Latest vulnerabilities of Wednesday, September 20, 2023

Latest vulnerabilities of Wednesday, September 20, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/20/2023 at 11:58:02 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : google.com

Vulnerability ID : CVE-2023-2163

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

CVE ID : CVE-2023-2163
Source : cve-coordination@google.com
CVSS Score : 10.0

References :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed | source : cve-coordination@google.com

Vulnerability : CWE-682


Source : rockwellautomation.com

Vulnerability ID : CVE-2023-2262

First published on : 20-09-2023 16:15:12
Last modified on : 20-09-2023 17:15:19

Description :
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

CVE ID : CVE-2023-2262
Source : PSIRT@rockwellautomation.com
CVSS Score : 9.8

References :
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140786 | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-121


Source : tenable.com

Vulnerability ID : CVE-2023-5074

First published on : 20-09-2023 16:15:12
Last modified on : 20-09-2023 17:15:19

Description :
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

CVE ID : CVE-2023-5074
Source : vulnreport@tenable.com
CVSS Score : 9.8

References :
https://www.tenable.com/security/research/tra-2023-32 | source : vulnreport@tenable.com

Vulnerability : CWE-798


Source : yd.MitsubishiElectric.co.jp

Vulnerability ID : CVE-2023-4088

First published on : 20-09-2023 03:15:13
Last modified on : 20-09-2023 10:49:13

Description :
Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products.

CVE ID : CVE-2023-4088
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CVSS Score : 9.3

References :
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-010_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnerability : CWE-276


(25) HIGH VULNERABILITIES [7.0, 8.9]

Source : nvidia.com

Vulnerability ID : CVE-2023-25528

First published on : 20-09-2023 01:15:53
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-25528
Source : psirt@nvidia.com
CVSS Score : 8.8

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-25533

First published on : 20-09-2023 01:15:54
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.

CVE ID : CVE-2023-25533
Source : psirt@nvidia.com
CVSS Score : 8.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31009

First published on : 20-09-2023 01:15:55
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE ID : CVE-2023-31009
Source : psirt@nvidia.com
CVSS Score : 8.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-25529

First published on : 20-09-2023 01:15:53
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

CVE ID : CVE-2023-25529
Source : psirt@nvidia.com
CVSS Score : 8.0

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-208


Vulnerability ID : CVE-2023-25530

First published on : 20-09-2023 01:15:53
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE ID : CVE-2023-25530
Source : psirt@nvidia.com
CVSS Score : 8.0

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-25527

First published on : 20-09-2023 01:15:52
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVE ID : CVE-2023-25527
Source : psirt@nvidia.com
CVSS Score : 7.8

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-25531

First published on : 20-09-2023 01:15:54
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.

CVE ID : CVE-2023-25531
Source : psirt@nvidia.com
CVSS Score : 7.6

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-522


Vulnerability ID : CVE-2023-25525

First published on : 20-09-2023 01:15:51
Last modified on : 20-09-2023 10:49:21

Description :
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.

CVE ID : CVE-2023-25525
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5480 | source : psirt@nvidia.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-31008

First published on : 20-09-2023 01:15:55
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.

CVE ID : CVE-2023-31008
Source : psirt@nvidia.com
CVSS Score : 7.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Source : incibe.es

Vulnerability ID : CVE-2023-0829

First published on : 20-09-2023 13:15:11
Last modified on : 20-09-2023 14:13:22

Description :
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

CVE ID : CVE-2023-0829
Source : cve-coordination@incibe.es
CVSS Score : 8.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-47562

First published on : 20-09-2023 08:15:15
Last modified on : 20-09-2023 10:48:49

Description :
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

CVE ID : CVE-2022-47562
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-770


Vulnerability ID : CVE-2022-47561

First published on : 20-09-2023 08:15:15
Last modified on : 20-09-2023 10:48:49

Description :
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.

CVE ID : CVE-2022-47561
Source : cve-coordination@incibe.es
CVSS Score : 7.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-256


Source : tenable.com

Vulnerability ID : CVE-2023-43478

First published on : 20-09-2023 14:15:15
Last modified on : 20-09-2023 14:25:39

Description :
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.

CVE ID : CVE-2023-43478
Source : vulnreport@tenable.com
CVSS Score : 8.8

References :
https://www.tenable.com/security/research/tra-2023-19 | source : vulnreport@tenable.com


Source : asrg.io

Vulnerability ID : CVE-2023-43630

First published on : 20-09-2023 15:15:11
Last modified on : 20-09-2023 15:21:11

Description :
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This issue was somewhat mitigated due to all of the PCR extend functions updating both the values of SHA256 and SHA1 for a given PCR ID. However, due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault” key, changes to the config partition would still not be measured. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

CVE ID : CVE-2023-43630
Source : cve@asrg.io
CVSS Score : 8.8

References :
https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts/ | source : cve@asrg.io

Vulnerability : CWE-328
Vulnerability : CWE-522
Vulnerability : CWE-922


Vulnerability ID : CVE-2023-43635

First published on : 20-09-2023 15:15:11
Last modified on : 20-09-2023 15:21:11

Description :
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the TPM which is used to encrypt/decrypt the “vault” directory. This “vault” directory is the most sensitive point in the system and as such, its content should be protected. This mechanism is noted in Zededa’s documentation as the “measured boot” mechanism, designed to protect said “vault”. The code that’s responsible for generating and fetching the key from the TPM assumes that SHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being checked. The issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs. This leads to several issues: • Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well as not sealing their keys at all, meaning the “vault” is not protected from an attacker. • SHA1 is considered insecure and reduces the complexity level required to unseal the key in machines which have their SHA1 PCRs enabled. An attacker can very easily retrieve the contents of the “vault”, which will effectively render the “measured boot” mechanism meaningless.

CVE ID : CVE-2023-43635
Source : cve@asrg.io
CVSS Score : 8.8

References :
https://asrg.io/security-advisories/vault-key-sealed-with-sha1-pcrs/ | source : cve@asrg.io

Vulnerability : CWE-328
Vulnerability : CWE-522


Vulnerability ID : CVE-2023-43636

First published on : 20-09-2023 15:15:12
Last modified on : 20-09-2023 15:21:11

Description :
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This includes, among other things, the configuration of the bios, grub, the kernel cmdline, initrd, and more. However, this mechanism does not validate the entire rootfs, so an attacker can edit the filesystem and gain control over the system. As the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4, which is easily changeable. This will not stop an attacker, as an attacker can repackage the squashfs with their changes in it and replace the partition altogether. This can also be done directly on the device, as the “003-storage-init” container contains the “mksquashfs” and “unsquashfs” binaries (with the corresponding libs). An attacker can gain full control over the device without changing the PCR values, thus not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.

CVE ID : CVE-2023-43636
Source : cve@asrg.io
CVSS Score : 8.8

References :
https://asrg.io/security-advisories/19274/ | source : cve@asrg.io

Vulnerability : CWE-345


Source : progress.com

Vulnerability ID : CVE-2023-42660

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 17:15:19

Description :
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.

CVE ID : CVE-2023-42660
Source : security@progress.com
CVSS Score : 8.8

References :
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 | source : security@progress.com
https://www.progress.com/moveit | source : security@progress.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-40043

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 17:15:19

Description :
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.

CVE ID : CVE-2023-40043
Source : security@progress.com
CVSS Score : 7.2

References :
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 | source : security@progress.com
https://www.progress.com/moveit | source : security@progress.com

Vulnerability : CWE-89


Source : redhat.com

Vulnerability ID : CVE-2022-3596

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

CVE ID : CVE-2022-3596
Source : secalert@redhat.com
CVSS Score : 8.6

References :
https://access.redhat.com/errata/RHSA-2022:8897 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3596 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2136596 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4853

First published on : 20-09-2023 10:15:14
Last modified on : 20-09-2023 10:48:49

Description :
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CVE ID : CVE-2023-4853
Source : secalert@redhat.com
CVSS Score : 8.1

References :
https://access.redhat.com/errata/RHSA-2023:5170 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:5310 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-4853 | source : secalert@redhat.com
https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2238034 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-0118

First published on : 20-09-2023 14:15:12
Last modified on : 20-09-2023 14:25:39

Description :
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

CVE ID : CVE-2023-0118
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/errata/RHSA-2023:4466 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-0118 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2159291 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-0462

First published on : 20-09-2023 14:15:12
Last modified on : 20-09-2023 14:25:39

Description :
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

CVE ID : CVE-2023-0462
Source : secalert@redhat.com
CVSS Score : 8.0

References :
https://access.redhat.com/security/cve/CVE-2023-0462 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2162970 | source : secalert@redhat.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-37410

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.

CVE ID : CVE-2023-37410
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260138 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031707 | source : psirt@us.ibm.com


Source : isc.org

Vulnerability ID : CVE-2023-3341

First published on : 20-09-2023 13:15:11
Last modified on : 20-09-2023 15:15:11

Description :
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

CVE ID : CVE-2023-3341
Source : security-officer@isc.org
CVSS Score : 7.5

References :
http://www.openwall.com/lists/oss-security/2023/09/20/2 | source : security-officer@isc.org
https://kb.isc.org/docs/cve-2023-3341 | source : security-officer@isc.org


Vulnerability ID : CVE-2023-4236

First published on : 20-09-2023 13:15:12
Last modified on : 20-09-2023 15:15:12

Description :
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

CVE ID : CVE-2023-4236
Source : security-officer@isc.org
CVSS Score : 7.5

References :
http://www.openwall.com/lists/oss-security/2023/09/20/2 | source : security-officer@isc.org
https://kb.isc.org/docs/cve-2023-4236 | source : security-officer@isc.org


(23) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : nvidia.com

Vulnerability ID : CVE-2023-31010

First published on : 20-09-2023 02:15:18
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.

CVE ID : CVE-2023-31010
Source : psirt@nvidia.com
CVSS Score : 6.8

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31015

First published on : 20-09-2023 02:15:21
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.

CVE ID : CVE-2023-31015
Source : psirt@nvidia.com
CVSS Score : 6.6

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-25526

First published on : 20-09-2023 01:15:52
Last modified on : 20-09-2023 10:49:21

Description :
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.

CVE ID : CVE-2023-25526
Source : psirt@nvidia.com
CVSS Score : 6.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5480 | source : psirt@nvidia.com

Vulnerability : CWE-248


Vulnerability ID : CVE-2023-25532

First published on : 20-09-2023 01:15:54
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.

CVE ID : CVE-2023-25532
Source : psirt@nvidia.com
CVSS Score : 6.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-522


Vulnerability ID : CVE-2023-31012

First published on : 20-09-2023 02:15:19
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVE ID : CVE-2023-31012
Source : psirt@nvidia.com
CVSS Score : 6.1

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31013

First published on : 20-09-2023 02:15:20
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVE ID : CVE-2023-31013
Source : psirt@nvidia.com
CVSS Score : 6.1

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-25534

First published on : 20-09-2023 01:15:55
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVE ID : CVE-2023-25534
Source : psirt@nvidia.com
CVSS Score : 5.7

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31011

First published on : 20-09-2023 02:15:19
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVE ID : CVE-2023-31011
Source : psirt@nvidia.com
CVSS Score : 5.2

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | source : psirt@nvidia.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31014

First published on : 20-09-2023 02:15:20
Last modified on : 20-09-2023 10:49:13

Description :
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.

CVE ID : CVE-2023-31014
Source : psirt@nvidia.com
CVSS Score : 4.2

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5476 | source : psirt@nvidia.com

Vulnerability : CWE-927


Source : tenable.com

Vulnerability ID : CVE-2023-43477

First published on : 20-09-2023 13:15:12
Last modified on : 20-09-2023 14:13:22

Description :
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.

CVE ID : CVE-2023-43477
Source : vulnreport@tenable.com
CVSS Score : 6.8

References :
https://www.tenable.com/security/research/tra-2023-19 | source : vulnreport@tenable.com

Vulnerability : CWE-77


Source : redhat.com

Vulnerability ID : CVE-2022-3916

First published on : 20-09-2023 15:15:11
Last modified on : 20-09-2023 15:21:11

Description :
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

CVE ID : CVE-2022-3916
Source : secalert@redhat.com
CVSS Score : 6.8

References :
https://access.redhat.com/errata/RHSA-2022:8961 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2022:8962 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2022:8963 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2022:8964 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2022:8965 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1043 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1044 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1045 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1047 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1049 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3916 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2141404 | source : secalert@redhat.com


Vulnerability ID : CVE-2022-1438

First published on : 20-09-2023 14:15:12
Last modified on : 20-09-2023 14:25:39

Description :
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

CVE ID : CVE-2022-1438
Source : secalert@redhat.com
CVSS Score : 6.4

References :
https://access.redhat.com/errata/RHSA-2023:1043 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1044 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1045 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1047 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:1049 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-1438 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2031904 | source : secalert@redhat.com


Source : incibe.es

Vulnerability ID : CVE-2022-45447

First published on : 20-09-2023 10:15:11
Last modified on : 20-09-2023 10:48:49

Description :
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.

CVE ID : CVE-2022-45447
Source : cve-coordination@incibe.es
CVSS Score : 6.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites | source : cve-coordination@incibe.es

Vulnerability : CWE-22


Vulnerability ID : CVE-2022-47560

First published on : 20-09-2023 08:15:10
Last modified on : 20-09-2023 10:48:49

Description :
** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.

CVE ID : CVE-2022-47560
Source : cve-coordination@incibe.es
CVSS Score : 5.7

References :
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products | source : cve-coordination@incibe.es

Vulnerability : CWE-319


Source : progress.com

Vulnerability ID : CVE-2023-42656

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 17:15:19

Description :
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

CVE ID : CVE-2023-42656
Source : security@progress.com
CVSS Score : 6.1

References :
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 | source : security@progress.com
https://www.progress.com/moveit | source : security@progress.com

Vulnerability : CWE-79


Source : mitre.org

Vulnerability ID : CVE-2023-43616

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 15:17:16

Description :
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.

CVE ID : CVE-2023-43616
Source : cve@mitre.org
CVSS Score : 5.5

References :
https://github.com/schollz/croc/issues/594 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org

Vulnerability : CWE-22

Vulnerable product(s) : cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*
Vulnerable version(s) : 9.6.5


Source : acronis.com

Vulnerability ID : CVE-2023-5042

First published on : 20-09-2023 12:15:12
Last modified on : 20-09-2023 12:54:08

Description :
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.

CVE ID : CVE-2023-5042
Source : security@acronis.com
CVSS Score : 5.5

References :
https://security-advisory.acronis.com/advisories/SEC-5330 | source : security@acronis.com

Vulnerability : CWE-276


Source : oracle.com

Vulnerability ID : CVE-2023-22024

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE ID : CVE-2023-22024
Source : secalert_us@oracle.com
CVSS Score : 5.5

References :
https://linux.oracle.com/cve/CVE-2023-22024.html | source : secalert_us@oracle.com


Source : wordfence.com

Vulnerability ID : CVE-2023-5062

First published on : 20-09-2023 03:15:14
Last modified on : 20-09-2023 15:23:45

Description :
The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5062
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L223 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L229 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2de2d2c5-1373-45b6-93a0-575713226669?source=cve | source : security@wordfence.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:wpartisan:wordpress_charts:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 0.7.0


Vulnerability ID : CVE-2023-5063

First published on : 20-09-2023 03:15:14
Last modified on : 20-09-2023 15:36:50

Description :
The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5063
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/youtube-widget-responsive/trunk/youtube-widget-responsive.php?rev=2905626#L246 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2968766/youtube-widget-responsive#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:stefanoai:widget_responsive_for_youtube:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 1.6.1


Source : snyk.io

Vulnerability ID : CVE-2023-26144

First published on : 20-09-2023 05:15:39
Last modified on : 20-09-2023 10:48:49

Description :
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.

CVE ID : CVE-2023-26144
Source : report@snyk.io
CVSS Score : 5.3

References :
https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 | source : report@snyk.io
https://github.com/graphql/graphql-js/issues/3955 | source : report@snyk.io
https://github.com/graphql/graphql-js/pull/3972 | source : report@snyk.io
https://github.com/graphql/graphql-js/releases/tag/v16.8.1 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 | source : report@snyk.io


Source : fluidattacks.com

Vulnerability ID : CVE-2023-2508

First published on : 20-09-2023 16:15:12
Last modified on : 20-09-2023 17:15:19

Description :
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.

CVE ID : CVE-2023-2508
Source : help@fluidattacks.com
CVSS Score : 5.3

References :
https://fluidattacks.com/advisories/solveig/ | source : help@fluidattacks.com
https://www.papercut.com/help/manuals/mobility-print/release-history/#mobility-print-server | source : help@fluidattacks.com

Vulnerability : CWE-352


Source : us.ibm.com

Vulnerability ID : CVE-2023-40368

First published on : 20-09-2023 19:15:11
Last modified on : 20-09-2023 20:18:37

Description :
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.

CVE ID : CVE-2023-40368
Source : psirt@us.ibm.com
CVSS Score : 4.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263456 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7034288 | source : psirt@us.ibm.com

Vulnerability : CWE-200


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : huntr.dev

Vulnerability ID : CVE-2023-5084

First published on : 20-09-2023 10:15:15
Last modified on : 20-09-2023 10:48:49

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.

CVE ID : CVE-2023-5084
Source : security@huntr.dev
CVSS Score : 3.9

References :
https://github.com/hestiacp/hestiacp/commit/5131f5a966759df77477fdf7f29daa2bda93b1ff | source : security@huntr.dev
https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45 | source : security@huntr.dev

Vulnerability : CWE-79


Source : suse.de

Vulnerability ID : CVE-2023-22644

First published on : 20-09-2023 09:15:12
Last modified on : 20-09-2023 10:48:49

Description :
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.

CVE ID : CVE-2023-22644
Source : meissner@suse.de
CVSS Score : 3.8

References :
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644 | source : meissner@suse.de

Vulnerability : CWE-532


Source : us.ibm.com

Vulnerability ID : CVE-2023-38718

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

CVE ID : CVE-2023-38718
Source : psirt@us.ibm.com
CVSS Score : 3.7

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/261606 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031619 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Source : incibe.es

Vulnerability ID : CVE-2022-45448

First published on : 20-09-2023 13:15:11
Last modified on : 20-09-2023 14:13:22

Description :
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.

CVE ID : CVE-2022-45448
Source : cve-coordination@incibe.es
CVSS Score : 3.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : vmware.com

Vulnerability ID : CVE-2023-34047

First published on : 20-09-2023 10:15:14
Last modified on : 20-09-2023 10:48:49

Description :
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

CVE ID : CVE-2023-34047
Source : security@vmware.com
CVSS Score : 3.1

References :
https://spring.io/security/cve-2023-34047 | source : security@vmware.com


(64) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2020-24089

First published on : 20-09-2023 00:15:09
Last modified on : 20-09-2023 10:49:21

Description :
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).

CVE ID : CVE-2020-24089
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rjt-gupta/CVE-2020-24089 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36319

First published on : 20-09-2023 00:15:10
Last modified on : 20-09-2023 10:49:21

Description :
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.

CVE ID : CVE-2023-36319
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Lowalu/CVE-2023-36319 | source : cve@mitre.org
https://openupload.sourceforge.net/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-39575

First published on : 20-09-2023 00:15:11
Last modified on : 20-09-2023 10:49:21

Description :
A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2023-39575
Source : cve@mitre.org
CVSS Score : /

References :
https://evait.medium.com/discovery-of-a-reflective-xss-vulnerability-in-arp-guard-software-1734b5113e1c | source : cve@mitre.org


Vulnerability ID : CVE-2023-38886

First published on : 20-09-2023 01:15:56
Last modified on : 20-09-2023 10:49:13

Description :
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.

CVE ID : CVE-2023-38886
Source : cve@mitre.org
CVSS Score : /

References :
http://dolibarr.com | source : cve@mitre.org
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-38887

First published on : 20-09-2023 01:15:56
Last modified on : 20-09-2023 10:49:13

Description :
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.

CVE ID : CVE-2023-38887
Source : cve@mitre.org
CVSS Score : /

References :
http://dolibarr.com | source : cve@mitre.org
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-38888

First published on : 20-09-2023 01:15:56
Last modified on : 20-09-2023 10:49:13

Description :
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

CVE ID : CVE-2023-38888
Source : cve@mitre.org
CVSS Score : /

References :
http://dolibarr.com | source : cve@mitre.org
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-43617

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.

CVE ID : CVE-2023-43617
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/schollz/croc/issues/596 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43618

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.

CVE ID : CVE-2023-43618
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/schollz/croc/issues/597 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43619

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.

CVE ID : CVE-2023-43619
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/schollz/croc/issues/593 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43620

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.

CVE ID : CVE-2023-43620
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/schollz/croc/issues/595 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43621

First published on : 20-09-2023 06:15:10
Last modified on : 20-09-2023 10:48:49

Description :
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.

CVE ID : CVE-2023-43621
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/schollz/croc/issues/598 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/09/08/2 | source : cve@mitre.org


Vulnerability ID : CVE-2019-19450

First published on : 20-09-2023 14:15:12
Last modified on : 20-09-2023 14:25:39

Description :
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

CVE ID : CVE-2019-19450
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md | source : cve@mitre.org
https://pastebin.com/5MicRrr4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41902

First published on : 20-09-2023 14:15:13
Last modified on : 20-09-2023 14:25:39

Description :
An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.

CVE ID : CVE-2023-41902
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057 | source : cve@mitre.org
https://www.corecode.io/macupdater/history2.html | source : cve@mitre.org
https://www.corecode.io/macupdater/history3.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43196

First published on : 20-09-2023 14:15:13
Last modified on : 20-09-2023 14:25:39

Description :
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.

CVE ID : CVE-2023-43196
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43197

First published on : 20-09-2023 14:15:13
Last modified on : 20-09-2023 14:25:39

Description :
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.

CVE ID : CVE-2023-43197
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43198

First published on : 20-09-2023 14:15:13
Last modified on : 20-09-2023 14:25:39

Description :
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.

CVE ID : CVE-2023-43198
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43199

First published on : 20-09-2023 14:15:13
Last modified on : 20-09-2023 14:25:39

Description :
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.

CVE ID : CVE-2023-43199
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43200

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.

CVE ID : CVE-2023-43200
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43201

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.

CVE ID : CVE-2023-43201
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43202

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.

CVE ID : CVE-2023-43202
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43203

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.

CVE ID : CVE-2023-43203
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43204

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.

CVE ID : CVE-2023-43204
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43206

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

CVE ID : CVE-2023-43206
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43207

First published on : 20-09-2023 14:15:14
Last modified on : 20-09-2023 14:25:39

Description :
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.

CVE ID : CVE-2023-43207
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-42464

First published on : 20-09-2023 15:15:11
Last modified on : 20-09-2023 15:21:11

Description :
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

CVE ID : CVE-2023-42464
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Netatalk/netatalk/issues/486 | source : cve@mitre.org
https://netatalk.sourceforge.io/ | source : cve@mitre.org
https://netatalk.sourceforge.io/2.0/htmldocs/afpd.8.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-39044

First published on : 20-09-2023 18:15:12
Last modified on : 20-09-2023 18:27:45

Description :
An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39044
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-40618

First published on : 20-09-2023 18:15:12
Last modified on : 20-09-2023 18:27:45

Description :
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.

CVE ID : CVE-2023-40618
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618 | source : cve@mitre.org


Vulnerability ID : CVE-2023-40619

First published on : 20-09-2023 18:15:12
Last modified on : 20-09-2023 18:27:45

Description :
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

CVE ID : CVE-2023-40619
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39041

First published on : 20-09-2023 19:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39041
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39041.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43371

First published on : 20-09-2023 19:15:11
Last modified on : 20-09-2023 20:18:37

Description :
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.

CVE ID : CVE-2023-43371
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43373

First published on : 20-09-2023 19:15:12
Last modified on : 20-09-2023 20:18:37

Description :
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.

CVE ID : CVE-2023-43373
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43374

First published on : 20-09-2023 19:15:12
Last modified on : 20-09-2023 20:18:37

Description :
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.

CVE ID : CVE-2023-43374
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43375

First published on : 20-09-2023 19:15:12
Last modified on : 20-09-2023 20:18:37

Description :
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.

CVE ID : CVE-2023-43375
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43376

First published on : 20-09-2023 19:15:12
Last modified on : 20-09-2023 20:18:37

Description :
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

CVE ID : CVE-2023-43376
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43377

First published on : 20-09-2023 19:15:12
Last modified on : 20-09-2023 20:18:37

Description :
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

CVE ID : CVE-2023-43377
Source : cve@mitre.org
CVSS Score : /

References :
https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39045

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39045
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39045.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39052

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE ID : CVE-2023-39052
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39052.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-40930

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
Skyworth 3.0 OS is vulnerable to Directory Traversal.

CVE ID : CVE-2023-40930
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/NSnidie/2af70d58426c4563b2f11171379fdd8c | source : cve@mitre.org


Vulnerability ID : CVE-2023-41484

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.

CVE ID : CVE-2023-41484
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/eddieantonio/imgcat/issues/49 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42147

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.

CVE ID : CVE-2023-42147
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cnblogs.com/xyhz/p/17667095.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-42331

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

CVE ID : CVE-2023-42331
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Num-Nine/CVE/issues/2 | source : cve@mitre.org
https://github.com/Num-Nine/CVE/issues/4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42334

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

CVE ID : CVE-2023-42334
Source : cve@mitre.org
CVSS Score : /

References :
https://0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42335

First published on : 20-09-2023 20:15:11
Last modified on : 20-09-2023 20:18:37

Description :
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.

CVE ID : CVE-2023-42335
Source : cve@mitre.org
CVSS Score : /

References :
https://0xhunter20.medium.com/how-i-found-unrestricted-file-upload-in-fl3xx-ios-app-cve-2023-42335-6b1a72da6d65 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43134

First published on : 20-09-2023 20:15:12
Last modified on : 20-09-2023 20:18:37

Description :
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVE ID : CVE-2023-43134
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43137

First published on : 20-09-2023 20:15:12
Last modified on : 20-09-2023 20:18:37

Description :
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

CVE ID : CVE-2023-43137
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43138

First published on : 20-09-2023 20:15:12
Last modified on : 20-09-2023 20:18:37

Description :
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

CVE ID : CVE-2023-43138
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-38875

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

CVE ID : CVE-2023-38875
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38875 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38876

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.

CVE ID : CVE-2023-38876
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38876 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39677

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

CVE ID : CVE-2023-39677
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ | source : cve@mitre.org
https://myprestamodules.com/ | source : cve@mitre.org
https://sorcery.ie | source : cve@mitre.org


Vulnerability ID : CVE-2023-42321

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

CVE ID : CVE-2023-42321
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc | source : cve@mitre.org
https://www.icmsdev.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-42322

First published on : 20-09-2023 21:15:11
Last modified on : 20-09-2023 21:15:11

Description :
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

CVE ID : CVE-2023-42322
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ChubbyZ/0ddb9772231d9a8c5b5345883abcb0a6 | source : cve@mitre.org
https://www.icmsdev.com/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-41374

First published on : 20-09-2023 09:15:16
Last modified on : 20-09-2023 10:48:49

Description :
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

CVE ID : CVE-2023-41374
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU95282683/index.html | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202309125391/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-41375

First published on : 20-09-2023 09:15:17
Last modified on : 20-09-2023 10:48:49

Description :
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

CVE ID : CVE-2023-41375
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU95282683/index.html | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202309125391/ | source : vultures@jpcert.or.jp


Source : googlegroups.com

Vulnerability ID : CVE-2023-43494

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

CVE ID : CVE-2023-43494
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43495

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.

CVE ID : CVE-2023-43495
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43496

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

CVE ID : CVE-2023-43496
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43497

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

CVE ID : CVE-2023-43497
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43498

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

CVE ID : CVE-2023-43498
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43499

First published on : 20-09-2023 17:15:11
Last modified on : 20-09-2023 18:15:12

Description :
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.

CVE ID : CVE-2023-43499
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43500

First published on : 20-09-2023 17:15:12
Last modified on : 20-09-2023 18:15:12

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

CVE ID : CVE-2023-43500
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43501

First published on : 20-09-2023 17:15:12
Last modified on : 20-09-2023 18:15:12

Description :
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

CVE ID : CVE-2023-43501
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-43502

First published on : 20-09-2023 17:15:12
Last modified on : 20-09-2023 18:15:13

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.

CVE ID : CVE-2023-43502
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/09/20/5 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239 | source : jenkinsci-cert@googlegroups.com


Source : amd.com

Vulnerability ID : CVE-2023-20594

First published on : 20-09-2023 18:15:12
Last modified on : 20-09-2023 18:27:45

Description :
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CVE ID : CVE-2023-20594
Source : psirt@amd.com
CVSS Score : /

References :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 | source : psirt@amd.com


Vulnerability ID : CVE-2023-20597

First published on : 20-09-2023 18:15:12
Last modified on : 20-09-2023 18:27:45

Description :
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CVE ID : CVE-2023-20597
Source : psirt@amd.com
CVSS Score : /

References :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 | source : psirt@amd.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.