Latest vulnerabilities of Wednesday, September 13, 2023

Latest vulnerabilities of Wednesday, September 13, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/13/2023 at 11:58:27 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : cert.vde.com

Vulnerability ID : CVE-2023-3935

First published on : 13-09-2023 14:15:09
Last modified on : 13-09-2023 16:34:14

Description :
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVE ID : CVE-2023-3935
Source : info@cert.vde.com
CVSS Score : 10.0

References :
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf | source : info@cert.vde.com
https://cert.vde.com/en/advisories/VDE-2023-031/ | source : info@cert.vde.com

Vulnerability : CWE-787


Source : github.com

Vulnerability ID : CVE-2023-41892

First published on : 13-09-2023 20:15:08
Last modified on : 13-09-2023 20:15:08

Description :
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

CVE ID : CVE-2023-41892
Source : security-advisories@github.com
CVSS Score : 10.0

References :
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857 | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1 | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476 | source : security-advisories@github.com
https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g | source : security-advisories@github.com

Vulnerability : CWE-94


Source : nlnetlabs.nl

Vulnerability ID : CVE-2023-39916

First published on : 13-09-2023 15:15:07
Last modified on : 13-09-2023 16:34:14

Description :
NLnet Labsโ€™ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

CVE ID : CVE-2023-39916
Source : sep@nlnetlabs.nl
CVSS Score : 9.3

References :
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt | source : sep@nlnetlabs.nl

Vulnerability : CWE-35


(16) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-4153

First published on : 13-09-2023 03:15:08
Last modified on : 13-09-2023 12:55:59

Description :
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.

CVE ID : CVE-2023-4153
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/ban-users/tags/1.5.3/include/ajax.php#L109 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ban-users/tags/1.5.3/include/ajax.php#L199 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=cve | source : security@wordfence.com

Vulnerability : CWE-266


Vulnerability ID : CVE-2023-4213

First published on : 13-09-2023 03:15:08
Last modified on : 13-09-2023 12:55:59

Description :
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

CVE ID : CVE-2023-4213
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.php#L148 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve | source : security@wordfence.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-4916

First published on : 13-09-2023 03:15:09
Last modified on : 13-09-2023 12:55:59

Description :
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4916
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L2953 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Source : cert.vde.com

Vulnerability ID : CVE-2023-4701

First published on : 13-09-2023 14:15:09
Last modified on : 13-09-2023 16:34:14

Description :
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.

CVE ID : CVE-2023-4701
Source : info@cert.vde.com
CVSS Score : 8.8

References :
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf | source : info@cert.vde.com
https://cert.vde.com/en/advisories/VDE-2023-031/ | source : info@cert.vde.com

Vulnerability : CWE-269


Source : proofpoint.com

Vulnerability ID : CVE-2023-4828

First published on : 13-09-2023 16:15:11
Last modified on : 13-09-2023 16:34:14

Description :
An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected.

CVE ID : CVE-2023-4828
Source : security@proofpoint.com
CVSS Score : 8.8

References :
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008 | source : security@proofpoint.com

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-4801

First published on : 13-09-2023 16:15:10
Last modified on : 13-09-2023 16:34:14

Description :
An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.

CVE ID : CVE-2023-4801
Source : security@proofpoint.com
CVSS Score : 7.5

References :
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006 | source : security@proofpoint.com

Vulnerability : CWE-295


Source : fortinet.com

Vulnerability ID : CVE-2023-29183

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

CVE ID : CVE-2023-29183
Source : psirt@fortinet.com
CVSS Score : 8.0

References :
https://fortiguard.com/psirt/FG-IR-23-106 | source : psirt@fortinet.com


Vulnerability ID : CVE-2022-35849

First published on : 13-09-2023 13:15:07
Last modified on : 13-09-2023 13:57:45

Description :
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CVE ID : CVE-2022-35849
Source : psirt@fortinet.com
CVSS Score : 7.8

References :
https://fortiguard.com/psirt/FG-IR-22-310 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-34984

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVE ID : CVE-2023-34984
Source : psirt@fortinet.com
CVSS Score : 7.5

References :
https://fortiguard.com/psirt/FG-IR-23-068 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-36634

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

CVE ID : CVE-2023-36634
Source : psirt@fortinet.com
CVSS Score : 7.1

References :
https://fortiguard.com/psirt/FG-IR-23-123 | source : psirt@fortinet.com


Source : adobe.com

Vulnerability ID : CVE-2023-26369

First published on : 13-09-2023 09:15:13
Last modified on : 13-09-2023 12:55:59

Description :
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-26369
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html | source : psirt@adobe.com

Vulnerability : CWE-787


Source : nlnetlabs.nl

Vulnerability ID : CVE-2023-39914

First published on : 13-09-2023 15:15:07
Last modified on : 13-09-2023 16:34:14

Description :
NLnet Labsโ€™ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

CVE ID : CVE-2023-39914
Source : sep@nlnetlabs.nl
CVSS Score : 7.5

References :
https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt | source : sep@nlnetlabs.nl

Vulnerability : CWE-228


Vulnerability ID : CVE-2023-39915

First published on : 13-09-2023 15:15:07
Last modified on : 13-09-2023 16:34:14

Description :
NLnet Labsโ€™ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

CVE ID : CVE-2023-39915
Source : sep@nlnetlabs.nl
CVSS Score : 7.5

References :
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt | source : sep@nlnetlabs.nl

Vulnerability : CWE-228


Source : redhat.com

Vulnerability ID : CVE-2023-2680

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

CVE ID : CVE-2023-2680
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-2680 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | source : secalert@redhat.com


Source : google.com

Vulnerability ID : CVE-2023-4785

First published on : 13-09-2023 17:15:10
Last modified on : 13-09-2023 17:27:35

Description :
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

CVE ID : CVE-2023-4785
Source : cve-coordination@google.com
CVSS Score : 7.5

References :
https://github.com/grpc/grpc/pull/33656 | source : cve-coordination@google.com
https://github.com/grpc/grpc/pull/33667 | source : cve-coordination@google.com
https://github.com/grpc/grpc/pull/33669 | source : cve-coordination@google.com
https://github.com/grpc/grpc/pull/33670 | source : cve-coordination@google.com
https://github.com/grpc/grpc/pull/33672 | source : cve-coordination@google.com

Vulnerability : CWE-248


Source : huntr.dev

Vulnerability ID : CVE-2023-4928

First published on : 13-09-2023 01:15:07
Last modified on : 13-09-2023 12:55:59

Description :
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE ID : CVE-2023-4928
Source : security@huntr.dev
CVSS Score : 7.2

References :
https://github.com/instantsoft/icms2/commit/3a6b148fa2c943ee7647e0cd14bf68e026b15548 | source : security@huntr.dev
https://huntr.dev/bounties/cb72cc17-5a0d-4392-9a5f-a13aa773de9e | source : security@huntr.dev

Vulnerability : CWE-89


(29) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : fortinet.com

Vulnerability ID : CVE-2023-36642

First published on : 13-09-2023 13:15:09
Last modified on : 13-09-2023 13:57:45

Description :
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CVE ID : CVE-2023-36642
Source : psirt@fortinet.com
CVSS Score : 6.7

References :
https://fortiguard.com/psirt/FG-IR-22-501 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-25608

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

CVE ID : CVE-2023-25608
Source : psirt@fortinet.com
CVSS Score : 5.5

References :
https://fortiguard.com/psirt/FG-IR-22-120 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-40715

First published on : 13-09-2023 13:15:09
Last modified on : 13-09-2023 13:57:45

Description :
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.

CVE ID : CVE-2023-40715
Source : psirt@fortinet.com
CVSS Score : 5.5

References :
https://fortiguard.com/psirt/FG-IR-22-465 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-27998

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

CVE ID : CVE-2023-27998
Source : psirt@fortinet.com
CVSS Score : 5.3

References :
https://fortiguard.com/psirt/FG-IR-22-288 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-40717

First published on : 13-09-2023 13:15:09
Last modified on : 13-09-2023 13:57:45

Description :
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.

CVE ID : CVE-2023-40717
Source : psirt@fortinet.com
CVSS Score : 5.3

References :
https://fortiguard.com/psirt/FG-IR-22-245 | source : psirt@fortinet.com


Vulnerability ID : CVE-2021-44172

First published on : 13-09-2023 13:15:07
Last modified on : 13-09-2023 13:57:45

Description :
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

CVE ID : CVE-2021-44172
Source : psirt@fortinet.com
CVSS Score : 4.3

References :
https://fortiguard.com/psirt/FG-IR-21-244 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-36551

First published on : 13-09-2023 13:15:08
Last modified on : 13-09-2023 13:57:45

Description :
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.

CVE ID : CVE-2023-36551
Source : psirt@fortinet.com
CVSS Score : 4.3

References :
https://fortiguard.com/psirt/FG-IR-23-126 | source : psirt@fortinet.com


Vulnerability ID : CVE-2023-36638

First published on : 13-09-2023 13:15:09
Last modified on : 13-09-2023 13:57:45

Description :
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.

CVE ID : CVE-2023-36638
Source : psirt@fortinet.com
CVSS Score : 4.3

References :
https://fortiguard.com/psirt/FG-IR-22-522 | source : psirt@fortinet.com


Source : cisco.com

Vulnerability ID : CVE-2023-20236

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

CVE ID : CVE-2023-20236
Source : ykramarz@cisco.com
CVSS Score : 6.7

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20190

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .

CVE ID : CVE-2023-20190
Source : ykramarz@cisco.com
CVSS Score : 5.8

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3 | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20191

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .

CVE ID : CVE-2023-20191
Source : ykramarz@cisco.com
CVSS Score : 5.8

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20135

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.

CVE ID : CVE-2023-20135
Source : ykramarz@cisco.com
CVSS Score : 5.7

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5 | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20233

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.

CVE ID : CVE-2023-20233
Source : ykramarz@cisco.com
CVSS Score : 4.3

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt | source : ykramarz@cisco.com


Source : redhat.com

Vulnerability ID : CVE-2023-3255

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

CVE ID : CVE-2023-3255
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-3255 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2218486 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-3301

First published on : 13-09-2023 17:15:10
Last modified on : 13-09-2023 17:27:35

Description :
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

CVE ID : CVE-2023-3301
Source : secalert@redhat.com
CVSS Score : 5.6

References :
https://access.redhat.com/security/cve/CVE-2023-3301 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2215784 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4155

First published on : 13-09-2023 17:15:10
Last modified on : 13-09-2023 17:27:35

Description :
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).

CVE ID : CVE-2023-4155
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2023-4155 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2213802 | source : secalert@redhat.com


Source : tenable.com

Vulnerability ID : CVE-2023-4568

First published on : 13-09-2023 21:15:07
Last modified on : 13-09-2023 21:15:07

Description :
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

CVE ID : CVE-2023-4568
Source : vulnreport@tenable.com
CVSS Score : 6.5

References :
https://www.tenable.com/security/research/tra-2023-31 | source : vulnreport@tenable.com

Vulnerability : CWE-287


Source : trellix.com

Vulnerability ID : CVE-2023-4400

First published on : 13-09-2023 07:15:08
Last modified on : 13-09-2023 12:55:59

Description :
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.

CVE ID : CVE-2023-4400
Source : trellixpsirt@trellix.com
CVSS Score : 6.2

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10406 | source : trellixpsirt@trellix.com

Vulnerability : CWE-256


Source : adobe.com

Vulnerability ID : CVE-2023-29305

First published on : 13-09-2023 09:15:15
Last modified on : 13-09-2023 12:55:59

Description :
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-29305
Source : psirt@adobe.com
CVSS Score : 6.1

References :
https://helpx.adobe.com/security/products/connect/apsb23-33.html | source : psirt@adobe.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-29306

First published on : 13-09-2023 09:15:15
Last modified on : 13-09-2023 12:55:59

Description :
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-29306
Source : psirt@adobe.com
CVSS Score : 6.1

References :
https://helpx.adobe.com/security/products/connect/apsb23-33.html | source : psirt@adobe.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-38214

First published on : 13-09-2023 14:15:08
Last modified on : 13-09-2023 16:34:14

Description :
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-38214
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html | source : psirt@adobe.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-38215

First published on : 13-09-2023 14:15:09
Last modified on : 13-09-2023 16:34:14

Description :
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-38215
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html | source : psirt@adobe.com

Vulnerability : CWE-79


Source : proofpoint.com

Vulnerability ID : CVE-2023-4802

First published on : 13-09-2023 16:15:11
Last modified on : 13-09-2023 16:34:14

Description :
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.

CVE ID : CVE-2023-4802
Source : security@proofpoint.com
CVSS Score : 5.9

References :
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 | source : security@proofpoint.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4803

First published on : 13-09-2023 16:15:11
Last modified on : 13-09-2023 16:34:14

Description :
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.

CVE ID : CVE-2023-4803
Source : security@proofpoint.com
CVSS Score : 5.9

References :
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 | source : security@proofpoint.com

Vulnerability : CWE-79


Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-3280

First published on : 13-09-2023 17:15:09
Last modified on : 13-09-2023 17:27:35

Description :
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

CVE ID : CVE-2023-3280
Source : psirt@paloaltonetworks.com
CVSS Score : 5.5

References :
https://security.paloaltonetworks.com/CVE-2023-3280 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-755


Source : 3ds.com

Vulnerability ID : CVE-2023-3588

First published on : 13-09-2023 19:15:07
Last modified on : 13-09-2023 19:15:07

Description :
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.

CVE ID : CVE-2023-3588
Source : 3DS.Information-Security@3ds.com
CVSS Score : 5.4

References :
https://www.3ds.com/vulnerability/advisories | source : 3DS.Information-Security@3ds.com

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-4915

First published on : 13-09-2023 03:15:09
Last modified on : 13-09-2023 12:55:59

Description :
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.

CVE ID : CVE-2023-4915
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/wp-user-control/tags/1.5.3/inc/WPUserControlWidget.php#L893 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41?source=cve | source : security@wordfence.com

Vulnerability : CWE-620


Vulnerability ID : CVE-2023-4917

First published on : 13-09-2023 03:15:09
Last modified on : 13-09-2023 12:55:59

Description :
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.

CVE ID : CVE-2023-4917
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/leyka/tags/3.30.3/inc/leyka-ajax.php#L393 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dcd24b90-94ff-4625-8e3e-9c90e38683f9?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Source : arm.com

Vulnerability ID : CVE-2023-4039

First published on : 13-09-2023 09:15:15
Last modified on : 13-09-2023 12:55:59

Description :
A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity.

CVE ID : CVE-2023-4039
Source : arm-security@arm.com
CVSS Score : 4.8

References :
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64 | source : arm-security@arm.com
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf | source : arm-security@arm.com

Vulnerability : CWE-693


(0) LOW VULNERABILITIES [0.1, 3.9]

(4) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : apache.org

Vulnerability ID : CVE-2023-41081

First published on : 13-09-2023 10:15:07
Last modified on : 13-09-2023 12:55:59

Description :
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue.

CVE ID : CVE-2023-41081
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/13/2 | source : security@apache.org
https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b | source : security@apache.org


Source : mitre.org

Vulnerability ID : CVE-2023-42469

First published on : 13-09-2023 19:15:08
Last modified on : 13-09-2023 19:15:08

Description :
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.

CVE ID : CVE-2023-42469
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.full.dialer.top.secure.encrypted | source : cve@mitre.org
https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/dial.gif | source : cve@mitre.org
https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/poc.apk | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-42469 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40850

First published on : 13-09-2023 20:15:07
Last modified on : 13-09-2023 20:15:07

Description :
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.

CVE ID : CVE-2023-40850
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/flyyue2001/cve/blob/main/NS-ASG-bak-leakage.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-42468

First published on : 13-09-2023 20:15:08
Last modified on : 13-09-2023 20:15:08

Description :
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.

CVE ID : CVE-2023-42468
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md | source : cve@mitre.org
https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif | source : cve@mitre.org
https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-42468 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.