Latest vulnerabilities of Wednesday, October 18, 2023

Latest vulnerabilities of Wednesday, October 18, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/18/2023 at 11:58:02 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : tenable.com

Vulnerability ID : CVE-2023-5642

First published on : 18-10-2023 16:15:08
Last modified on : 18-10-2023 17:41:28

Description :
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.

CVE ID : CVE-2023-5642
Source : vulnreport@tenable.com
CVSS Score : 9.8

References :
https://tenable.com/security/research/tra-2023-33 | source : vulnreport@tenable.com

Vulnerability : CWE-200


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : ni.com

Vulnerability ID : CVE-2023-4601

First published on : 18-10-2023 20:15:09
Last modified on : 18-10-2023 20:15:09

Description :
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.

CVE ID : CVE-2023-4601
Source : security@ni.com
CVSS Score : 8.1

References :
https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html | source : security@ni.com

Vulnerability : CWE-121


Source : hackerone.com

Vulnerability ID : CVE-2023-39331

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CVE ID : CVE-2023-39331
Source : support@hackerone.com
CVSS Score : 7.7

References :
https://hackerone.com/reports/2092852 | source : support@hackerone.com


Source : eclipse.org

Vulnerability ID : CVE-2023-5632

First published on : 18-10-2023 09:15:10
Last modified on : 18-10-2023 12:46:22

Description :
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6

CVE ID : CVE-2023-5632
Source : emo@eclipse.org
CVSS Score : 7.5

References :
https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d | source : emo@eclipse.org
https://github.com/eclipse/mosquitto/pull/2053 | source : emo@eclipse.org

Vulnerability : CWE-834


Source : wordfence.com

Vulnerability ID : CVE-2023-5538

First published on : 18-10-2023 05:15:08
Last modified on : 18-10-2023 12:46:22

Description :
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5538
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://github.com/juweihuitao/MpOperationLogs/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/common.php#L10 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/template/ipslist_td.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : sophos.com

Vulnerability ID : CVE-2023-5552

First published on : 18-10-2023 00:15:10
Last modified on : 18-10-2023 01:28:49

Description :
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to โ€œSpecified by senderโ€.

CVE ID : CVE-2023-5552
Source : security-alert@sophos.com
CVSS Score : 7.1

References :
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password | source : security-alert@sophos.com

Vulnerability : CWE-200


Source : patchstack.com

Vulnerability ID : CVE-2023-25476

First published on : 18-10-2023 08:15:07
Last modified on : 18-10-2023 12:46:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic AmpedSense โ€“ AdSense Split Tester plugin <= 4.68 versions.

CVE ID : CVE-2023-25476
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/ampedsense-adsense-split-tester/wordpress-ampedsense-adsense-split-tester-plugin-4-68-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45054

First published on : 18-10-2023 09:15:08
Last modified on : 18-10-2023 12:46:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

CVE ID : CVE-2023-45054
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45062

First published on : 18-10-2023 09:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <= 2.4.6 versions.

CVE ID : CVE-2023-45062
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/canvasio3d-light/wordpress-canvasio3d-light-plugin-2-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45064

First published on : 18-10-2023 09:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard plugin <= 0.3.1 versions.

CVE ID : CVE-2023-45064
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/opcache/wordpress-opcache-dashboard-plugin-0-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45065

First published on : 18-10-2023 13:15:08
Last modified on : 18-10-2023 13:55:06

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.

CVE ID : CVE-2023-45065
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/bulk-noindex-nofollow-toolkit-by-mad-fish/wordpress-bulk-noindex-nofollow-toolkit-plugin-1-42-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45070

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web โ€“ Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

CVE ID : CVE-2023-45070
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/form-maker/wordpress-form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-plugin-1-15-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45071

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web โ€“ Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

CVE ID : CVE-2023-45071
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/form-maker/wordpress-form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-plugin-1-15-18-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-30781

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions.

CVE ID : CVE-2023-30781
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/tweeple/wordpress-tweeple-plugin-0-9-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45602

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions.

CVE ID : CVE-2023-45602
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-784-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45630

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery โ€“ Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.

CVE ID : CVE-2023-45630
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45632

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.

CVE ID : CVE-2023-45632
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-43802

First published on : 18-10-2023 21:15:09
Last modified on : 18-10-2023 21:15:09

Description :
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-43802
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-75j7-w798-cwwx | source : security-advisories@github.com

Vulnerability : CWE-22


(25) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : hpe.com

Vulnerability ID : CVE-2023-30911

First published on : 18-10-2023 18:15:09
Last modified on : 18-10-2023 20:00:27

Description :
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.

CVE ID : CVE-2023-30911
Source : security-alert@hpe.com
CVSS Score : 6.8

References :
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04544en_us | source : security-alert@hpe.com


Source : patchstack.com

Vulnerability ID : CVE-2023-45049

First published on : 18-10-2023 08:15:08
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions.

CVE ID : CVE-2023-45049
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/youtube-playlist-player/wordpress-youtube-playlist-player-plugin-4-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45059

First published on : 18-10-2023 09:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <= 3.1.0 versions.

CVE ID : CVE-2023-45059
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/gumroad/wordpress-gumroad-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-31217

First published on : 18-10-2023 13:15:08
Last modified on : 18-10-2023 13:55:06

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <= 1.6 versions.

CVE ID : CVE-2023-31217
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/user-location-and-ip/wordpress-user-location-and-ip-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45067

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.

CVE ID : CVE-2023-45067
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-simple-html-sitemap/wordpress-wordpress-simple-html-sitemap-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45608

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Nicola Modugno Smart Cookie Kit plugin <= 2.3.1 versions.

CVE ID : CVE-2023-45608
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/smart-cookie-kit/wordpress-smart-cookie-kit-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45607

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <= 6.3.2 versions.

CVE ID : CVE-2023-45607
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wordpress-popular-posts/wordpress-popular-posts-plugin-6-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45628

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in QROkes QR Twitter Widget plugin <= 0.2.3 versions.

CVE ID : CVE-2023-45628
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/qr-twitter-widget/wordpress-qr-twitter-widget-plugin-0-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45008

First published on : 18-10-2023 08:15:07
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <= 1.0.3 versions.

CVE ID : CVE-2023-45008
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/comment-reply-email/wordpress-comment-reply-email-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45051

First published on : 18-10-2023 09:15:08
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0 versions.

CVE ID : CVE-2023-45051
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/image-vertical-reel-scroll-slideshow/wordpress-image-vertical-reel-scroll-slideshow-plugin-9-0-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45056

First published on : 18-10-2023 09:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin <= 1.3.26 versions.

CVE ID : CVE-2023-45056
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/open-user-map/wordpress-open-user-map-plugin-1-3-24-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45057

First published on : 18-10-2023 09:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <= 5.86 versions.

CVE ID : CVE-2023-45057
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45072

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions.

CVE ID : CVE-2023-45072
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/order-auto-complete-for-woocommerce/wordpress-order-auto-complete-for-woocommerce-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45073

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Koch Mendeley Plugin plugin <= 1.3.2 versions.

CVE ID : CVE-2023-45073
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/mendeleyplugin/wordpress-mendeley-plugin-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45604

First published on : 18-10-2023 14:15:09
Last modified on : 18-10-2023 17:41:28

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <= 4.0.1 versions.

CVE ID : CVE-2023-45604
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/get-custom-field-values/wordpress-get-custom-field-values-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : cisco.com

Vulnerability ID : CVE-2023-20261

First published on : 18-10-2023 17:15:08
Last modified on : 18-10-2023 17:41:28

Description :
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.

CVE ID : CVE-2023-20261
Source : ykramarz@cisco.com
CVSS Score : 6.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe | source : ykramarz@cisco.com


Source : eset.com

Vulnerability ID : CVE-2023-5631

First published on : 18-10-2023 15:15:08
Last modified on : 18-10-2023 17:41:28

Description :
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

CVE ID : CVE-2023-5631
Source : security@eset.com
CVSS Score : 6.1

References :
https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613 | source : security@eset.com
https://github.com/roundcube/roundcubemail/releases/tag/1.4.15 | source : security@eset.com
https://github.com/roundcube/roundcubemail/releases/tag/1.5.5 | source : security@eset.com
https://github.com/roundcube/roundcubemail/releases/tag/1.6.4 | source : security@eset.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-43803

First published on : 18-10-2023 21:15:09
Last modified on : 18-10-2023 21:15:09

Description :
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-43803
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-m5jc-r4gf-c6p8 | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45813

First published on : 18-10-2023 21:15:09
Last modified on : 18-10-2023 21:15:09

Description :
Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45813
Source : security-advisories@github.com
CVSS Score : 4.6

References :
https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4 | source : security-advisories@github.com
https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff | source : security-advisories@github.com

Vulnerability : CWE-1333


Source : pega.com

Vulnerability ID : CVE-2023-32087

First published on : 18-10-2023 12:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation

CVE ID : CVE-2023-32087
Source : security@pega.com
CVSS Score : 4.6

References :
https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note | source : security@pega.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32088

First published on : 18-10-2023 12:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation

CVE ID : CVE-2023-32088
Source : security@pega.com
CVSS Score : 4.6

References :
https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note | source : security@pega.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32089

First published on : 18-10-2023 12:15:09
Last modified on : 18-10-2023 12:46:22

Description :
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description

CVE ID : CVE-2023-32089
Source : security@pega.com
CVSS Score : 4.6

References :
https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note | source : security@pega.com

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-5621

First published on : 18-10-2023 08:15:08
Last modified on : 18-10-2023 12:46:22

Description :
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-5621
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/547c425d-8b0f-4e65-8b8a-c3a3059301fe?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3254

First published on : 18-10-2023 05:15:07
Last modified on : 18-10-2023 12:46:22

Description :
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-3254
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2980022%40wp-reviews-plugin-for-google%2Ftrunk&old=2977531%40wp-reviews-plugin-for-google%2Ftrunk&sfp_email=&sfph_mail=#file8 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4938

First published on : 18-10-2023 08:15:08
Last modified on : 18-10-2023 12:46:22

Description :
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

CVE ID : CVE-2023-4938
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-45145

First published on : 18-10-2023 21:15:09
Last modified on : 18-10-2023 21:15:09

Description :
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

CVE ID : CVE-2023-45145
Source : security-advisories@github.com
CVSS Score : 3.6

References :
https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 | source : security-advisories@github.com
https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx | source : security-advisories@github.com

Vulnerability : CWE-668


Source : huntr.dev

Vulnerability ID : CVE-2023-5626

First published on : 18-10-2023 00:15:10
Last modified on : 18-10-2023 01:28:49

Description :
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.

CVE ID : CVE-2023-5626
Source : security@huntr.dev
CVSS Score : 3.5

References :
https://github.com/pkp/ojs/commit/99a9f393190383454aa5ddffedffc89596f6c682 | source : security@huntr.dev
https://huntr.dev/bounties/c99279c1-709a-4e7b-a042-010c2bb44d6b | source : security@huntr.dev

Vulnerability : CWE-352


(20) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : hackerone.com

Vulnerability ID : CVE-2023-35083

First published on : 18-10-2023 04:15:10
Last modified on : 18-10-2023 12:46:28

Description :
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

CVE ID : CVE-2023-35083
Source : support@hackerone.com
CVSS Score : /

References :
https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US | source : support@hackerone.com


Vulnerability ID : CVE-2023-35084

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

CVE ID : CVE-2023-35084
Source : support@hackerone.com
CVSS Score : /

References :
https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US | source : support@hackerone.com


Vulnerability ID : CVE-2023-38545

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.

CVE ID : CVE-2023-38545
Source : support@hackerone.com
CVSS Score : /

References :
https://curl.se/docs/CVE-2023-38545.html | source : support@hackerone.com


Vulnerability ID : CVE-2023-38546

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.

CVE ID : CVE-2023-38546
Source : support@hackerone.com
CVSS Score : /

References :
https://curl.se/docs/CVE-2023-38546.html | source : support@hackerone.com


Vulnerability ID : CVE-2023-38552

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.

CVE ID : CVE-2023-38552
Source : support@hackerone.com
CVSS Score : /

References :
https://hackerone.com/reports/2094235 | source : support@hackerone.com


Vulnerability ID : CVE-2023-39332

First published on : 18-10-2023 04:15:11
Last modified on : 18-10-2023 12:46:28

Description :
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Impacts: This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CVE ID : CVE-2023-39332
Source : support@hackerone.com
CVSS Score : /

References :
https://hackerone.com/reports/2199818 | source : support@hackerone.com


Source : mitre.org

Vulnerability ID : CVE-2023-42319

First published on : 18-10-2023 06:15:07
Last modified on : 18-10-2023 12:46:22

Description :
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.

CVE ID : CVE-2023-42319
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.mevsec.com/posts/geth-dos-with-graphql/ | source : cve@mitre.org
https://geth.ethereum.org/docs/fundamentals/security | source : cve@mitre.org


Vulnerability ID : CVE-2023-46004

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

CVE ID : CVE-2023-46004
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46005

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE ID : CVE-2023-46005
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46006

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE ID : CVE-2023-46006
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46007

First published on : 18-10-2023 13:15:09
Last modified on : 18-10-2023 13:55:06

Description :
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

CVE ID : CVE-2023-46007
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43250

First published on : 18-10-2023 16:15:08
Last modified on : 18-10-2023 17:41:28

Description :
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE ID : CVE-2023-43250
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html | source : cve@mitre.org
http://seclists.org/fulldisclosure/2023/Oct/15 | source : cve@mitre.org
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20Write%20AV | source : cve@mitre.org
https://www.xnview.com/en/nconvert/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45383

First published on : 18-10-2023 16:15:08
Last modified on : 18-10-2023 17:41:28

Description :
In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

CVE ID : CVE-2023-45383
Source : cve@mitre.org
CVSS Score : /

References :
https://common-services.com/fr/home-fr/ | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/10/17/sonice_etiquetage.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46009

First published on : 18-10-2023 16:15:08
Last modified on : 18-10-2023 17:41:28

Description :
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.

CVE ID : CVE-2023-46009
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/kohler/gifsicle/issues/196 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45911

First published on : 18-10-2023 18:15:09
Last modified on : 18-10-2023 20:00:27

Description :
An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.

CVE ID : CVE-2023-45911
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/auth_bypass.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-45912

First published on : 18-10-2023 18:15:09
Last modified on : 18-10-2023 20:00:27

Description :
WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings.

CVE ID : CVE-2023-45912
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-45727

First published on : 18-10-2023 10:15:08
Last modified on : 18-10-2023 12:46:22

Description :
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVE ID : CVE-2023-45727
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN95981460/ | source : vultures@jpcert.or.jp
https://www.proself.jp/information/153/ | source : vultures@jpcert.or.jp


Source : hp.com

Vulnerability ID : CVE-2023-26300

First published on : 18-10-2023 19:15:08
Last modified on : 18-10-2023 20:00:27

Description :
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

CVE ID : CVE-2023-26300
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9461800-9461828-16 | source : hp-security-alert@hp.com


Source : android.com

Vulnerability ID : CVE-2023-35656

First published on : 18-10-2023 20:15:08
Last modified on : 18-10-2023 20:15:08

Description :
In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35656
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


Vulnerability ID : CVE-2023-35663

First published on : 18-10-2023 20:15:08
Last modified on : 18-10-2023 20:15:08

Description :
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2023-35663
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2023-10-01 | source : security@android.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.