@huawei.com
CVSS Score : /

References :
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44102

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE ID : CVE-2023-44102
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44103

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44103
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44104

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44104
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44106

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-44106
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44110

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE ID : CVE-2023-44110
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44111

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 12:54:05

Description :
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44111
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44105

First published on : 11-10-2023 13:15:09
Last modified on : 11-10-2023 14:23:06

Description :
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE ID : CVE-2023-44105
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-44107

First published on : 11-10-2023 13:15:09
Last modified on : 11-10-2023 14:23:06

Description :
Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE ID : CVE-2023-44107
Source : psirt@huawei.com
CVSS Score : /

References :
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44108

First published on : 11-10-2023 13:15:10
Last modified on : 11-10-2023 14:23:06

Description :
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE ID : CVE-2023-44108
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-843


Vulnerability ID : CVE-2023-44114

First published on : 11-10-2023 13:15:10
Last modified on : 11-10-2023 14:23:06

Description :
Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE ID : CVE-2023-44114
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44116

First published on : 11-10-2023 13:15:10
Last modified on : 11-10-2023 14:23:06

Description :
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE ID : CVE-2023-44116
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-44118

First published on : 11-10-2023 13:15:10
Last modified on : 11-10-2023 14:23:06

Description :
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE ID : CVE-2023-44118
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com


Vulnerability ID : CVE-2023-44119

First published on : 11-10-2023 13:15:10
Last modified on : 11-10-2023 14:23:06

Description :
Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE ID : CVE-2023-44119
Source : psirt@huawei.com
CVSS Score : /

References :
https://consumer.huawei.com/en/support/bulletin/2023/10/ | source : psirt@huawei.com
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 | source : psirt@huawei.com

Vulnerability : CWE-667


Source : apache.org

Vulnerability ID : CVE-2023-44981

First published on : 11-10-2023 12:15:11
Last modified on : 11-10-2023 15:15:09

Description :
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

CVE ID : CVE-2023-44981
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/11/4 | source : security@apache.org
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b | source : security@apache.org

Vulnerability : CWE-639


Source : mitre.org

Vulnerability ID : CVE-2023-45396

First published on : 11-10-2023 14:15:09
Last modified on : 11-10-2023 14:23:06

Description :
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.

CVE ID : CVE-2023-45396
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43960

First published on : 11-10-2023 18:15:10
Last modified on : 11-10-2023 21:04:52

Description :
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.

CVE ID : CVE-2023-43960
Source : cve@mitre.org
CVSS Score : /

References :
https://hackmd.io/@tahaafarooq/dlink-dph-400se-cwe-200 | source : cve@mitre.org
https://www.exploit-db.com/exploits/51709 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38817

First published on : 11-10-2023 19:15:10
Last modified on : 11-10-2023 21:04:52

Description :
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.

CVE ID : CVE-2023-38817
Source : cve@mitre.org
CVSS Score : /

References :
https://ioctl.fail/echo-ac-writeup/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-44961

First published on : 11-10-2023 19:15:10
Last modified on : 11-10-2023 21:04:47

Description :
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

CVE ID : CVE-2023-44961
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ggb0n/CVE-2023-44961 | source : cve@mitre.org


Vulnerability ID : CVE-2023-44962

First published on : 11-10-2023 19:15:10
Last modified on : 11-10-2023 21:04:47

Description :
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.

CVE ID : CVE-2023-44962
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ggb0n/CVE-2023-44962 | source : cve@mitre.org


Source : android.com

Vulnerability ID : CVE-2023-35645

First published on : 11-10-2023 19:15:10
Last modified on : 11-10-2023 21:04:52

Description :
In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35645
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35646

First published on : 11-10-2023 20:15:09
Last modified on : 11-10-2023 21:04:47

Description :
In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35646
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35647

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35647
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35648

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35648
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35649

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35649
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35652

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35652
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35653

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35653
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35654

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35654
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35655

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35655
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35660

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35660
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35661

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35661
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35662

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35662
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40141

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40141
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-40142

First published on : 11-10-2023 20:15:10
Last modified on : 11-10-2023 21:04:47

Description :
In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-40142
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Source : google.com

Vulnerability ID : CVE-2023-3781

First published on : 11-10-2023 21:15:09
Last modified on : 11-10-2023 21:15:09

Description :
there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-3781
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : dsap-vuln-management@google.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.