Latest vulnerabilities [Thursday, December 21, 2023]

Latest vulnerabilities [Thursday, December 21, 2023]
{{titre}}

Last update performed on 12/21/2023 at 11:57:05 PM

(30) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : patchstack.com

Vulnerability ID : CVE-2023-49778

First published on : 21-12-2023 13:15:09
Last modified on : 21-12-2023 13:22:15

Description :
Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.

CVE ID : CVE-2023-49778
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-32242

First published on : 21-12-2023 13:15:08
Last modified on : 21-12-2023 13:22:15

Description :
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.

CVE ID : CVE-2023-32242
Source : audit@patchstack.com
CVSS Score : 9.8

References :
https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6145

First published on : 21-12-2023 14:15:09
Last modified on : 21-12-2023 18:15:45

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.

CVE ID : CVE-2023-6145
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0724 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Source : fluidattacks.com

Vulnerability ID : CVE-2023-45115

First published on : 21-12-2023 16:15:07
Last modified on : 21-12-2023 18:15:38

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45115
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45116

First published on : 21-12-2023 16:15:08
Last modified on : 21-12-2023 18:15:38

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45116
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45117

First published on : 21-12-2023 16:15:08
Last modified on : 21-12-2023 18:15:38

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45117
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45118

First published on : 21-12-2023 16:15:08
Last modified on : 21-12-2023 18:15:38

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45118
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45119

First published on : 21-12-2023 16:15:09
Last modified on : 21-12-2023 18:15:38

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45119
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45120

First published on : 21-12-2023 17:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45120
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45121

First published on : 21-12-2023 17:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45121
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45122

First published on : 21-12-2023 17:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45122
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45123

First published on : 21-12-2023 17:15:09
Last modified on : 21-12-2023 18:15:28

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'right' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45123
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45124

First published on : 21-12-2023 19:15:09
Last modified on : 21-12-2023 19:15:09

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'tag' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45124
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45125

First published on : 21-12-2023 19:15:10
Last modified on : 21-12-2023 19:15:10

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45125
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45126

First published on : 21-12-2023 19:15:10
Last modified on : 21-12-2023 19:15:10

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'total' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45126
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45127

First published on : 21-12-2023 19:15:11
Last modified on : 21-12-2023 19:15:11

Description :
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-45127
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/argerich/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-46791

First published on : 21-12-2023 20:15:07
Last modified on : 21-12-2023 20:15:07

Description :
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-46791
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/ros | source : help@fluidattacks.com
https://projectworlds.in | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48685

First published on : 21-12-2023 21:15:09
Last modified on : 21-12-2023 21:15:09

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48685
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48686

First published on : 21-12-2023 21:15:10
Last modified on : 21-12-2023 21:15:10

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48686
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48687

First published on : 21-12-2023 21:15:10
Last modified on : 21-12-2023 21:15:10

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48687
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48688

First published on : 21-12-2023 21:15:10
Last modified on : 21-12-2023 21:15:10

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'to' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48688
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48689

First published on : 21-12-2023 21:15:11
Last modified on : 21-12-2023 21:15:11

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48689
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48690

First published on : 21-12-2023 21:15:11
Last modified on : 21-12-2023 21:15:11

Description :
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48690
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/barenboim/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48716

First published on : 21-12-2023 21:15:11
Last modified on : 21-12-2023 21:15:11

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48716
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48717

First published on : 21-12-2023 21:15:12
Last modified on : 21-12-2023 21:15:12

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48717
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48718

First published on : 21-12-2023 21:15:12
Last modified on : 21-12-2023 21:15:12

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48718
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48719

First published on : 21-12-2023 21:15:12
Last modified on : 21-12-2023 21:15:12

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48719
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48720

First published on : 21-12-2023 21:15:12
Last modified on : 21-12-2023 21:15:12

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48720
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48722

First published on : 21-12-2023 21:15:13
Last modified on : 21-12-2023 21:15:13

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48722
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48723

First published on : 21-12-2023 22:15:14
Last modified on : 21-12-2023 22:15:14

Description :
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'rno' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-48723
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/gilels/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


(16) HIGH VULNERABILITIES [7.0, 8.9]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-44481

First published on : 21-12-2023 19:15:08
Last modified on : 21-12-2023 19:15:08

Description :
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44481
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/martin/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44482

First published on : 21-12-2023 19:15:09
Last modified on : 21-12-2023 19:15:09

Description :
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-44482
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/martin/ | source : help@fluidattacks.com
https://projectworlds.in/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2023-51442

First published on : 21-12-2023 15:15:13
Last modified on : 21-12-2023 18:15:38

Description :
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.

CVE ID : CVE-2023-51442
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c | source : security-advisories@github.com
https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-50732

First published on : 21-12-2023 20:15:07
Last modified on : 21-12-2023 20:15:07

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.

CVE ID : CVE-2023-50732
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20625 | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-46648

First published on : 21-12-2023 21:15:09
Last modified on : 21-12-2023 21:15:09

Description :
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2023-46648
Source : product-cna@github.com
CVSS Score : 8.3

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-331


Vulnerability ID : CVE-2023-6746

First published on : 21-12-2023 21:15:14
Last modified on : 21-12-2023 21:15:14

Description :
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-6746
Source : product-cna@github.com
CVSS Score : 8.1

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-46647

First published on : 21-12-2023 21:15:08
Last modified on : 21-12-2023 21:15:08

Description :
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

CVE ID : CVE-2023-46647
Source : product-cna@github.com
CVSS Score : 8.0

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 | source : product-cna@github.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-6847

First published on : 21-12-2023 21:15:15
Last modified on : 21-12-2023 21:15:15

Description :
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2023-6847
Source : product-cna@github.com
CVSS Score : 7.5

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-6802

First published on : 21-12-2023 21:15:14
Last modified on : 21-12-2023 21:15:14

Description :
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-6802
Source : product-cna@github.com
CVSS Score : 7.2

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-532


Source : patchstack.com

Vulnerability ID : CVE-2023-49826

First published on : 21-12-2023 13:15:09
Last modified on : 21-12-2023 13:22:15

Description :
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.

CVE ID : CVE-2023-49826
Source : audit@patchstack.com
CVSS Score : 8.1

References :
https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-48288

First published on : 21-12-2023 14:15:08
Last modified on : 21-12-2023 18:15:45

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.

CVE ID : CVE-2023-48288
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Source : vuldb.com

Vulnerability ID : CVE-2023-7025

First published on : 21-12-2023 03:15:07
Last modified on : 21-12-2023 13:22:15

Description :
A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7025
Source : cna@vuldb.com
CVSS Score : 7.8

References :
https://note.zhaoj.in/share/B05NqMPvEqoU | source : cna@vuldb.com
https://vuldb.com/?ctiid.248578 | source : cna@vuldb.com
https://vuldb.com/?id.248578 | source : cna@vuldb.com

Vulnerability : CWE-284


Source : redhat.com

Vulnerability ID : CVE-2023-6546

First published on : 21-12-2023 20:15:08
Last modified on : 21-12-2023 20:15:08

Description :
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

CVE ID : CVE-2023-6546
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/security/cve/CVE-2023-6546 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2255498 | source : secalert@redhat.com
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3 | source : secalert@redhat.com

Vulnerability : CWE-416


Source : hcl.com

Vulnerability ID : CVE-2023-37519

First published on : 21-12-2023 22:15:13
Last modified on : 21-12-2023 22:15:13

Description :
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.

CVE ID : CVE-2023-37519
Source : psirt@hcl.com
CVSS Score : 7.7

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 | source : psirt@hcl.com


Source : solarwinds.com

Vulnerability ID : CVE-2023-40058

First published on : 21-12-2023 17:15:07
Last modified on : 21-12-2023 18:15:28

Description :
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

CVE ID : CVE-2023-40058
Source : psirt@solarwinds.com
CVSS Score : 7.6

References :
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058 | source : psirt@solarwinds.com

Vulnerability : CWE-200


Source : eset.com

Vulnerability ID : CVE-2023-5594

First published on : 21-12-2023 12:15:08
Last modified on : 21-12-2023 13:22:15

Description :
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

CVE ID : CVE-2023-5594
Source : security@eset.com
CVSS Score : 7.5

References :
https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed | source : security@eset.com

Vulnerability : CWE-295


(59) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-46645

First published on : 21-12-2023 21:15:08
Last modified on : 21-12-2023 21:15:08

Description :
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2023-46645
Source : product-cna@github.com
CVSS Score : 6.8

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-46131

First published on : 21-12-2023 00:15:25
Last modified on : 21-12-2023 02:24:16

Description :
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

CVE ID : CVE-2023-46131
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60 | source : security-advisories@github.com
https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3 | source : security-advisories@github.com
https://github.com/grails/grails-core/issues/13302 | source : security-advisories@github.com
https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5 | source : security-advisories@github.com
https://grails.org/blog/2023-12-20-cve-data-binding-dos.html | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-51390

First published on : 21-12-2023 00:15:26
Last modified on : 21-12-2023 02:24:16

Description :
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

CVE ID : CVE-2023-51390
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da | source : security-advisories@github.com
https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g | source : security-advisories@github.com

Vulnerability : CWE-215
Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6804

First published on : 21-12-2023 21:15:15
Last modified on : 21-12-2023 21:15:15

Description :
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-6804
Source : product-cna@github.com
CVSS Score : 6.5

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-50724

First published on : 21-12-2023 15:15:10
Last modified on : 21-12-2023 18:15:38

Description :
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.

CVE ID : CVE-2023-50724
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/resque/resque/issues/1679 | source : security-advisories@github.com
https://github.com/resque/resque/pull/1687 | source : security-advisories@github.com
https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46649

First published on : 21-12-2023 21:15:09
Last modified on : 21-12-2023 21:15:09

Description :
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-46649
Source : product-cna@github.com
CVSS Score : 6.3

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2023-6803

First published on : 21-12-2023 21:15:14
Last modified on : 21-12-2023 21:15:14

Description :
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-6803
Source : product-cna@github.com
CVSS Score : 5.8

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2023-46646

First published on : 21-12-2023 21:15:08
Last modified on : 21-12-2023 21:15:08

Description :
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.

CVE ID : CVE-2023-46646
Source : product-cna@github.com
CVSS Score : 5.3

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-51379

First published on : 21-12-2023 21:15:13
Last modified on : 21-12-2023 21:15:13

Description :
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-51379
Source : product-cna@github.com
CVSS Score : 4.9

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-863


Source : hcl.com

Vulnerability ID : CVE-2023-28025

First published on : 21-12-2023 01:15:32
Last modified on : 21-12-2023 02:24:16

Description :
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.

CVE ID : CVE-2023-28025
Source : psirt@hcl.com
CVSS Score : 6.6

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109318 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-45703

First published on : 21-12-2023 00:15:25
Last modified on : 21-12-2023 02:24:16

Description :
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.

CVE ID : CVE-2023-45703
Source : psirt@hcl.com
CVSS Score : 5.3

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108649 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-45700

First published on : 21-12-2023 01:15:32
Last modified on : 21-12-2023 02:24:16

Description :
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVE ID : CVE-2023-45700
Source : psirt@hcl.com
CVSS Score : 4.3

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 | source : psirt@hcl.com


Source : patchstack.com

Vulnerability ID : CVE-2022-45377

First published on : 21-12-2023 13:15:08
Last modified on : 21-12-2023 13:22:15

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.

CVE ID : CVE-2022-45377
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-for-woocommerce/wordpress-drag-and-drop-multiple-file-upload-for-woocommerce-plugin-1-0-8-multiple-vulnerabilities?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-50822

First published on : 21-12-2023 15:15:10
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2.

CVE ID : CVE-2023-50822
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/currency-converter-widget/wordpress-currency-converter-widget-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50823

First published on : 21-12-2023 15:15:11
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.

CVE ID : CVE-2023-50823
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50824

First published on : 21-12-2023 15:15:11
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.

CVE ID : CVE-2023-50824
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/insert-or-embed-articulate-content-into-wordpress/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50825

First published on : 21-12-2023 15:15:11
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.

CVE ID : CVE-2023-50825
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/iframe-shortcode/wordpress-iframe-shortcode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50831

First published on : 21-12-2023 18:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.

CVE ID : CVE-2023-50831
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50833

First published on : 21-12-2023 18:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.

CVE ID : CVE-2023-50833
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-239-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-32799

First published on : 21-12-2023 19:15:08
Last modified on : 21-12-2023 19:15:08

Description :
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.

CVE ID : CVE-2023-32799
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-47191

First published on : 21-12-2023 19:15:11
Last modified on : 21-12-2023 19:15:11

Description :
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.

CVE ID : CVE-2023-47191
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-2-insecure-direct-object-reference-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-50834

First published on : 21-12-2023 19:15:12
Last modified on : 21-12-2023 19:15:12

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.

CVE ID : CVE-2023-50834
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/woocommerce-menu-extension/wordpress-woocommerce-menu-extension-plugin-1-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-2487

First published on : 21-12-2023 14:15:07
Last modified on : 21-12-2023 18:15:45

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.

CVE ID : CVE-2023-2487
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-47525

First published on : 21-12-2023 15:15:09
Last modified on : 21-12-2023 18:15:45

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.

CVE ID : CVE-2023-47525
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47527

First published on : 21-12-2023 15:15:09
Last modified on : 21-12-2023 18:15:45

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.This issue affects WP Edit Username: from n/a through 1.0.5.

CVE ID : CVE-2023-47527
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-edit-username/wordpress-wp-edit-username-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50377

First published on : 21-12-2023 15:15:10
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2.

CVE ID : CVE-2023-50377
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/abwp-simple-counter/wordpress-simple-counter-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50826

First published on : 21-12-2023 15:15:12
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.

CVE ID : CVE-2023-50826
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/menu-image/wordpress-menu-image-icons-made-easy-plugin-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50827

First published on : 21-12-2023 15:15:12
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.

CVE ID : CVE-2023-50827
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/accredible-certificates/wordpress-accredible-certificates-open-badges-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50828

First published on : 21-12-2023 15:15:12
Last modified on : 21-12-2023 18:15:38

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.

CVE ID : CVE-2023-50828
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/ultimate-dashboard/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50829

First published on : 21-12-2023 18:15:07
Last modified on : 21-12-2023 18:15:28

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.

CVE ID : CVE-2023-50829
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/quick-interest-slider/wordpress-loan-repayment-calculator-and-application-form-plugin-2-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50830

First published on : 21-12-2023 18:15:07
Last modified on : 21-12-2023 18:15:28

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.

CVE ID : CVE-2023-50830
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/seos-contact-form/wordpress-seos-contact-form-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50832

First published on : 21-12-2023 18:15:08
Last modified on : 21-12-2023 18:15:28

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.

CVE ID : CVE-2023-50832
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-13-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-22674

First published on : 21-12-2023 15:15:08
Last modified on : 21-12-2023 18:15:45

Description :
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.

CVE ID : CVE-2023-22674
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/dashicons-cpt/wordpress-dashicons-custom-post-types-plugin-1-0-2-broken-access-control?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352
Vulnerability : CWE-862


Vulnerability ID : CVE-2023-32747

First published on : 21-12-2023 19:15:08
Last modified on : 21-12-2023 19:15:08

Description :
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.

CVE ID : CVE-2023-32747
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-49762

First published on : 21-12-2023 13:15:08
Last modified on : 21-12-2023 13:22:15

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite – Create an app with the Best Mobile App Builder.This issue affects AppMySite – Create an app with the Best Mobile App Builder: from n/a through 3.11.0.

CVE ID : CVE-2023-49762
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/appmysite/wordpress-appmysite-create-an-app-with-the-best-mobile-app-builder-plugin-3-10-0-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-28421

First published on : 21-12-2023 14:15:07
Last modified on : 21-12-2023 18:15:45

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10.

CVE ID : CVE-2023-28421
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/wp-email-capture/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49162

First published on : 21-12-2023 14:15:08
Last modified on : 21-12-2023 18:15:45

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.

CVE ID : CVE-2023-49162
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/bigcommerce/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49765

First published on : 21-12-2023 19:15:12
Last modified on : 21-12-2023 19:15:12

Description :
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.

CVE ID : CVE-2023-49765
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Source : vuldb.com

Vulnerability ID : CVE-2023-7020

First published on : 21-12-2023 01:15:34
Last modified on : 21-12-2023 02:24:16

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7020
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/zte12321/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248567 | source : cna@vuldb.com
https://vuldb.com/?id.248567 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7021

First published on : 21-12-2023 01:15:34
Last modified on : 21-12-2023 02:24:16

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7021
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/qq956801985/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248568 | source : cna@vuldb.com
https://vuldb.com/?id.248568 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7022

First published on : 21-12-2023 02:15:43
Last modified on : 21-12-2023 02:24:16

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7022
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/willchen0011/cve/blob/main/sql3.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248569 | source : cna@vuldb.com
https://vuldb.com/?id.248569 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7023

First published on : 21-12-2023 02:15:43
Last modified on : 21-12-2023 02:24:16

Description :
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7023
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/xiatiandeyu123/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248570 | source : cna@vuldb.com
https://vuldb.com/?id.248570 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7037

First published on : 21-12-2023 17:15:09
Last modified on : 21-12-2023 18:15:28

Description :
A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7037
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Authenticated%20Blind%20SSRF | source : cna@vuldb.com
https://vuldb.com/?ctiid.248686 | source : cna@vuldb.com
https://vuldb.com/?id.248686 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-7039

First published on : 21-12-2023 19:15:13
Last modified on : 21-12-2023 19:15:13

Description :
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.

CVE ID : CVE-2023-7039
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Stitch3612/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248688 | source : cna@vuldb.com
https://vuldb.com/?id.248688 | source : cna@vuldb.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2023-7041

First published on : 21-12-2023 20:15:08
Last modified on : 21-12-2023 20:15:08

Description :
A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7041
Source : cna@vuldb.com
CVSS Score : 5.4

References :
https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20overwrite.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248690 | source : cna@vuldb.com
https://vuldb.com/?id.248690 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2023-7036

First published on : 21-12-2023 16:15:11
Last modified on : 21-12-2023 18:15:28

Description :
A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7036
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload | source : cna@vuldb.com
https://vuldb.com/?ctiid.248685 | source : cna@vuldb.com
https://vuldb.com/?id.248685 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-7026

First published on : 21-12-2023 05:15:08
Last modified on : 21-12-2023 13:22:15

Description :
A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579.

CVE ID : CVE-2023-7026
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/willchen0011/cve/blob/main/upload2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248579 | source : cna@vuldb.com
https://vuldb.com/?id.248579 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-7038

First published on : 21-12-2023 18:15:08
Last modified on : 21-12-2023 18:15:28

Description :
A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7038
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Cross-Site%20Request%20Forgery%20(CSRF) | source : cna@vuldb.com
https://vuldb.com/?ctiid.248687 | source : cna@vuldb.com
https://vuldb.com/?id.248687 | source : cna@vuldb.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-7040

First published on : 21-12-2023 20:15:08
Last modified on : 21-12-2023 20:15:08

Description :
A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability.

CVE ID : CVE-2023-7040
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20read.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248689 | source : cna@vuldb.com
https://vuldb.com/?id.248689 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2023-7051

First published on : 21-12-2023 22:15:15
Last modified on : 21-12-2023 22:15:15

Description :
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7051
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_notes.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248738 | source : cna@vuldb.com
https://vuldb.com/?id.248738 | source : cna@vuldb.com

Vulnerability : CWE-352


Source : jetbrains.com

Vulnerability ID : CVE-2023-51655

First published on : 21-12-2023 10:15:36
Last modified on : 21-12-2023 13:22:15

Description :
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

CVE ID : CVE-2023-51655
Source : cve@jetbrains.com
CVSS Score : 6.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-349


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5988

First published on : 21-12-2023 10:15:37
Last modified on : 21-12-2023 13:22:15

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.This issue affects LioXERP: before v.146.

CVE ID : CVE-2023-5988
Source : iletisim@usom.gov.tr
CVSS Score : 6.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0721 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6122

First published on : 21-12-2023 14:15:09
Last modified on : 21-12-2023 18:15:45

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS.This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023.

CVE ID : CVE-2023-6122
Source : iletisim@usom.gov.tr
CVSS Score : 6.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0724 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5989

First published on : 21-12-2023 10:15:37
Last modified on : 21-12-2023 13:22:15

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS.This issue affects LioXERP: before v.146.

CVE ID : CVE-2023-5989
Source : iletisim@usom.gov.tr
CVSS Score : 5.4

References :
https://www.usom.gov.tr/bildirim/tr-23-0721 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-4255

First published on : 21-12-2023 16:15:10
Last modified on : 21-12-2023 18:15:28

Description :
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

CVE ID : CVE-2023-4255
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2255207 | source : secalert@redhat.com
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 | source : secalert@redhat.com
https://github.com/tats/w3m/issues/268 | source : secalert@redhat.com
https://github.com/tats/w3m/pull/273 | source : secalert@redhat.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-4256

First published on : 21-12-2023 16:15:10
Last modified on : 21-12-2023 18:15:28

Description :
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

CVE ID : CVE-2023-4256
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2255212 | source : secalert@redhat.com
https://github.com/appneta/tcpreplay/issues/813 | source : secalert@redhat.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-7042

First published on : 21-12-2023 20:15:09
Last modified on : 21-12-2023 20:15:09

Description :
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

CVE ID : CVE-2023-7042
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/security/cve/CVE-2023-7042 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2255497 | source : secalert@redhat.com
https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/ | source : secalert@redhat.com

Vulnerability : CWE-476


Source : netapp.com

Vulnerability ID : CVE-2023-27319

First published on : 21-12-2023 22:15:13
Last modified on : 21-12-2023 22:15:13

Description :
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.

CVE ID : CVE-2023-27319
Source : security-alert@netapp.com
CVSS Score : 5.3

References :
https://security.netapp.com/advisory/ntap-20231221-0011/ | source : security-alert@netapp.com

Vulnerability : CWE-209


Source : silabs.com

Vulnerability ID : CVE-2023-41097

First published on : 21-12-2023 21:15:08
Last modified on : 21-12-2023 21:15:08

Description :
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

CVE ID : CVE-2023-41097
Source : product-security@silabs.com
CVSS Score : 4.6

References :
https://github.com/SiliconLabs/gecko_sdk/releases | source : product-security@silabs.com
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 | source : product-security@silabs.com

Vulnerability : CWE-208
Vulnerability : CWE-385


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-6690

First published on : 21-12-2023 21:15:14
Last modified on : 21-12-2023 21:15:14

Description :
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-6690
Source : product-cna@github.com
CVSS Score : 3.9

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-367


Vulnerability ID : CVE-2023-51380

First published on : 21-12-2023 21:15:13
Last modified on : 21-12-2023 21:15:13

Description :
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE ID : CVE-2023-51380
Source : product-cna@github.com
CVSS Score : 2.7

References :
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 | source : product-cna@github.com

Vulnerability : CWE-863


Source : redhat.com

Vulnerability ID : CVE-2023-2585

First published on : 21-12-2023 10:15:34
Last modified on : 21-12-2023 13:22:15

Description :
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.

CVE ID : CVE-2023-2585
Source : secalert@redhat.com
CVSS Score : 3.5

References :
https://access.redhat.com/errata/RHSA-2023:3883 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3884 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3885 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3888 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:3892 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-2585 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2196335 | source : secalert@redhat.com

Vulnerability : CWE-358


Source : vuldb.com

Vulnerability ID : CVE-2023-7050

First published on : 21-12-2023 22:15:15
Last modified on : 21-12-2023 22:15:15

Description :
A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.

CVE ID : CVE-2023-7050
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/note_sharing_storedxss..md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248737 | source : cna@vuldb.com
https://vuldb.com/?id.248737 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-7035

First published on : 21-12-2023 15:15:13
Last modified on : 21-12-2023 18:15:38

Description :
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7035
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS) | source : cna@vuldb.com
https://vuldb.com/?ctiid.248684 | source : cna@vuldb.com
https://vuldb.com/?id.248684 | source : cna@vuldb.com

Vulnerability : CWE-79


(25) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-41166

First published on : 21-12-2023 00:15:25
Last modified on : 21-12-2023 02:24:16

Description :
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CVE ID : CVE-2023-41166
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu/2023-027 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47093

First published on : 21-12-2023 00:15:26
Last modified on : 21-12-2023 02:24:16

Description :
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.

CVE ID : CVE-2023-47093
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu/2023-031/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-49032

First published on : 21-12-2023 00:15:26
Last modified on : 21-12-2023 02:24:16

Description :
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.

CVE ID : CVE-2023-49032
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ltb-project/self-service-password/issues/816 | source : cve@mitre.org
https://github.com/piuppi/Proof-of-Concepts/blob/main/ltb-project/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-29485

First published on : 21-12-2023 01:15:32
Last modified on : 21-12-2023 02:24:16

Description :
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.

CVE ID : CVE-2023-29485
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 | source : cve@mitre.org


Vulnerability ID : CVE-2023-29486

First published on : 21-12-2023 01:15:32
Last modified on : 21-12-2023 02:24:16

Description :
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.

CVE ID : CVE-2023-29486
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 | source : cve@mitre.org


Vulnerability ID : CVE-2023-29487

First published on : 21-12-2023 01:15:32
Last modified on : 21-12-2023 02:24:16

Description :
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module.

CVE ID : CVE-2023-29487
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50473

First published on : 21-12-2023 11:15:08
Last modified on : 21-12-2023 13:22:15

Description :
Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.

CVE ID : CVE-2023-50473
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bill-ahmed/qbit-matUI/issues/207 | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50473.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50475

First published on : 21-12-2023 11:15:08
Last modified on : 21-12-2023 13:22:15

Description :
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.

CVE ID : CVE-2023-50475
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bcoin-org/bcoin/issues/1174 | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50477

First published on : 21-12-2023 11:15:08
Last modified on : 21-12-2023 13:22:15

Description :
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.

CVE ID : CVE-2023-50477
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nos/client/issues/1485 | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50477.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50481

First published on : 21-12-2023 11:15:08
Last modified on : 21-12-2023 13:22:15

Description :
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.

CVE ID : CVE-2023-50481
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/blinksocks/blinksocks/issues/108 | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50481.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48114

First published on : 21-12-2023 15:15:09
Last modified on : 21-12-2023 18:15:38

Description :
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.

CVE ID : CVE-2023-48114
Source : cve@mitre.org
CVSS Score : /

References :
https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114 | source : cve@mitre.org
https://www.smartertools.com/smartermail/release-notes/current | source : cve@mitre.org


Vulnerability ID : CVE-2023-48115

First published on : 21-12-2023 15:15:09
Last modified on : 21-12-2023 18:15:38

Description :
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

CVE ID : CVE-2023-48115
Source : cve@mitre.org
CVSS Score : /

References :
https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail | source : cve@mitre.org
https://www.smartertools.com/smartermail/release-notes/current | source : cve@mitre.org


Vulnerability ID : CVE-2023-48116

First published on : 21-12-2023 15:15:09
Last modified on : 21-12-2023 18:15:38

Description :
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.

CVE ID : CVE-2023-48116
Source : cve@mitre.org
CVSS Score : /

References :
https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116 | source : cve@mitre.org
https://www.smartertools.com/smartermail/release-notes/current | source : cve@mitre.org


Vulnerability ID : CVE-2023-50119

First published on : 21-12-2023 15:15:10
Last modified on : 21-12-2023 15:15:10

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-50119
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-51048

First published on : 21-12-2023 16:15:10
Last modified on : 21-12-2023 18:15:28

Description :
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.

CVE ID : CVE-2023-51048
Source : cve@mitre.org
CVSS Score : /

References :
https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b | source : cve@mitre.org


Vulnerability ID : CVE-2023-51049

First published on : 21-12-2023 16:15:10
Last modified on : 21-12-2023 18:15:28

Description :
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.

CVE ID : CVE-2023-51049
Source : cve@mitre.org
CVSS Score : /

References :
https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b | source : cve@mitre.org


Vulnerability ID : CVE-2023-51050

First published on : 21-12-2023 16:15:11
Last modified on : 21-12-2023 18:15:28

Description :
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.

CVE ID : CVE-2023-51050
Source : cve@mitre.org
CVSS Score : /

References :
https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b | source : cve@mitre.org


Vulnerability ID : CVE-2023-51051

First published on : 21-12-2023 16:15:11
Last modified on : 21-12-2023 18:15:28

Description :
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.

CVE ID : CVE-2023-51051
Source : cve@mitre.org
CVSS Score : /

References :
https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b | source : cve@mitre.org


Vulnerability ID : CVE-2023-51052

First published on : 21-12-2023 16:15:11
Last modified on : 21-12-2023 18:15:28

Description :
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.

CVE ID : CVE-2023-51052
Source : cve@mitre.org
CVSS Score : /

References :
https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-47265

First published on : 21-12-2023 10:15:35
Last modified on : 21-12-2023 15:15:09

Description :
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability

CVE ID : CVE-2023-47265
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/21/2 | source : security@apache.org
https://github.com/apache/airflow/pull/35460 | source : security@apache.org
https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr | source : security@apache.org

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48291

First published on : 21-12-2023 10:15:36
Last modified on : 21-12-2023 15:15:09

Description :
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

CVE ID : CVE-2023-48291
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/21/1 | source : security@apache.org
https://github.com/apache/airflow/pull/34366 | source : security@apache.org
https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3 | source : security@apache.org

Vulnerability : CWE-668


Vulnerability ID : CVE-2023-49920

First published on : 21-12-2023 10:15:36
Last modified on : 21-12-2023 15:15:09

Description :
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected

CVE ID : CVE-2023-49920
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/21/3 | source : security@apache.org
https://github.com/apache/airflow/pull/36026 | source : security@apache.org
https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq | source : security@apache.org

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-50783

First published on : 21-12-2023 10:15:36
Last modified on : 21-12-2023 15:15:10

Description :
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue

CVE ID : CVE-2023-50783
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/21/4 | source : security@apache.org
https://github.com/apache/airflow/pull/33932 | source : security@apache.org
https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn | source : security@apache.org

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-51656

First published on : 21-12-2023 12:15:08
Last modified on : 21-12-2023 15:15:13

Description :
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

CVE ID : CVE-2023-51656
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/21/5 | source : security@apache.org
https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc | source : security@apache.org

Vulnerability : CWE-502


Source : devolutions.net

Vulnerability ID : CVE-2023-7047

First published on : 21-12-2023 15:15:14
Last modified on : 21-12-2023 18:15:38

Description :
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.

CVE ID : CVE-2023-7047
Source : security@devolutions.net
CVSS Score : /

References :
https://devolutions.net/security/advisories/DEVO-2023-0024/ | source : security@devolutions.net


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.