Latest vulnerabilities of Wednesday, October 4, 2023

Latest vulnerabilities of Wednesday, October 4, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/04/2023 at 11:58:02 PM

(14) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : atlassian.com

Vulnerability ID : CVE-2023-22515

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.

CVE ID : CVE-2023-22515
Source : security@atlassian.com
CVSS Score : 10.0

References :
https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515 | source : security@atlassian.com
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276 | source : security@atlassian.com
https://jira.atlassian.com/browse/CONFSERVER-92457 | source : security@atlassian.com


Source : silabs.com

Vulnerability ID : CVE-2023-41094

First published on : 04-10-2023 21:15:09
Last modified on : 04-10-2023 21:15:09

Description :
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

CVE ID : CVE-2023-41094
Source : product-security@silabs.com
CVSS Score : 10.0

References :
https://community.silabs.com/0688Y00000aIPzL | source : product-security@silabs.com

Vulnerability : CWE-672
Vulnerability : CWE-772


Source : incibe.es

Vulnerability ID : CVE-2023-3701

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.

CVE ID : CVE-2023-3701
Source : cve-coordination@incibe.es
CVSS Score : 9.9

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-aqua-esolutions | source : cve-coordination@incibe.es

Vulnerability : CWE-23


Vulnerability ID : CVE-2023-4037

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.

CVE ID : CVE-2023-4037
Source : cve-coordination@incibe.es
CVSS Score : 9.9

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-setelsa-security-conacwin | source : cve-coordination@incibe.es

Vulnerability : CWE-89


Vulnerability ID : CVE-2022-36276

First published on : 04-10-2023 16:15:10
Last modified on : 04-10-2023 18:14:55

Description :
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.

CVE ID : CVE-2022-36276
Source : cve-coordination@incibe.es
CVSS Score : 9.9

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim | source : cve-coordination@incibe.es

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-3038

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.

CVE ID : CVE-2023-3038
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community | source : cve-coordination@incibe.es

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4491

First published on : 04-10-2023 13:15:25
Last modified on : 04-10-2023 14:16:47

Description :
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.

CVE ID : CVE-2023-4491
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-4494

First published on : 04-10-2023 13:15:26
Last modified on : 04-10-2023 14:16:47

Description :
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.

CVE ID : CVE-2023-4494
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-119


Source : cisco.com

Vulnerability ID : CVE-2023-20101

First published on : 04-10-2023 17:15:09
Last modified on : 04-10-2023 18:14:55

Description :
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

CVE ID : CVE-2023-20101
Source : ykramarz@cisco.com
CVSS Score : 9.8

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 | source : ykramarz@cisco.com


Source : se.com

Vulnerability ID : CVE-2023-5402

First published on : 04-10-2023 18:15:12
Last modified on : 04-10-2023 19:53:11

Description :
A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used.

CVE ID : CVE-2023-5402
Source : cybersecurity@se.com
CVSS Score : 9.8

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-01.pdf | source : cybersecurity@se.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-5391

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

CVE ID : CVE-2023-5391
Source : cybersecurity@se.com
CVSS Score : 9.8

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-02.pdf | source : cybersecurity@se.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-5399

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
A?CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?vulnerability exists?that could cause?a path traversal issue?when?using the File Command.

CVE ID : CVE-2023-5399
Source : cybersecurity@se.com
CVSS Score : 9.8

References :
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-283-01.pdf | source : cybersecurity@se.com

Vulnerability : CWE-22


Source : github.com

Vulnerability ID : CVE-2023-42809

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue. Some post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization.

CVE ID : CVE-2023-42809
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/redisson/redisson/commit/fe6a2571801656ff1599ef87bdee20f519a5d1fe | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-053_Redisson/ | source : security-advisories@github.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-38701

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue.

CVE ID : CVE-2023-38701
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0120---2023-08-18 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/Commit.hs#L94-L97 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/Util.hs#L32-L42 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/security/advisories/GHSA-6x9v-7x5r-w8w6 | source : security-advisories@github.com

Vulnerability : CWE-20


(21) HIGH VULNERABILITIES [7.0, 8.9]

Source : cert.pl

Vulnerability ID : CVE-2023-4997

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

CVE ID : CVE-2023-4997
Source : cvd@cert.pl
CVSS Score : 8.8

References :
https://cert.pl/en/posts/2023/10/CVE-2023-4997/ | source : cvd@cert.pl
https://cert.pl/posts/2023/10/CVE-2023-4997/ | source : cvd@cert.pl

Vulnerability : CWE-862


Source : incibe.es

Vulnerability ID : CVE-2023-3037

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.

CVE ID : CVE-2023-3037
Source : cve-coordination@incibe.es
CVSS Score : 8.6

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community | source : cve-coordination@incibe.es

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-2809

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

CVE ID : CVE-2023-2809
Source : cve-coordination@incibe.es
CVSS Score : 7.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 | source : cve-coordination@incibe.es

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-3512

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

CVE ID : CVE-2023-3512
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin | source : cve-coordination@incibe.es

Vulnerability : CWE-23


Source : cisco.com

Vulnerability ID : CVE-2023-20259

First published on : 04-10-2023 17:15:09
Last modified on : 04-10-2023 18:14:55

Description :
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

CVE ID : CVE-2023-20259
Source : ykramarz@cisco.com
CVSS Score : 8.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF | source : ykramarz@cisco.com


Source : samsung.com

Vulnerability ID : CVE-2023-30690

First published on : 04-10-2023 04:15:12
Last modified on : 04-10-2023 12:56:06

Description :
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30690
Source : mobile.security@samsung.com
CVSS Score : 8.5

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-30692

First published on : 04-10-2023 04:15:12
Last modified on : 04-10-2023 12:56:06

Description :
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

CVE ID : CVE-2023-30692
Source : mobile.security@samsung.com
CVSS Score : 8.5

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-30733

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.

CVE ID : CVE-2023-30733
Source : mobile.security@samsung.com
CVSS Score : 7.8

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-121


Source : redhat.com

Vulnerability ID : CVE-2023-39191

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

CVE ID : CVE-2023-39191
Source : secalert@redhat.com
CVSS Score : 8.2

References :
https://access.redhat.com/security/cve/CVE-2023-39191 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2226783 | source : secalert@redhat.com
https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399/ | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3361

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

CVE ID : CVE-2023-3361
Source : secalert@redhat.com
CVSS Score : 7.7

References :
https://access.redhat.com/security/cve/CVE-2023-3361 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2216588 | source : secalert@redhat.com
https://github.com/opendatahub-io/odh-dashboard/issues/1415 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-1584

First published on : 04-10-2023 11:15:09
Last modified on : 04-10-2023 12:56:06

Description :
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.

CVE ID : CVE-2023-1584
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/errata/RHSA-2023:3809 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-1584 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2180886 | source : secalert@redhat.com
https://github.com/quarkusio/quarkus/pull/32192 | source : secalert@redhat.com
https://github.com/quarkusio/quarkus/pull/33414 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3971

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

CVE ID : CVE-2023-3971
Source : secalert@redhat.com
CVSS Score : 7.3

References :
https://access.redhat.com/errata/RHSA-2023:4340 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:4590 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-3971 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2226965 | source : secalert@redhat.com


Source : mitre.org

Vulnerability ID : CVE-2023-22618

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

CVE ID : CVE-2023-22618
Source : cve@mitre.org
CVSS Score : 8.1

References :
https://nokia.com | source : cve@mitre.org
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/ | source : cve@mitre.org


Source : github.com

Vulnerability ID : CVE-2023-42448

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue.

CVE ID : CVE-2023-42448
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0130---2023-10-03 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/Head.hs#L284-L296 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/Head.hs#L320-L323 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/commit/2f45529729e28254a62f7a7c8d6649066923ed1f | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/security/advisories/GHSA-mgcx-6p7h-5996 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-42449

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`. During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom). The malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT. Version 0.13.0 fixes this issue.

CVE ID : CVE-2023-42449
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-node/src/Hydra/Chain/Direct/Tx.hs#L645-L761 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-plutus/src/Hydra/Contract/Initial.hs#L84-L91 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0130---2023-10-03 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/HeadTokens.hs#L76-L136 | source : security-advisories@github.com
https://github.com/input-output-hk/hydra/security/advisories/GHSA-9m8q-7wxv-v65p | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-43793

First published on : 04-10-2023 21:15:10
Last modified on : 04-10-2023 21:15:10

Description :
Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.

CVE ID : CVE-2023-43793
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2 | source : security-advisories@github.com
https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc | source : security-advisories@github.com
https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-43805

First published on : 04-10-2023 21:15:10
Last modified on : 04-10-2023 21:15:10

Description :
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.

CVE ID : CVE-2023-43805
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc | source : security-advisories@github.com
https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d | source : security-advisories@github.com
https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-43809

First published on : 04-10-2023 21:15:10
Last modified on : 04-10-2023 21:15:10

Description :
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.

CVE ID : CVE-2023-43809
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89 | source : security-advisories@github.com
https://github.com/charmbracelet/soft-serve/issues/389 | source : security-advisories@github.com
https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2 | source : security-advisories@github.com
https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v | source : security-advisories@github.com

Vulnerability : CWE-287


Source : acronis.com

Vulnerability ID : CVE-2023-44208

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.

CVE ID : CVE-2023-44208
Source : security@acronis.com
CVSS Score : 7.8

References :
https://security-advisory.acronis.com/advisories/SEC-6587 | source : security@acronis.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-44210

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.

CVE ID : CVE-2023-44210
Source : security@acronis.com
CVSS Score : 7.3

References :
https://security-advisory.acronis.com/advisories/SEC-2159 | source : security@acronis.com

Vulnerability : CWE-862


Source : vuldb.com

Vulnerability ID : CVE-2023-5373

First published on : 04-10-2023 13:15:26
Last modified on : 04-10-2023 14:16:47

Description :
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5373
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/Szlllc/Cve/blob/main/Computer%20and%20Laptop%20Store%20System%20Master.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.241254 | source : cna@vuldb.com
https://vuldb.com/?id.241254 | source : cna@vuldb.com

Vulnerability : CWE-89


(53) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : redhat.com

Vulnerability ID : CVE-2023-1832

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

CVE ID : CVE-2023-1832
Source : secalert@redhat.com
CVSS Score : 6.8

References :
https://access.redhat.com/security/cve/CVE-2023-1832 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2184364 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4237

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

CVE ID : CVE-2023-4237
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-4237 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2229979 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4380

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

CVE ID : CVE-2023-4380
Source : secalert@redhat.com
CVSS Score : 6.3

References :
https://access.redhat.com/errata/RHSA-2023:4693 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-4380 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2232324 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3428

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CVE ID : CVE-2023-3428
Source : secalert@redhat.com
CVSS Score : 6.2

References :
https://access.redhat.com/security/cve/CVE-2023-3428 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2218369 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-4132

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

CVE ID : CVE-2022-4132
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2022-4132 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2147372 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-2422

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

CVE ID : CVE-2023-2422
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/errata/RHSA-2023:3883 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3884 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3885 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3888 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3892 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-2422 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2191668 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3576

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

CVE ID : CVE-2023-3576
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-3576 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2219340 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4586

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

CVE ID : CVE-2023-4586
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-4586 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2235564 | source : secalert@redhat.com
https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3153

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE ID : CVE-2023-3153
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-3153 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2213279 | source : secalert@redhat.com
https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd | source : secalert@redhat.com
https://github.com/ovn-org/ovn/issues/198 | source : secalert@redhat.com
https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html | source : secalert@redhat.com
https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html | source : secalert@redhat.com


Source : samsung.com

Vulnerability ID : CVE-2023-30727

First published on : 04-10-2023 04:15:12
Last modified on : 04-10-2023 12:56:06

Description :
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

CVE ID : CVE-2023-30727
Source : mobile.security@samsung.com
CVSS Score : 6.7

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-30731

First published on : 04-10-2023 04:15:12
Last modified on : 04-10-2023 12:56:06

Description :
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.

CVE ID : CVE-2023-30731
Source : mobile.security@samsung.com
CVSS Score : 5.7

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-30732

First published on : 04-10-2023 04:15:12
Last modified on : 04-10-2023 12:56:06

Description :
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

CVE ID : CVE-2023-30732
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-30738

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

CVE ID : CVE-2023-30738
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-30735

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.

CVE ID : CVE-2023-30735
Source : mobile.security@samsung.com
CVSS Score : 5.1

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-281


Vulnerability ID : CVE-2023-30736

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.

CVE ID : CVE-2023-30736
Source : mobile.security@samsung.com
CVSS Score : 4.4

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-30734

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

CVE ID : CVE-2023-30734
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-30737

First published on : 04-10-2023 04:15:13
Last modified on : 04-10-2023 12:56:06

Description :
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

CVE ID : CVE-2023-30737
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | source : mobile.security@samsung.com

Vulnerability : CWE-284


Source : incibe.es

Vulnerability ID : CVE-2022-36277

First published on : 04-10-2023 16:15:10
Last modified on : 04-10-2023 18:14:55

Description :
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

CVE ID : CVE-2022-36277
Source : cve-coordination@incibe.es
CVSS Score : 6.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4492

First published on : 04-10-2023 13:15:25
Last modified on : 04-10-2023 14:16:47

Description :
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded

CVE ID : CVE-2023-4492
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4493

First published on : 04-10-2023 13:15:25
Last modified on : 04-10-2023 14:16:47

Description :
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

CVE ID : CVE-2023-4493
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4495

First published on : 04-10-2023 13:15:26
Last modified on : 04-10-2023 14:16:47

Description :
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.

CVE ID : CVE-2023-4495
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4496

First published on : 04-10-2023 13:15:26
Last modified on : 04-10-2023 14:16:47

Description :
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.

CVE ID : CVE-2023-4496
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4497

First published on : 04-10-2023 13:15:26
Last modified on : 04-10-2023 14:16:47

Description :
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.

CVE ID : CVE-2023-4497
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4090

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

CVE ID : CVE-2023-4090
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-widestand-cms-acilia | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2021-3784

First published on : 04-10-2023 16:15:09
Last modified on : 04-10-2023 18:14:55

Description :
Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.

CVE ID : CVE-2021-3784
Source : cve-coordination@incibe.es
CVSS Score : 5.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/garuda-linux-improper-authorization | source : cve-coordination@incibe.es

Vulnerability : CWE-285


Source : cisco.com

Vulnerability ID : CVE-2023-20235

First published on : 04-10-2023 17:15:09
Last modified on : 04-10-2023 18:14:55

Description :
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.

CVE ID : CVE-2023-20235
Source : ykramarz@cisco.com
CVSS Score : 6.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn | source : ykramarz@cisco.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-37404

First published on : 04-10-2023 02:15:09
Last modified on : 04-10-2023 12:56:10

Description :
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.

CVE ID : CVE-2023-37404
Source : psirt@us.ibm.com
CVSS Score : 6.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/259789 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7041863 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2023-40376

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.

CVE ID : CVE-2023-40376
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7037230 | source : psirt@us.ibm.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-35905

First published on : 04-10-2023 01:15:50
Last modified on : 04-10-2023 12:56:10

Description :
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.

CVE ID : CVE-2023-35905
Source : psirt@us.ibm.com
CVSS Score : 4.6

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/259384 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7014389 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-40684

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.

CVE ID : CVE-2023-40684
Source : psirt@us.ibm.com
CVSS Score : 4.6

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/264019 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7046226 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-22447

First published on : 04-10-2023 00:15:11
Last modified on : 04-10-2023 12:56:10

Description :
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.

CVE ID : CVE-2022-22447
Source : psirt@us.ibm.com
CVSS Score : 4.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/224648 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7042313 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Source : wordfence.com

Vulnerability ID : CVE-2023-5291

First published on : 04-10-2023 02:15:10
Last modified on : 04-10-2023 12:56:06

Description :
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5291
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/blog-filter/tags/1.5.3/blog-filter-output.php#L128 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2974261/blog-filter#file54 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5357

First published on : 04-10-2023 02:15:10
Last modified on : 04-10-2023 12:56:06

Description :
The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5357
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/instagram-for-wordpress/tags/2.1.6/templates/instagramPost.php#L12 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3213

First published on : 04-10-2023 02:15:09
Last modified on : 04-10-2023 12:56:10

Description :
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.

CVE ID : CVE-2023-3213
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://wpmailsmtp.com/docs/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Source : patchstack.com

Vulnerability ID : CVE-2023-25788

First published on : 04-10-2023 11:15:09
Last modified on : 04-10-2023 12:56:02

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.

CVE ID : CVE-2023-25788
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/saphali-woocommerce-lite/wordpress-saphali-woocommerce-lite-plugin-1-8-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27433

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative plugin <= 1.3.0 versions.

CVE ID : CVE-2023-27433
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/make-paths-relative/wordpress-make-paths-relative-plugin-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-40561

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.

CVE ID : CVE-2023-40561
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/woo-ecommerce-tracking-for-google-and-facebook/wordpress-enhanced-ecommerce-google-analytics-for-woocommerce-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25489

First published on : 04-10-2023 11:15:09
Last modified on : 04-10-2023 12:56:02

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.

CVE ID : CVE-2023-25489
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/update-theme-and-plugins-from-zip-file/wordpress-update-theme-and-plugins-from-zip-file-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25980

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.

CVE ID : CVE-2023-25980
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/rvg-optimize-database/wordpress-optimize-database-after-deleting-revisions-plugin-5-0-110-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-37995

First published on : 04-10-2023 11:15:10
Last modified on : 04-10-2023 12:56:02

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

CVE ID : CVE-2023-37995
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-copyprotect/wordpress-wp-copyprotect-protect-your-blog-posts-plugin-3-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25025

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

CVE ID : CVE-2023-25025
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-copyprotect/wordpress-wp-copyprotect-protect-your-blog-posts-plugin-3-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-40559

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.

CVE ID : CVE-2023-40559
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woo-conditional-discount-rules-for-checkout/wordpress-dynamic-pricing-and-discount-rules-for-woocommerce-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2023-5374

First published on : 04-10-2023 14:15:11
Last modified on : 04-10-2023 14:16:47

Description :
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.

CVE ID : CVE-2023-5374
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Computer%20and%20Laptop%20Store%20System%20products.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.241255 | source : cna@vuldb.com
https://vuldb.com/?id.241255 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-42808

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voiceโ€™s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.

CVE ID : CVE-2023-42808
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/fetch-legal-document.ts#LL21-L62C2 | source : security-advisories@github.com
https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/server.ts#L214 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-026_Common_Voice/ | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43804

First published on : 04-10-2023 17:15:10
Last modified on : 04-10-2023 18:14:55

Description :
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

CVE ID : CVE-2023-43804
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb | source : security-advisories@github.com
https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d | source : security-advisories@github.com
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-43799

First published on : 04-10-2023 21:15:10
Last modified on : 04-10-2023 21:15:10

Description :
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.

CVE ID : CVE-2023-43799
Source : security-advisories@github.com
CVSS Score : 5.0

References :
https://github.com/altair-graphql/altair/releases/tag/v5.2.5 | source : security-advisories@github.com
https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm | source : security-advisories@github.com

Vulnerability : CWE-20


Source : fb.com

Vulnerability ID : CVE-2023-38537

First published on : 04-10-2023 20:15:09
Last modified on : 04-10-2023 20:15:09

Description :
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CVE ID : CVE-2023-38537
Source : cve-assign@fb.com
CVSS Score : 5.6

References :
https://www.whatsapp.com/security/advisories/2023/ | source : cve-assign@fb.com

Vulnerability : CWE-366
Vulnerability : CWE-416


Vulnerability ID : CVE-2023-38538

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CVE ID : CVE-2023-38538
Source : cve-assign@fb.com
CVSS Score : 5.0

References :
https://www.whatsapp.com/security/advisories/2023/ | source : cve-assign@fb.com

Vulnerability : CWE-366
Vulnerability : CWE-416


Source : acronis.com

Vulnerability ID : CVE-2023-44209

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

CVE ID : CVE-2023-44209
Source : security@acronis.com
CVSS Score : 5.6

References :
https://security-advisory.acronis.com/advisories/SEC-2119 | source : security@acronis.com

Vulnerability : CWE-610


Source : huntr.dev

Vulnerability ID : CVE-2023-5377

First published on : 04-10-2023 10:15:10
Last modified on : 04-10-2023 12:56:06

Description :
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

CVE ID : CVE-2023-5377
Source : security@huntr.dev
CVSS Score : 5.5

References :
https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce | source : security@huntr.dev
https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf | source : security@huntr.dev

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-5375

First published on : 04-10-2023 09:15:31
Last modified on : 04-10-2023 12:56:06

Description :
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.

CVE ID : CVE-2023-5375
Source : security@huntr.dev
CVSS Score : 4.3

References :
https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8 | source : security@huntr.dev
https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9 | source : security@huntr.dev

Vulnerability : CWE-601


Source : trellix.com

Vulnerability ID : CVE-2023-3665

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

CVE ID : CVE-2023-3665
Source : trellixpsirt@trellix.com
CVSS Score : 5.5

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10405 | source : trellixpsirt@trellix.com

Vulnerability : CWE-74


Source : gitlab.com

Vulnerability ID : CVE-2023-5371

First published on : 04-10-2023 17:15:10
Last modified on : 04-10-2023 18:14:55

Description :
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2023-5371
Source : cve@gitlab.com
CVSS Score : 5.3

References :
https://gitlab.com/wireshark/wireshark/-/issues/19322 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2023-27.html | source : cve@gitlab.com

Vulnerability : CWE-789


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : us.ibm.com

Vulnerability ID : CVE-2022-43906

First published on : 04-10-2023 14:15:10
Last modified on : 04-10-2023 14:16:47

Description :
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.

CVE ID : CVE-2022-43906
Source : psirt@us.ibm.com
CVSS Score : 3.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/240897 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7038019 | source : psirt@us.ibm.com


Source : github.com

Vulnerability ID : CVE-2023-44389

First published on : 04-10-2023 21:15:10
Last modified on : 04-10-2023 21:15:10

Description :
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6

CVE ID : CVE-2023-44389
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a | source : security-advisories@github.com
https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d | source : security-advisories@github.com
https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh | source : security-advisories@github.com

Vulnerability : CWE-79


(13) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : freebsd.org

Vulnerability ID : CVE-2023-5368

First published on : 04-10-2023 04:15:14
Last modified on : 04-10-2023 12:56:06

Description :
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

CVE ID : CVE-2023-5368
Source : secteam@freebsd.org
CVSS Score : /

References :
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc | source : secteam@freebsd.org

Vulnerability : CWE-1188


Vulnerability ID : CVE-2023-5369

First published on : 04-10-2023 04:15:14
Last modified on : 04-10-2023 12:56:06

Description :
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

CVE ID : CVE-2023-5369
Source : secteam@freebsd.org
CVSS Score : /

References :
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc | source : secteam@freebsd.org

Vulnerability : CWE-273


Vulnerability ID : CVE-2023-5370

First published on : 04-10-2023 04:15:15
Last modified on : 04-10-2023 12:56:06

Description :
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.

CVE ID : CVE-2023-5370
Source : secteam@freebsd.org
CVSS Score : /

References :
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc | source : secteam@freebsd.org

Vulnerability : CWE-665


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-44272

First published on : 04-10-2023 09:15:31
Last modified on : 04-10-2023 12:56:06

Description :
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.

CVE ID : CVE-2023-44272
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://code.citadel.org/citadel/citadel | source : vultures@jpcert.or.jp
https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN08237727/ | source : vultures@jpcert.or.jp
https://www.citadel.org/download.html | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnerability ID : CVE-2023-43261

First published on : 04-10-2023 12:15:10
Last modified on : 04-10-2023 12:56:02

Description :
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

CVE ID : CVE-2023-43261
Source : cve@mitre.org
CVSS Score : /

References :
http://milesight.com | source : cve@mitre.org
http://ur5x.com | source : cve@mitre.org
https://github.com/win3zz/CVE-2023-43261 | source : cve@mitre.org
https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf | source : cve@mitre.org
https://support.milesight-iot.com/support/home | source : cve@mitre.org


Vulnerability ID : CVE-2023-43838

First published on : 04-10-2023 16:15:10
Last modified on : 04-10-2023 18:14:55

Description :
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.

CVE ID : CVE-2023-43838
Source : cve@mitre.org
CVSS Score : /

References :
http://www.w3.org/2000/svg | source : cve@mitre.org
https://github.com/Volmarg | source : cve@mitre.org
https://github.com/Volmarg/personal-management-system | source : cve@mitre.org
https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35 | source : cve@mitre.org
https://github.com/rootd4ddy/ | source : cve@mitre.org
https://github.com/rootd4ddy/CVE-2023-43838 | source : cve@mitre.org


Vulnerability ID : CVE-2023-27121

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.

CVE ID : CVE-2023-27121
Source : cve@mitre.org
CVSS Score : /

References :
https://pleasantpasswords.com/download | source : cve@mitre.org
https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/ | source : cve@mitre.org
https://www.nuget.org/packages/CronExpressionDescriptor/2.9.0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-44075

First published on : 04-10-2023 20:15:10
Last modified on : 04-10-2023 20:15:10

Description :
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.

CVE ID : CVE-2023-44075
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36618

First published on : 04-10-2023 21:15:09
Last modified on : 04-10-2023 21:15:09

Description :
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.

CVE ID : CVE-2023-36618
Source : cve@mitre.org
CVSS Score : /

References :
https://networks.unify.com/security/advisories/OBSO-2307-01.pdf | source : cve@mitre.org
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html | source : cve@mitre.org
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-36619

First published on : 04-10-2023 21:15:09
Last modified on : 04-10-2023 21:15:09

Description :
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.

CVE ID : CVE-2023-36619
Source : cve@mitre.org
CVSS Score : /

References :
https://networks.unify.com/security/advisories/OBSO-2307-01.pdf | source : cve@mitre.org
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html | source : cve@mitre.org
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ | source : cve@mitre.org


Source : redhat.com

Vulnerability ID : CVE-2023-4567

First published on : 04-10-2023 14:15:11
Last modified on : 04-10-2023 14:15:11

Description :
** REJECT ** Issue has been found to be non-reproducible, therefore not a viable flaw.

CVE ID : CVE-2023-4567
Source : secalert@redhat.com
CVSS Score : /

References :


Source : hp.com

Vulnerability ID : CVE-2023-5113

First published on : 04-10-2023 15:15:12
Last modified on : 04-10-2023 15:53:23

Description :
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

CVE ID : CVE-2023-5113
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_9365285-9365309-16 | source : hp-security-alert@hp.com


Source : apple.com

Vulnerability ID : CVE-2023-42824

First published on : 04-10-2023 19:15:10
Last modified on : 04-10-2023 19:53:11

Description :
The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

CVE ID : CVE-2023-42824
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213961 | source : product-security@apple.com
https://support.apple.com/kb/HT213961 | source : product-security@apple.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.