Latest vulnerabilities [Saturday, January 20, 2024]

Latest vulnerabilities [Saturday, January 20, 2024]
{{titre}}

Last update performed on 01/20/2024 at 11:57:06 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : huntr.dev

Vulnerability ID : CVE-2024-0521

First published on : 20-01-2024 21:15:43
Last modified on : 20-01-2024 21:15:43

Description :
Code Injection in paddlepaddle/paddle

CVE ID : CVE-2024-0521
Source : security@huntr.dev
CVSS Score : 9.3

References :
https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 | source : security@huntr.dev

Vulnerability : CWE-94


(1) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-7063

First published on : 20-01-2024 09:15:07
Last modified on : 20-01-2024 09:15:07

Description :
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7063
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://wpforms.com/docs/how-to-view-recent-changes-to-the-wpforms-plugin-changelog/#1-8-5-4-2023-12-27 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve | source : security@wordfence.com


(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2024-0679

First published on : 20-01-2024 06:15:44
Last modified on : 20-01-2024 06:15:44

Description :
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

CVE ID : CVE-2024-0679
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 | source : security@wordfence.com
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0623

First published on : 20-01-2024 06:15:44
Last modified on : 20-01-2024 06:15:44

Description :
The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0623
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve | source : security@wordfence.com


(0) LOW VULNERABILITIES [0.1, 3.9]

(10) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2021-31314

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.

CVE ID : CVE-2021-31314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51892

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

CVE ID : CVE-2023-51892
Source : cve@mitre.org
CVSS Score : /

References :
http://e-cology.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51892.txt | source : cve@mitre.org
https://www.weaver.com.cn/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51926

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.

CVE ID : CVE-2023-51926
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51926.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51927

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.

CVE ID : CVE-2023-51927
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51927.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51928

First published on : 20-01-2024 01:15:08
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51928
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51928.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47024

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component.

CVE ID : CVE-2023-47024
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing | source : cve@mitre.org
https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51906

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.

CVE ID : CVE-2023-51906
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51906.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51924

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51924
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51924.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51925

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51925
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51925.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46447

First published on : 20-01-2024 05:15:08
Last modified on : 20-01-2024 05:15:08

Description :
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.

CVE ID : CVE-2023-46447
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/rebel/blob/main/CWE-319.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.pops.pops | source : cve@mitre.org
https://popsdiabetes.com/about-us/ | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.