Latest vulnerabilities of Wednesday, October 25, 2023

Latest vulnerabilities of Wednesday, October 25, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/25/2023 at 11:58:02 PM

(24) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : hackerone.com

Vulnerability ID : CVE-2023-41721

First published on : 25-10-2023 18:17:30
Last modified on : 25-10-2023 20:32:16

Description :
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.

CVE ID : CVE-2023-41721
Source : support@hackerone.com
CVSS Score : 10.0

References :
https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 | source : support@hackerone.com


Source : github.com

Vulnerability ID : CVE-2023-37909

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.

CVE ID : CVE-2023-37909
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20746 | source : security-advisories@github.com

Vulnerability : CWE-95


Vulnerability ID : CVE-2023-37912

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.

CVE ID : CVE-2023-37912
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e | source : security-advisories@github.com
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XRENDERING-688 | source : security-advisories@github.com

Vulnerability : CWE-270


Vulnerability ID : CVE-2023-37913

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.

CVE ID : CVE-2023-37913
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20715 | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-23


Vulnerability ID : CVE-2023-45136

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.

CVE ID : CVE-2023-45136
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20854 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46133

First published on : 25-10-2023 21:15:10
Last modified on : 25-10-2023 21:15:10

Description :
CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.

CVE ID : CVE-2023-46133
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757 | source : security-advisories@github.com
https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h | source : security-advisories@github.com

Vulnerability : CWE-328
Vulnerability : CWE-916


Vulnerability ID : CVE-2023-46233

First published on : 25-10-2023 21:15:10
Last modified on : 25-10-2023 21:15:10

Description :
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

CVE ID : CVE-2023-46233
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a | source : security-advisories@github.com
https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf | source : security-advisories@github.com

Vulnerability : CWE-328
Vulnerability : CWE-916


Vulnerability ID : CVE-2023-37908

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.

CVE ID : CVE-2023-37908
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f | source : security-advisories@github.com
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp | source : security-advisories@github.com
https://jira.xwiki.org/browse/XRENDERING-697 | source : security-advisories@github.com

Vulnerability : CWE-83


Vulnerability ID : CVE-2023-45134

First published on : 25-10-2023 20:15:11
Last modified on : 25-10-2023 20:31:55

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.

CVE ID : CVE-2023-45134
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20962 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45135

First published on : 25-10-2023 20:15:11
Last modified on : 25-10-2023 20:31:55

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right. For the attack to work, the attacker needs to convince the victim to visit a link like `<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `<xwiki-host>` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.

CVE ID : CVE-2023-45135
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20869 | source : security-advisories@github.com

Vulnerability : CWE-116


Vulnerability ID : CVE-2023-45137

First published on : 25-10-2023 21:15:10
Last modified on : 25-10-2023 21:15:10

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.

CVE ID : CVE-2023-45137
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20961 | source : security-advisories@github.com

Vulnerability : CWE-79


Source : themissinglink.com.au

Vulnerability ID : CVE-2023-26568

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26568
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26568 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26569

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26569
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26569 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26572

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26572
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26572 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26581

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26581
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26581 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26582

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26582
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26582 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26583

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26583
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26583 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26584

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-26584
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26584 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-27254

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-27254
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27254 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-27255

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-27255
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27255 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-27260

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-27260
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27260 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-27262

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

CVE ID : CVE-2023-27262
Source : vdp@themissinglink.com.au
CVSS Score : 9.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27260 | source : vdp@themissinglink.com.au

Vulnerability : CWE-89


Source : vmware.com

Vulnerability ID : CVE-2023-34048

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

CVE ID : CVE-2023-34048
Source : security@vmware.com
CVSS Score : 9.8

References :
https://www.vmware.com/security/advisories/VMSA-2023-0023.html | source : security@vmware.com


Source : synology.com

Vulnerability ID : CVE-2023-5746

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

CVE ID : CVE-2023-5746
Source : security@synology.com
CVSS Score : 9.8

References :
https://www.synology.com/en-global/security/advisory/Synology_SA_23_11 | source : security@synology.com

Vulnerability : CWE-134


(75) HIGH VULNERABILITIES [7.0, 8.9]

Source : themissinglink.com.au

Vulnerability ID : CVE-2023-26578

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.

CVE ID : CVE-2023-26578
Source : vdp@themissinglink.com.au
CVSS Score : 8.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26578 | source : vdp@themissinglink.com.au

Vulnerability : CWE-22
Vulnerability : CWE-434


Vulnerability ID : CVE-2023-26573

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

CVE ID : CVE-2023-26573
Source : vdp@themissinglink.com.au
CVSS Score : 8.2

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26573 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-1356

First published on : 25-10-2023 18:17:22
Last modified on : 25-10-2023 20:32:16

Description :
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.

CVE ID : CVE-2023-1356
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-1356 | source : vdp@themissinglink.com.au

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-26570

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-26570
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26570 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26571

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

CVE ID : CVE-2023-26571
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26571 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26574

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-26574
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26574 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26575

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.

CVE ID : CVE-2023-26575
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26575 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26576

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-26576
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26576 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26577

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.

CVE ID : CVE-2023-26577
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26577 | source : vdp@themissinglink.com.au

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-26580

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

CVE ID : CVE-2023-26580
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26580 | source : vdp@themissinglink.com.au

Vulnerability : CWE-306
Vulnerability : CWE-552


Vulnerability ID : CVE-2023-27257

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

CVE ID : CVE-2023-27257
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27257 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27258

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

CVE ID : CVE-2023-27258
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27258 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27259

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

CVE ID : CVE-2023-27259
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27259 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27375

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-27375
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27375 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27376

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-27376
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27376 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-27377

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

CVE ID : CVE-2023-27377
Source : vdp@themissinglink.com.au
CVSS Score : 7.5

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27377 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Source : github.com

Vulnerability ID : CVE-2023-34446

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.

CVE ID : CVE-2023-34446
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10 | source : security-advisories@github.com
https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-34447

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.

CVE ID : CVE-2023-34447
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33 | source : security-advisories@github.com
https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802 | source : security-advisories@github.com
https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41339

First published on : 25-10-2023 18:17:30
Last modified on : 25-10-2023 20:32:16

Description :
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.

CVE ID : CVE-2023-41339
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/geoserver/geoserver/releases/tag/2.22.5 | source : security-advisories@github.com
https://github.com/geoserver/geoserver/releases/tag/2.23.2 | source : security-advisories@github.com
https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-43795

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

CVE ID : CVE-2023-43795
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956 | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-23767

First published on : 25-10-2023 18:17:23
Last modified on : 25-10-2023 20:32:16

Description :
Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.

CVE ID : CVE-2023-23767
Source : product-cna@github.com
CVSS Score : 8.2

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 | source : product-cna@github.com

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-46124

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`.

CVE ID : CVE-2023-46124
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee | source : security-advisories@github.com
https://github.com/ethyca/fides/releases/tag/2.22.1 | source : security-advisories@github.com
https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4 | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-37910

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.

CVE ID : CVE-2023-37910
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20334 | source : security-advisories@github.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-46136

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

CVE ID : CVE-2023-46136
Source : security-advisories@github.com
CVSS Score : 8.0

References :
https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2 | source : security-advisories@github.com
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw | source : security-advisories@github.com

Vulnerability : CWE-400
Vulnerability : CWE-407


Vulnerability ID : CVE-2023-46119

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.

CVE ID : CVE-2023-46119
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe | source : security-advisories@github.com
https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0 | source : security-advisories@github.com
https://github.com/parse-community/parse-server/releases/tag/5.5.6 | source : security-advisories@github.com
https://github.com/parse-community/parse-server/releases/tag/6.3.1 | source : security-advisories@github.com
https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579 | source : security-advisories@github.com

Vulnerability : CWE-23


Source : bosch.com

Vulnerability ID : CVE-2023-41255

First published on : 25-10-2023 18:17:30
Last modified on : 25-10-2023 20:32:16

Description :
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.

CVE ID : CVE-2023-41255
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-45220

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.

CVE ID : CVE-2023-45220
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-45851

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

CVE ID : CVE-2023-45851
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-46102

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.

CVE ID : CVE-2023-46102
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-45321

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.

CVE ID : CVE-2023-45321
Source : psirt@bosch.com
CVSS Score : 8.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-43488

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.

CVE ID : CVE-2023-43488
Source : psirt@bosch.com
CVSS Score : 7.9

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-41372

First published on : 25-10-2023 18:17:30
Last modified on : 25-10-2023 20:32:16

Description :
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair

CVE ID : CVE-2023-41372
Source : psirt@bosch.com
CVSS Score : 7.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-45844

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

CVE ID : CVE-2023-45844
Source : psirt@bosch.com
CVSS Score : 7.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-41960

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.

CVE ID : CVE-2023-41960
Source : psirt@bosch.com
CVSS Score : 7.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | source : psirt@bosch.com

Vulnerability : CWE-926


Source : cyber.gov.il

Vulnerability ID : CVE-2023-42491

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-285: Improper Authorization

CVE ID : CVE-2023-42491
Source : cna@cyber.gov.il
CVSS Score : 8.8

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-42488

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE ID : CVE-2023-42488
Source : cna@cyber.gov.il
CVSS Score : 7.5

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-42489

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource

CVE ID : CVE-2023-42489
Source : cna@cyber.gov.il
CVSS Score : 7.5

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-42490

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE ID : CVE-2023-42490
Source : cna@cyber.gov.il
CVSS Score : 7.5

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-42494

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function

CVE ID : CVE-2023-42494
Source : cna@cyber.gov.il
CVSS Score : 7.5

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-749


Vulnerability ID : CVE-2023-42492

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key

CVE ID : CVE-2023-42492
Source : cna@cyber.gov.il
CVSS Score : 7.1

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-321


Vulnerability ID : CVE-2023-42493

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
EisBaer Scada - CWE-256: Plaintext Storage of a Password

CVE ID : CVE-2023-42493
Source : cna@cyber.gov.il
CVSS Score : 7.1

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-256


Source : wordfence.com

Vulnerability ID : CVE-2023-5311

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.

CVE ID : CVE-2023-5311
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2977703/wp-extra | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Source : liggitt.net

Vulnerability ID : CVE-2022-4886

First published on : 25-10-2023 20:15:09
Last modified on : 25-10-2023 21:15:09

Description :
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.

CVE ID : CVE-2022-4886
Source : jordan@liggitt.net
CVSS Score : 8.8

References :
http://www.openwall.com/lists/oss-security/2023/10/25/5 | source : jordan@liggitt.net
https://github.com/kubernetes/ingress-nginx/issues/10570 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI | source : jordan@liggitt.net

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-5043

First published on : 25-10-2023 20:15:18
Last modified on : 25-10-2023 21:15:10

Description :
Ingress nginx annotation injection causes arbitrary command execution.

CVE ID : CVE-2023-5043
Source : jordan@liggitt.net
CVSS Score : 7.6

References :
http://www.openwall.com/lists/oss-security/2023/10/25/4 | source : jordan@liggitt.net
https://github.com/kubernetes/ingress-nginx/issues/10571 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo | source : jordan@liggitt.net

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-5044

First published on : 25-10-2023 20:15:18
Last modified on : 25-10-2023 21:15:10

Description :
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.

CVE ID : CVE-2023-5044
Source : jordan@liggitt.net
CVSS Score : 7.6

References :
http://www.openwall.com/lists/oss-security/2023/10/25/3 | source : jordan@liggitt.net
https://github.com/kubernetes/ingress-nginx/issues/10572 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0 | source : jordan@liggitt.net

Vulnerability : CWE-20


Source : pingidentity.com

Vulnerability ID : CVE-2023-37283

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter

CVE ID : CVE-2023-37283
Source : responsible-disclosure@pingidentity.com
CVSS Score : 8.1

References :
https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244 | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingfederate.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-39219

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests

CVE ID : CVE-2023-39219
Source : responsible-disclosure@pingidentity.com
CVSS Score : 7.5

References :
https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244 | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingfederate.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-39930

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.

CVE ID : CVE-2023-39930
Source : responsible-disclosure@pingidentity.com
CVSS Score : 7.5

References :
https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingfederate.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-288


Vulnerability ID : CVE-2023-39231

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.

CVE ID : CVE-2023-39231
Source : responsible-disclosure@pingidentity.com
CVSS Score : 7.3

References :
https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394 | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingid.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-288


Source : lenovo.com

Vulnerability ID : CVE-2023-4606

First published on : 25-10-2023 18:17:41
Last modified on : 25-10-2023 20:31:55

Description :
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVE ID : CVE-2023-4606
Source : psirt@lenovo.com
CVSS Score : 8.1

References :
https://support.lenovo.com/us/en/product_security/LEN-140960 | source : psirt@lenovo.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2022-3699

First published on : 25-10-2023 18:17:15
Last modified on : 25-10-2023 20:32:16

Description :
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.

CVE ID : CVE-2022-3699
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-102365 | source : psirt@lenovo.com
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-3112

First published on : 25-10-2023 18:17:30
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

CVE ID : CVE-2023-3112
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-128081 | source : psirt@lenovo.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-4607

First published on : 25-10-2023 18:17:41
Last modified on : 25-10-2023 20:31:55

Description :
An authenticated XCC user can change permissions for any user through a crafted API command.

CVE ID : CVE-2023-4607
Source : psirt@lenovo.com
CVSS Score : 7.5

References :
https://support.lenovo.com/us/en/product_security/LEN-140960 | source : psirt@lenovo.com

Vulnerability : CWE-269


Source : hackerone.com

Vulnerability ID : CVE-2023-38041

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

CVE ID : CVE-2023-38041
Source : support@hackerone.com
CVSS Score : 7.8

References :
https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US | source : support@hackerone.com


Source : hpe.com

Vulnerability ID : CVE-2023-43506

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

CVE ID : CVE-2023-43506
Source : security-alert@hpe.com
CVSS Score : 7.8

References :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt | source : security-alert@hpe.com


Vulnerability ID : CVE-2023-30912

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
A remote code execution issue exists in HPE OneView.

CVE ID : CVE-2023-30912
Source : security-alert@hpe.com
CVSS Score : 7.2

References :
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us | source : security-alert@hpe.com


Vulnerability ID : CVE-2023-43507

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

CVE ID : CVE-2023-43507
Source : security-alert@hpe.com
CVSS Score : 7.2

References :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt | source : security-alert@hpe.com


Source : google.com

Vulnerability ID : CVE-2023-5717

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

CVE ID : CVE-2023-5717
Source : cve-coordination@google.com
CVSS Score : 7.8

References :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 | source : cve-coordination@google.com
https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 | source : cve-coordination@google.com

Vulnerability : CWE-787


Source : redhat.com

Vulnerability ID : CVE-2023-5367

First published on : 25-10-2023 20:15:18
Last modified on : 25-10-2023 20:31:55

Description :
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVE ID : CVE-2023-5367
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/security/cve/CVE-2023-5367 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2243091 | source : secalert@redhat.com
https://lists.x.org/archives/xorg-announce/2023-October/003430.html | source : secalert@redhat.com


Vulnerability ID : CVE-2023-5574

First published on : 25-10-2023 20:15:18
Last modified on : 25-10-2023 20:31:55

Description :
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

CVE ID : CVE-2023-5574
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-5574 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2244735 | source : secalert@redhat.com
https://lists.x.org/archives/xorg-announce/2023-October/003430.html | source : secalert@redhat.com


Source : tibco.com

Vulnerability ID : CVE-2023-26219

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.

CVE ID : CVE-2023-26219
Source : security@tibco.com
CVSS Score : 7.4

References :
https://www.tibco.com/services/support/advisories | source : security@tibco.com


Source : grafana.com

Vulnerability ID : CVE-2023-3010

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.

CVE ID : CVE-2023-3010
Source : security@grafana.com
CVSS Score : 7.3

References :
https://grafana.com/security/security-advisories/cve-2023-3010/ | source : security@grafana.com

Vulnerability : CWE-79


Source : cisco.com

Vulnerability ID : CVE-2023-20273

First published on : 25-10-2023 18:17:23
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

CVE ID : CVE-2023-20273
Source : ykramarz@cisco.com
CVSS Score : 7.2

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z | source : ykramarz@cisco.com


Source : patchstack.com

Vulnerability ID : CVE-2023-45637

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.

CVE ID : CVE-2023-45637
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45750

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.

CVE ID : CVE-2023-45750
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45756

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions.

CVE ID : CVE-2023-45756
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45759

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions.

CVE ID : CVE-2023-45759
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/peters-custom-anti-spam-image/wordpress-peter-s-custom-anti-spam-plugin-3-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45761

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions.

CVE ID : CVE-2023-45761
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/official-sendle-shipping-method/wordpress-sendle-shipping-plugin-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45769

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.

CVE ID : CVE-2023-45769
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45770

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.

CVE ID : CVE-2023-45770
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/fast-wp-speed/wordpress-fast-wp-speed-plugin-1-0-0-reflected-cross-site-scripting-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45772

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.

CVE ID : CVE-2023-45772
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/proofreading/wordpress-proofreading-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45835

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.

CVE ID : CVE-2023-45835
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45837

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

CVE ID : CVE-2023-45837
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46070

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.

CVE ID : CVE-2023-46070
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/eg-attachments/wordpress-eg-attachments-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46071

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.

CVE ID : CVE-2023-46071
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/click-datos-lopd/wordpress-proteccion-de-datos-rgpd-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(62) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-37911

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.

CVE ID : CVE-2023-37911
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20684 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20685 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20817 | source : security-advisories@github.com

Vulnerability : CWE-668


Vulnerability ID : CVE-2023-46125

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`.

CVE ID : CVE-2023-46125
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06 | source : security-advisories@github.com
https://github.com/ethyca/fides/releases/tag/2.22.1 | source : security-advisories@github.com
https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46128

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.

CVE ID : CVE-2023-46128
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/pull/4692 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46134

First published on : 25-10-2023 21:15:10
Last modified on : 25-10-2023 21:15:10

Description :
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.

CVE ID : CVE-2023-46134
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/man-group/dtale/commit/bf8c54ab2490803f45f0652a9a0e221a94d39668 | source : security-advisories@github.com
https://github.com/man-group/dtale/security/advisories/GHSA-jq6c-r9xf-qxjm | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46123

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.

CVE ID : CVE-2023-46123
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0 | source : security-advisories@github.com
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-hvw4-766m-p89f | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-46135

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.

CVE ID : CVE-2023-46135
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/stellar/rs-stellar-strkey/issues/58 | source : security-advisories@github.com
https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f | source : security-advisories@github.com

Vulnerability : CWE-248


Vulnerability ID : CVE-2023-46137

First published on : 25-10-2023 21:15:10
Last modified on : 25-10-2023 21:15:10

Description :
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

CVE ID : CVE-2023-46137
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm | source : security-advisories@github.com

Vulnerability : CWE-444


Vulnerability ID : CVE-2023-46118

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

CVE ID : CVE-2023-46118
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-46120

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

CVE ID : CVE-2023-46120
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8 | source : security-advisories@github.com
https://github.com/rabbitmq/rabbitmq-java-client/issues/1062 | source : security-advisories@github.com
https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0 | source : security-advisories@github.com
https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h | source : security-advisories@github.com

Vulnerability : CWE-400


Source : patchstack.com

Vulnerability ID : CVE-2023-45640

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.

CVE ID : CVE-2023-45640
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45646

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <= 1.1.0 versions.

CVE ID : CVE-2023-45646
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/pdf-block/wordpress-pdf-block-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45829

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions.

CVE ID : CVE-2023-45829
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/newsletter-bulk-email/wordpress-newsletter-bulk-email-sender-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46069

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions.

CVE ID : CVE-2023-46069
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ajax-archive-calendar/wordpress-ajax-archive-calendar-plugin-2-6-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-25032

First published on : 25-10-2023 18:17:24
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions.

CVE ID : CVE-2023-25032
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-39924

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.

CVE ID : CVE-2023-39924
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/simple-file-list/wordpress-simple-file-list-plugin-6-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45644

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.

CVE ID : CVE-2023-45644
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45747

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions.

CVE ID : CVE-2023-45747
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45754

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.18 versions.

CVE ID : CVE-2023-45754
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45755

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <= 1.2.1 versions.

CVE ID : CVE-2023-45755
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/buddypress-global-search/wordpress-buddypress-global-search-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45758

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:32:16

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions.

CVE ID : CVE-2023-45758
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/amministrazione-trasparente/wordpress-amministrazione-trasparente-plugin-8-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45764

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions.

CVE ID : CVE-2023-45764
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/scroll-post-excerpt/wordpress-scroll-post-excerpt-plugin-8-0-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45767

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin <= 1.4.0.2 versions.

CVE ID : CVE-2023-45767
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/simple-tweet/wordpress-simple-tweet-plugin-1-4-0-2-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45768

First published on : 25-10-2023 18:17:34
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions.

CVE ID : CVE-2023-45768
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/next-page/wordpress-next-page-plugin-1-5-2-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45832

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions.

CVE ID : CVE-2023-45832
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-14-45-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45833

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions.

CVE ID : CVE-2023-45833
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-scripting-xss?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46068

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions.

CVE ID : CVE-2023-46068
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/xqueue-maileon/wordpress-maileon-plugin-2-16-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45634

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions.

CVE ID : CVE-2023-45634
Source : audit@patchstack.com
CVSS Score : 5.8

References :
https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46150

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.

CVE ID : CVE-2023-46150
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/wp-radio/wordpress-wp-radio-worldwide-online-radio-stations-directory-for-wordpress-plugin-3-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46198

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.

CVE ID : CVE-2023-46198
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/appointment-calendar/wordpress-appointment-calendar-plugin-2-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46151

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.

CVE ID : CVE-2023-46151
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46152

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

CVE ID : CVE-2023-46152
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46189

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.

CVE ID : CVE-2023-46189
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46190

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.

CVE ID : CVE-2023-46190
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/novo-map/wordpress-novo-map-your-wp-posts-on-custom-google-maps-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46191

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.

CVE ID : CVE-2023-46191
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/open-graph-metabox/wordpress-open-graph-metabox-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46193

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.

CVE ID : CVE-2023-46193
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/internal-link-building-plugin/wordpress-internal-link-building-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46202

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions.

CVE ID : CVE-2023-46202
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46204

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.

CVE ID : CVE-2023-46204
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/duplicate-theme/wordpress-duplicate-theme-plugin-0-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : wordfence.com

Vulnerability ID : CVE-2023-5085

First published on : 25-10-2023 18:17:42
Last modified on : 25-10-2023 20:31:55

Description :
The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5085
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/advanced-menu-widget/trunk/class-advanced-menu-widget.php?rev=1471917#L74 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5da2dac6-940c-419e-853f-6cfd5d53d427?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5110

First published on : 25-10-2023 18:17:42
Last modified on : 25-10-2023 20:31:55

Description :
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5110
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/bsk-pdf-manager/trunk/classes/shortcodes/category/category-dropdown.php?rev=2885460#L36 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5127

First published on : 25-10-2023 18:17:42
Last modified on : 25-10-2023 20:31:55

Description :
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5127
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L101 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L53 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L55 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L68 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L70 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L83 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L85 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L99 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/59ee0b56-c11f-4951-aac0-8344200e4484?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5740

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5740
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-facebook-messenger/trunk/frontend/shortcode.php#L22 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-facebook-messenger/trunk/frontend/shortcode.php#L32 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5744

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5744
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/very-simple-google-maps/trunk/very-simple-google-maps.php?rev=2941389#L22 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2982539/very-simple-google-maps#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5745

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5745
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://plugins.trac.wordpress.org/browser/reusable-text-blocks/tags/1.5.3/text-blocks.php#L319 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5126

First published on : 25-10-2023 18:17:42
Last modified on : 25-10-2023 20:31:55

Description :
The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.

CVE ID : CVE-2023-5126
Source : security@wordfence.com
CVSS Score : 4.9

References :
https://plugins.trac.wordpress.org/browser/delete-me/tags/3.0/inc/shortcode.php#L83 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5123a7-8eb4-481e-88fe-6310be37a077?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : hpe.com

Vulnerability ID : CVE-2023-43508

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

CVE ID : CVE-2023-43508
Source : security-alert@hpe.com
CVSS Score : 6.3

References :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt | source : security-alert@hpe.com


Vulnerability ID : CVE-2023-43509

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.

CVE ID : CVE-2023-43509
Source : security-alert@hpe.com
CVSS Score : 5.8

References :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt | source : security-alert@hpe.com


Vulnerability ID : CVE-2023-43510

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.

CVE ID : CVE-2023-43510
Source : security-alert@hpe.com
CVSS Score : 4.7

References :
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt | source : security-alert@hpe.com


Source : zephyrproject.org

Vulnerability ID : CVE-2023-5753

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c

CVE ID : CVE-2023-5753
Source : vulnerabilities@zephyrproject.org
CVSS Score : 6.3

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120
Vulnerability : CWE-191


Source : redhat.com

Vulnerability ID : CVE-2023-5568

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

CVE ID : CVE-2023-5568
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2023-5568 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2245174 | source : secalert@redhat.com
https://bugzilla.samba.org/show_bug.cgi?id=15491 | source : secalert@redhat.com
https://www.samba.org/samba/history/samba-4.19.2.html | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4692

First published on : 25-10-2023 18:17:41
Last modified on : 25-10-2023 20:31:55

Description :
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

CVE ID : CVE-2023-4692
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-4692 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2236613 | source : secalert@redhat.com
https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ | source : secalert@redhat.com
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html | source : secalert@redhat.com
https://seclists.org/oss-sec/2023/q4/37 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4693

First published on : 25-10-2023 18:17:41
Last modified on : 25-10-2023 20:31:55

Description :
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

CVE ID : CVE-2023-4693
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-4693 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2238343 | source : secalert@redhat.com
https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ | source : secalert@redhat.com
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html | source : secalert@redhat.com
https://seclists.org/oss-sec/2023/q4/37 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-5380

First published on : 25-10-2023 20:15:18
Last modified on : 25-10-2023 20:31:55

Description :
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

CVE ID : CVE-2023-5380
Source : secalert@redhat.com
CVSS Score : 5.1

References :
https://access.redhat.com/security/cve/CVE-2023-5380 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2244736 | source : secalert@redhat.com
https://lists.x.org/archives/xorg-announce/2023-October/003430.html | source : secalert@redhat.com


Source : themissinglink.com.au

Vulnerability ID : CVE-2023-27256

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.

CVE ID : CVE-2023-27256
Source : vdp@themissinglink.com.au
CVSS Score : 5.8

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27256 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-26579

First published on : 25-10-2023 18:17:25
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.

CVE ID : CVE-2023-26579
Source : vdp@themissinglink.com.au
CVSS Score : 5.3

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-26579 | source : vdp@themissinglink.com.au

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-27261

First published on : 25-10-2023 18:17:26
Last modified on : 25-10-2023 20:32:16

Description :
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.

CVE ID : CVE-2023-27261
Source : vdp@themissinglink.com.au
CVSS Score : 5.3

References :
https://www.themissinglink.com.au/security-advisories/cve-2023-27261 | source : vdp@themissinglink.com.au

Vulnerability : CWE-287


Source : python.org

Vulnerability ID : CVE-2023-5752

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

CVE ID : CVE-2023-5752
Source : cna@python.org
CVSS Score : 5.5

References :
https://github.com/pypa/pip/pull/12306 | source : cna@python.org
https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ | source : cna@python.org

Vulnerability : CWE-77


Source : us.ibm.com

Vulnerability ID : CVE-2023-42031

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.

CVE ID : CVE-2023-42031
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266061 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7056429 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7056433 | source : psirt@us.ibm.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-46158

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.

CVE ID : CVE-2023-46158
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7058356 | source : psirt@us.ibm.com

Vulnerability : CWE-613


Source : lenovo.com

Vulnerability ID : CVE-2022-0353

First published on : 25-10-2023 18:16:54
Last modified on : 25-10-2023 20:32:16

Description :
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

CVE ID : CVE-2022-0353
Source : psirt@lenovo.com
CVSS Score : 4.4

References :
https://support.lenovo.com/us/en/product_security/LEN-102365 | source : psirt@lenovo.com
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2022-3698

First published on : 25-10-2023 18:17:15
Last modified on : 25-10-2023 20:32:16

Description :
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

CVE ID : CVE-2022-3698
Source : psirt@lenovo.com
CVSS Score : 4.4

References :
https://support.lenovo.com/us/en/product_security/LEN-102365 | source : psirt@lenovo.com
https://support.lenovo.com/us/en/product_security/LEN-94532 | source : psirt@lenovo.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-4608

First published on : 25-10-2023 18:17:41
Last modified on : 25-10-2023 20:31:55

Description :
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVE ID : CVE-2023-4608
Source : psirt@lenovo.com
CVSS Score : 4.1

References :
https://support.lenovo.com/us/en/product_security/LEN-140960 | source : psirt@lenovo.com

Vulnerability : CWE-89


Source : vmware.com

Vulnerability ID : CVE-2023-34056

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

CVE ID : CVE-2023-34056
Source : security@vmware.com
CVSS Score : 4.3

References :
https://www.vmware.com/security/advisories/VMSA-2023-0023.html | source : security@vmware.com


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-46126

First published on : 25-10-2023 18:17:36
Last modified on : 25-10-2023 20:31:55

Description :
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`.

CVE ID : CVE-2023-46126
Source : security-advisories@github.com
CVSS Score : 3.9

References :
https://github.com/ethyca/fides/commit/3231d19699f9c895c986f6a967a64d882769c506 | source : security-advisories@github.com
https://github.com/ethyca/fides/releases/tag/2.22.1 | source : security-advisories@github.com
https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83 | source : security-advisories@github.com

Vulnerability : CWE-79


Source : pingidentity.com

Vulnerability ID : CVE-2023-34085

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

CVE ID : CVE-2023-34085
Source : responsible-disclosure@pingidentity.com
CVSS Score : 2.6

References :
https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244 | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingfederate.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-359


(162) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2022-38484

First published on : 25-10-2023 18:17:14
Last modified on : 25-10-2023 20:32:16

Description :
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.

CVE ID : CVE-2022-38484
Source : cve@mitre.org
CVSS Score : /

References :
https://citadelo.com/download/CVE-2022-38484.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2022-38485

First published on : 25-10-2023 18:17:14
Last modified on : 25-10-2023 20:32:16

Description :
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.

CVE ID : CVE-2022-38485
Source : cve@mitre.org
CVSS Score : /

References :
https://citadelo.com/download/CVE-2022-38485.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-29973

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.

CVE ID : CVE-2023-29973
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-29973-no-rate-limit/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-31580

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.

CVE ID : CVE-2023-31580
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md | source : cve@mitre.org
https://github.com/networknt/light-oauth2/issues/369 | source : cve@mitre.org


Vulnerability ID : CVE-2023-31581

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.

CVE ID : CVE-2023-31581
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dromara/sureness/issues/164 | source : cve@mitre.org
https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-31582

First published on : 25-10-2023 18:17:27
Last modified on : 25-10-2023 20:32:16

Description :
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

CVE ID : CVE-2023-31582
Source : cve@mitre.org
CVSS Score : /

References :
https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then | source : cve@mitre.org
https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-36085

First published on : 25-10-2023 18:17:28
Last modified on : 25-10-2023 20:32:16

Description :
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

CVE ID : CVE-2023-36085
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39619

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.

CVE ID : CVE-2023-39619
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/6en6ar/712a4c1eab0324f15e09232c77ea08f8 | source : cve@mitre.org
https://github.com/teomantuncer/node-email-check/blob/main/main.js, | source : cve@mitre.org
https://www.npmjs.com/package/node-email-check | source : cve@mitre.org


Vulnerability ID : CVE-2023-39732

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39732
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md | source : cve@mitre.org
https://liff.line.me/1657574837-elb6bNQj | source : cve@mitre.org


Vulnerability ID : CVE-2023-39733

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39733
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39733.md | source : cve@mitre.org
https://liff.line.me/1656987103-bk5k9PO4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39734

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39734
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39734.md | source : cve@mitre.org
https://liff.line.me/1660679145-eMKgg4rJ | source : cve@mitre.org


Vulnerability ID : CVE-2023-39735

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39735
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39735.md | source : cve@mitre.org
https://liff.line.me/1657409177-MkPLqO5D | source : cve@mitre.org


Vulnerability ID : CVE-2023-39736

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39736
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39736.md | source : cve@mitre.org
https://liff.line.me/1657606123-4Kp0xVrP | source : cve@mitre.org


Vulnerability ID : CVE-2023-39737

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39737
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39737.md | source : cve@mitre.org
https://liff.line.me/1657535522-JD5Q5Yp1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39739

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39739
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39739.md | source : cve@mitre.org
https://liff.line.me/1656985266-EmlxqQQx | source : cve@mitre.org


Vulnerability ID : CVE-2023-39740

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 20:32:16

Description :
The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39740
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39740.md | source : cve@mitre.org
https://liff.line.me/1657597257-0ozj8DwJ | source : cve@mitre.org


Vulnerability ID : CVE-2023-39814

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 18:17:29

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-39814
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-39815

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 18:17:29

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-39815
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-39816

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 18:17:29

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-39816
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-39817

First published on : 25-10-2023 18:17:29
Last modified on : 25-10-2023 18:17:29

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-39817
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-43281

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

CVE ID : CVE-2023-43281
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac | source : cve@mitre.org
https://github.com/peccc/double-stb | source : cve@mitre.org


Vulnerability ID : CVE-2023-43360

First published on : 25-10-2023 18:17:31
Last modified on : 25-10-2023 20:32:16

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

CVE ID : CVE-2023-43360
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension | source : cve@mitre.org
https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension | source : cve@mitre.org


Vulnerability ID : CVE-2023-43961

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

CVE ID : CVE-2023-43961
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dromara/Sa-Token/issues/511 | source : cve@mitre.org


Vulnerability ID : CVE-2023-44767

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.

CVE ID : CVE-2023-44767
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/RiteCMS-File-Upload--XSS---Filemanager/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44769

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.

CVE ID : CVE-2023-44769
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-44769_ZenarioCMS--Reflected-XSS---Alias/tree/main | source : cve@mitre.org
https://github.com/sromanhu/ZenarioCMS--Reflected-XSS---Alias/tree/main | source : cve@mitre.org


Vulnerability ID : CVE-2023-44794

First published on : 25-10-2023 18:17:32
Last modified on : 25-10-2023 20:32:16

Description :
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

CVE ID : CVE-2023-44794
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dromara/Sa-Token/issues/515 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45554

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.

CVE ID : CVE-2023-45554
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45555

First published on : 25-10-2023 18:17:33
Last modified on : 25-10-2023 20:32:16

Description :
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.

CVE ID : CVE-2023-45555
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45960

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.

CVE ID : CVE-2023-45960
Source : cve@mitre.org
CVSS Score : /

References :
https://dom4j.github.io/ | source : cve@mitre.org
https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main | source : cve@mitre.org


Vulnerability ID : CVE-2023-45990

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.

CVE ID : CVE-2023-45990
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PwnCYN/Wenwenai/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46010

First published on : 25-10-2023 18:17:35
Last modified on : 25-10-2023 20:31:55

Description :
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.

CVE ID : CVE-2023-46010
Source : cve@mitre.org
CVSS Score : /

References :
http://seacms.com | source : cve@mitre.org
https://blog.csdn.net/DGS666/article/details/133795200?spm=1001.2014.3001.5501 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46316

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

CVE ID : CVE-2023-46316
Source : cve@mitre.org
CVSS Score : /

References :
https://security-tracker.debian.org/tracker/CVE-2023-46316 | source : cve@mitre.org
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46346

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

CVE ID : CVE-2023-46346
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/24/exportproducts.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46347

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-46347
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/24/ndk_steppingpack.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46358

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-46358
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/10/24/referralbyphone.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46369

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.

CVE ID : CVE-2023-46369
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/Tenda/W18E/bug1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46370

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.

CVE ID : CVE-2023-46370
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/Tenda/W18E/bug2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46371

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.

CVE ID : CVE-2023-46371
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46373

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.

CVE ID : CVE-2023-46373
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46396

First published on : 25-10-2023 18:17:37
Last modified on : 25-10-2023 20:31:55

Description :
Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.

CVE ID : CVE-2023-46396
Source : cve@mitre.org
CVSS Score : /

References :
https://drive.google.com/file/d/13PK6RnYdq7fJKw47ssgLEsQvzHOJttLL/view?usp=sharing | source : cve@mitre.org


Vulnerability ID : CVE-2023-46518

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.

CVE ID : CVE-2023-46518
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md | source : cve@mitre.org
https://service.mercurycom.com.cn/download-2341.html | source : cve@mitre.org
https://www.mercurycom.com.cn/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46520

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.

CVE ID : CVE-2023-46520
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46521

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.

CVE ID : CVE-2023-46521
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46522

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.

CVE ID : CVE-2023-46522
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46523

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.

CVE ID : CVE-2023-46523
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/3/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46525

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

CVE ID : CVE-2023-46525
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46526

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.

CVE ID : CVE-2023-46526
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46527

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.

CVE ID : CVE-2023-46527
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46534

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.

CVE ID : CVE-2023-46534
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46535

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

CVE ID : CVE-2023-46535
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46536

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.

CVE ID : CVE-2023-46536
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46537

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

CVE ID : CVE-2023-46537
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46538

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.

CVE ID : CVE-2023-46538
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46539

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.

CVE ID : CVE-2023-46539
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md | source : cve@mitre.org
https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46540

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.

CVE ID : CVE-2023-46540
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46541

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.

CVE ID : CVE-2023-46541
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46542

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.

CVE ID : CVE-2023-46542
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46543

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.

CVE ID : CVE-2023-46543
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46544

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.

CVE ID : CVE-2023-46544
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46545

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.

CVE ID : CVE-2023-46545
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46546

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.

CVE ID : CVE-2023-46546
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46547

First published on : 25-10-2023 18:17:38
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.

CVE ID : CVE-2023-46547
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46548

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.

CVE ID : CVE-2023-46548
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46549

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.

CVE ID : CVE-2023-46549
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46550

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.

CVE ID : CVE-2023-46550
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46551

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.

CVE ID : CVE-2023-46551
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46552

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.

CVE ID : CVE-2023-46552
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46553

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.

CVE ID : CVE-2023-46553
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46554

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.

CVE ID : CVE-2023-46554
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46555

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.

CVE ID : CVE-2023-46555
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46556

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.

CVE ID : CVE-2023-46556
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46557

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.

CVE ID : CVE-2023-46557
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46558

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.

CVE ID : CVE-2023-46558
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46559

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.

CVE ID : CVE-2023-46559
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46560

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.

CVE ID : CVE-2023-46560
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46562

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.

CVE ID : CVE-2023-46562
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46563

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.

CVE ID : CVE-2023-46563
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46564

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.

CVE ID : CVE-2023-46564
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46574

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.

CVE ID : CVE-2023-46574
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46408

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.

CVE ID : CVE-2023-46408
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/16/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46409

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.

CVE ID : CVE-2023-46409
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/13/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46410

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.

CVE ID : CVE-2023-46410
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/10/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46411

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.

CVE ID : CVE-2023-46411
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/11/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46412

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.

CVE ID : CVE-2023-46412
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/15/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46413

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.

CVE ID : CVE-2023-46413
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/1/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46414

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.

CVE ID : CVE-2023-46414
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/14/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46415

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.

CVE ID : CVE-2023-46415
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/17/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46416

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.

CVE ID : CVE-2023-46416
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/12/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46417

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.

CVE ID : CVE-2023-46417
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/2/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46418

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.

CVE ID : CVE-2023-46418
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/7/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46419

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.

CVE ID : CVE-2023-46419
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/6/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46420

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.

CVE ID : CVE-2023-46420
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/5/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46421

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.

CVE ID : CVE-2023-46421
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/8/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46422

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.

CVE ID : CVE-2023-46422
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/9/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46423

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.

CVE ID : CVE-2023-46423
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/4/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46424

First published on : 25-10-2023 20:15:12
Last modified on : 25-10-2023 20:31:55

Description :
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.

CVE ID : CVE-2023-46424
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/3/1.md | source : cve@mitre.org
https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36 | source : cve@mitre.org


Source : googlegroups.com

Vulnerability ID : CVE-2023-46650

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE ID : CVE-2023-46650
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46651

First published on : 25-10-2023 18:17:39
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.

CVE ID : CVE-2023-46651
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46652

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.

CVE ID : CVE-2023-46652
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46653

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.

CVE ID : CVE-2023-46653
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46654

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2023-46654
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46655

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.

CVE ID : CVE-2023-46655
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46656

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE ID : CVE-2023-46656
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46657

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE ID : CVE-2023-46657
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46658

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE ID : CVE-2023-46658
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46659

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE ID : CVE-2023-46659
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-46660

First published on : 25-10-2023 18:17:40
Last modified on : 25-10-2023 20:31:55

Description :
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE ID : CVE-2023-46660
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/25/2 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879 | source : jenkinsci-cert@googlegroups.com


Source : openssl.org

Vulnerability ID : CVE-2023-5363

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.

CVE ID : CVE-2023-5363
Source : openssl-security@openssl.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/24/1 | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d | source : openssl-security@openssl.org
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee | source : openssl-security@openssl.org
https://www.debian.org/security/2023/dsa-5532 | source : openssl-security@openssl.org
https://www.openssl.org/news/secadv/20231024.txt | source : openssl-security@openssl.org


Source : google.com

Vulnerability ID : CVE-2023-5472

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-5472
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html | source : chrome-cve-admin@google.com
https://crbug.com/1491296 | source : chrome-cve-admin@google.com


Source : hp.com

Vulnerability ID : CVE-2023-5671

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

CVE ID : CVE-2023-5671
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9502679-9502704-16 | source : hp-security-alert@hp.com


Source : mozilla.org

Vulnerability ID : CVE-2023-5721

First published on : 25-10-2023 18:17:43
Last modified on : 25-10-2023 20:31:55

Description :
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5721
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5722

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

CVE ID : CVE-2023-5722
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1738426 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5723

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

CVE ID : CVE-2023-5723
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1802057 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5724

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5724
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5725

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5725
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5726

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5726
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5727

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5727
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5728

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5728
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5729

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.

CVE ID : CVE-2023-5729
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1823720 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5730

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5730
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5731

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.

CVE ID : CVE-2023-5731
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1690111%2C1721904%2C1851803%2C1854068 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-45/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5732

First published on : 25-10-2023 18:17:44
Last modified on : 25-10-2023 20:31:55

Description :
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVE ID : CVE-2023-5732
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 | source : security@mozilla.org
https://bugzilla.mozilla.org/show_bug.cgi?id=1836962 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-34/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-46/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-47/ | source : security@mozilla.org


Vulnerability ID : CVE-2023-5758

First published on : 25-10-2023 18:17:45
Last modified on : 25-10-2023 20:31:55

Description :
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

CVE ID : CVE-2023-5758
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1850019 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-48/ | source : security@mozilla.org


Source : apple.com

Vulnerability ID : CVE-2023-32359

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.

CVE ID : CVE-2023-32359
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40401

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.

CVE ID : CVE-2023-40401
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40404

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-40404
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40405

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.

CVE ID : CVE-2023-40405
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40408

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.

CVE ID : CVE-2023-40408
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40413

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.

CVE ID : CVE-2023-40413
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40416

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.

CVE ID : CVE-2023-40416
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40421

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-40421
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40423

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-40423
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40425

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.

CVE ID : CVE-2023-40425
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40444

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-40444
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40445

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.

CVE ID : CVE-2023-40445
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40447

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-40447
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213986 | source : product-security@apple.com
https://support.apple.com/en-us/HT213987 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40449

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.

CVE ID : CVE-2023-40449
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41072

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-41072
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41077

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.

CVE ID : CVE-2023-41077
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41254

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-41254
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41975

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.

CVE ID : CVE-2023-41975
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41976

First published on : 25-10-2023 19:15:09
Last modified on : 25-10-2023 20:31:55

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-41976
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213986 | source : product-security@apple.com
https://support.apple.com/en-us/HT213987 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41977

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.

CVE ID : CVE-2023-41977
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41982

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE ID : CVE-2023-41982
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41983

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

CVE ID : CVE-2023-41983
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213986 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41988

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE ID : CVE-2023-41988
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41989

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.

CVE ID : CVE-2023-41989
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41997

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE ID : CVE-2023-41997
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42438

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.

CVE ID : CVE-2023-42438
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42841

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-42841
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42842

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42842
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42844

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.

CVE ID : CVE-2023-42844
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42845

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.

CVE ID : CVE-2023-42845
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42846

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

CVE ID : CVE-2023-42846
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213987 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213987 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42847

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.

CVE ID : CVE-2023-42847
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42849

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CVE ID : CVE-2023-42849
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com
https://support.apple.com/kb/HT213981 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42850

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42850
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42852

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-42852
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213986 | source : product-security@apple.com
https://support.apple.com/en-us/HT213987 | source : product-security@apple.com
https://support.apple.com/en-us/HT213988 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42854

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.

CVE ID : CVE-2023-42854
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42856

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42856
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/en-us/HT213985 | source : product-security@apple.com
https://support.apple.com/kb/HT213983 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213985 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42857

First published on : 25-10-2023 19:15:10
Last modified on : 25-10-2023 20:31:55

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42857
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213982 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42861

First published on : 25-10-2023 19:15:11
Last modified on : 25-10-2023 20:31:55

Description :
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE ID : CVE-2023-42861
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : product-security@apple.com
https://support.apple.com/kb/HT213984 | source : product-security@apple.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.