Latest vulnerabilities [Sunday, December 24, 2023]

Latest vulnerabilities [Sunday, December 24, 2023]
{{titre}}

Last update performed on 12/24/2023 at 11:57:06 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(1) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-7091

First published on : 24-12-2023 21:15:25
Last modified on : 24-12-2023 21:15:25

Description :
A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7091
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.248938 | source : cna@vuldb.com
https://vuldb.com/?id.248938 | source : cna@vuldb.com

Vulnerability : CWE-434


(0) LOW VULNERABILITIES [0.1, 3.9]

(8) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-51763

First published on : 24-12-2023 04:15:07
Last modified on : 24-12-2023 04:15:07

Description :
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

CVE ID : CVE-2023-51763
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/activeadmin/activeadmin/commit/697be2b183491beadc8f0b7d8b5bfb44f2387909 | source : cve@mitre.org
https://github.com/activeadmin/activeadmin/pull/8161 | source : cve@mitre.org
https://github.com/activeadmin/activeadmin/releases/tag/v3.2.0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51764

First published on : 24-12-2023 05:15:08
Last modified on : 24-12-2023 12:15:37

Description :
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Postfix server, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

CVE ID : CVE-2023-51764
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.postfix.org/smtp-smuggling.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51765

First published on : 24-12-2023 06:15:07
Last modified on : 24-12-2023 12:15:38

Description :
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the sendmail server, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

CVE ID : CVE-2023-51765
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/21/7 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/22/7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51766

First published on : 24-12-2023 06:15:07
Last modified on : 24-12-2023 12:15:38

Description :
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

CVE ID : CVE-2023-51766
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/24/1 | source : cve@mitre.org
https://bugs.exim.org/show_bug.cgi?id=3063 | source : cve@mitre.org
https://exim.org/static/doc/security/CVE-2023-51766.txt | source : cve@mitre.org
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/23/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51767

First published on : 24-12-2023 07:15:07
Last modified on : 24-12-2023 07:15:07

Description :
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

CVE ID : CVE-2023-51767
Source : cve@mitre.org
CVSS Score : /

References :
https://arxiv.org/abs/2309.02545 | source : cve@mitre.org
https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 | source : cve@mitre.org
https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51714

First published on : 24-12-2023 21:15:25
Last modified on : 24-12-2023 21:15:25

Description :
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

CVE ID : CVE-2023-51714
Source : cve@mitre.org
CVSS Score : /

References :
https://codereview.qt-project.org/c/qt/qtbase/+/524864 | source : cve@mitre.org
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-7101

First published on : 24-12-2023 22:15:07
Last modified on : 24-12-2023 22:15:07

Description :
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type โ€œevalโ€. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

CVE ID : CVE-2023-7101
Source : mandiant-cve@google.com
CVSS Score : /

References :
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | source : mandiant-cve@google.com
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | source : mandiant-cve@google.com
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc | source : mandiant-cve@google.com
https://https://metacpan.org/dist/Spreadsheet-ParseExcel | source : mandiant-cve@google.com
https://https://www.cve.org/CVERecord?id=CVE-2023-7101 | source : mandiant-cve@google.com

Vulnerability : CWE-95


Vulnerability ID : CVE-2023-7102

First published on : 24-12-2023 22:15:08
Last modified on : 24-12-2023 22:15:08

Description :
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

CVE ID : CVE-2023-7102
Source : mandiant-cve@google.com
CVSS Score : /

References :
https://github.com/haile01/perl_spreadsheet_excel_rce_poc | source : mandiant-cve@google.com
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | source : mandiant-cve@google.com
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | source : mandiant-cve@google.com
https://metacpan.org/dist/Spreadsheet-ParseExcel | source : mandiant-cve@google.com
https://www.barracuda.com/company/legal/esg-vulnerability | source : mandiant-cve@google.com
https://www.cve.org/CVERecord?id=CVE-2023-7101 | source : mandiant-cve@google.com

Vulnerability : CWE-1104


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.