Latest vulnerabilities [Thursday, January 04, 2024]

Latest vulnerabilities [Thursday, January 04, 2024]
{{titre}}

Last update performed on 01/04/2024 at 11:57:05 PM

(17) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-49622

First published on : 04-01-2024 14:15:39
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49622
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49624

First published on : 04-01-2024 14:15:39
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49624
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49625

First published on : 04-01-2024 14:15:40
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49625
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49633

First published on : 04-01-2024 14:15:40
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49633
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49639

First published on : 04-01-2024 14:15:40
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49639
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49658

First published on : 04-01-2024 14:15:40
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49658
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49665

First published on : 04-01-2024 14:15:40
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49665
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49666

First published on : 04-01-2024 14:15:41
Last modified on : 04-01-2024 14:58:23

Description :
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-49666
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/zimerman/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50743

First published on : 04-01-2024 14:15:41
Last modified on : 04-01-2024 14:58:23

Description :
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50743
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/perahia/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50752

First published on : 04-01-2024 14:15:41
Last modified on : 04-01-2024 14:58:23

Description :
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50752
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/perahia/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50753

First published on : 04-01-2024 14:15:41
Last modified on : 04-01-2024 14:58:23

Description :
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50753
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/perahia/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50862

First published on : 04-01-2024 15:15:09
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50862
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50863

First published on : 04-01-2024 15:15:09
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50863
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50864

First published on : 04-01-2024 15:15:10
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50864
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50865

First published on : 04-01-2024 15:15:10
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50865
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50866

First published on : 04-01-2024 15:15:10
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50866
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50867

First published on : 04-01-2024 15:15:10
Last modified on : 04-01-2024 18:46:53

Description :
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE ID : CVE-2023-50867
Source : help@fluidattacks.com
CVSS Score : 9.8

References :
https://fluidattacks.com/advisories/evans/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-89


(8) HIGH VULNERABILITIES [7.0, 8.9]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-50760

First published on : 04-01-2024 15:15:09
Last modified on : 04-01-2024 18:46:53

Description :
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

CVE ID : CVE-2023-50760
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/arrau/ | source : help@fluidattacks.com
https://www.kashipara.com/ | source : help@fluidattacks.com

Vulnerability : CWE-434


Source : github.com

Vulnerability ID : CVE-2024-21625

First published on : 04-01-2024 15:15:11
Last modified on : 04-01-2024 18:46:53

Description :
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.

CVE ID : CVE-2024-21625
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 | source : security-advisories@github.com

Vulnerability : CWE-20


Source : siemens.com

Vulnerability ID : CVE-2021-40367

First published on : 04-01-2024 12:15:22
Last modified on : 04-01-2024 14:58:23

Description :
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)

CVE ID : CVE-2021-40367
Source : productcert@siemens.com
CVSS Score : 7.8

References :
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797 | source : productcert@siemens.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2021-42028

First published on : 04-01-2024 12:15:23
Last modified on : 04-01-2024 14:58:23

Description :
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)

CVE ID : CVE-2021-42028
Source : productcert@siemens.com
CVSS Score : 7.8

References :
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797 | source : productcert@siemens.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2021-45465

First published on : 04-01-2024 12:15:23
Last modified on : 04-01-2024 14:58:23

Description :
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)

CVE ID : CVE-2021-45465
Source : productcert@siemens.com
CVSS Score : 7.8

References :
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797 | source : productcert@siemens.com

Vulnerability : CWE-123


Source : hitachienergy.com

Vulnerability ID : CVE-2022-2081

First published on : 04-01-2024 10:15:10
Last modified on : 04-01-2024 14:58:23

Description :
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

CVE ID : CVE-2022-2081
Source : cybersecurity@hitachienergy.com
CVSS Score : 7.5

References :
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch | source : cybersecurity@hitachienergy.com

Vulnerability : CWE-120


Source : redhat.com

Vulnerability ID : CVE-2023-6944

First published on : 04-01-2024 10:15:11
Last modified on : 04-01-2024 14:58:23

Description :
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

CVE ID : CVE-2023-6944
Source : secalert@redhat.com
CVSS Score : 7.3

References :
https://access.redhat.com/security/cve/CVE-2023-6944 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2255204 | source : secalert@redhat.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6270

First published on : 04-01-2024 17:15:08
Last modified on : 04-01-2024 18:46:53

Description :
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.

CVE ID : CVE-2023-6270
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-6270 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2256786 | source : secalert@redhat.com

Vulnerability : CWE-416


(15) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : samsung.com

Vulnerability ID : CVE-2024-20803

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

CVE ID : CVE-2024-20803
Source : mobile.security@samsung.com
CVSS Score : 6.8

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20806

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

CVE ID : CVE-2024-20806
Source : mobile.security@samsung.com
CVSS Score : 6.2

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20802

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.

CVE ID : CVE-2024-20802
Source : mobile.security@samsung.com
CVSS Score : 4.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20804

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

CVE ID : CVE-2024-20804
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20808

First published on : 04-01-2024 01:15:10
Last modified on : 04-01-2024 01:30:19

Description :
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

CVE ID : CVE-2024-20808
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20809

First published on : 04-01-2024 01:15:10
Last modified on : 04-01-2024 01:30:19

Description :
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

CVE ID : CVE-2024-20809
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Source : zte.com.cn

Vulnerability ID : CVE-2023-41784

First published on : 04-01-2024 08:15:08
Last modified on : 04-01-2024 14:58:23

Description :
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

CVE ID : CVE-2023-41784
Source : psirt@zte.com.cn
CVSS Score : 6.6

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034444 | source : psirt@zte.com.cn

Vulnerability : CWE-269


Source : wordfence.com

Vulnerability ID : CVE-2023-6733

First published on : 04-01-2024 04:15:09
Last modified on : 04-01-2024 14:58:23

Description :
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.

CVE ID : CVE-2023-6733
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7044

First published on : 04-01-2024 10:15:11
Last modified on : 04-01-2024 14:58:23

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7044
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Extensions/Wrapper_Link.php#L65 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3013774/essential-addons-for-elementor-lite/trunk/includes/Extensions/Wrapper_Link.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e770e98-3c13-4e37-b51b-4c39bce2cb42?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6738

First published on : 04-01-2024 04:15:09
Last modified on : 04-01-2024 14:58:23

Description :
The Page Builder: Pagelayer โ€“ Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.

CVE ID : CVE-2023-6738
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/pagelayer/trunk/main/post_metas.php#L527 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=/pagelayer/tags/1.7.8&old=3016486&new_path=/pagelayer/tags/1.7.9&new=3016486&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d14c8890-482c-4d43-a68f-0d04c4feca8f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6498

First published on : 04-01-2024 04:15:09
Last modified on : 04-01-2024 14:58:23

Description :
The Complianz โ€“ GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-6498
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009228%40complianz-gdpr&new=3009228%40complianz-gdpr&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/01c1458d-3e38-4dbf-bb65-80465ea6d0ad?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-21636

First published on : 04-01-2024 20:15:25
Last modified on : 04-01-2024 20:15:25

Description :
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.

CVE ID : CVE-2024-21636
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017 | source : security-advisories@github.com
https://github.com/ViewComponent/view_component/pull/1950 | source : security-advisories@github.com
https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37 | source : security-advisories@github.com

Vulnerability : CWE-79


Source : fluidattacks.com

Vulnerability ID : CVE-2023-3726

First published on : 04-01-2024 15:15:09
Last modified on : 04-01-2024 18:46:53

Description :
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

CVE ID : CVE-2023-3726
Source : help@fluidattacks.com
CVSS Score : 4.9

References :
https://fluidattacks.com/advisories/creed/ | source : help@fluidattacks.com
https://ocsinventory-ng.org/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : hitachienergy.com

Vulnerability ID : CVE-2022-3864

First published on : 04-01-2024 10:15:11
Last modified on : 04-01-2024 14:58:23

Description :
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

CVE ID : CVE-2022-3864
Source : cybersecurity@hitachienergy.com
CVSS Score : 4.5

References :
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000146&LanguageCode=en&DocumentPartId=&Action=Launch | source : cybersecurity@hitachienergy.com

Vulnerability : CWE-347


Source : cloudflare.com

Vulnerability ID : CVE-2023-6992

First published on : 04-01-2024 12:15:23
Last modified on : 04-01-2024 14:58:23

Description :
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

CVE ID : CVE-2023-6992
Source : cna@cloudflare.com
CVSS Score : 4.0

References :
https://github.com/cloudflare/zlib | source : cna@cloudflare.com
https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh | source : cna@cloudflare.com

Vulnerability : CWE-122
Vulnerability : CWE-126
Vulnerability : CWE-20


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : samsung.com

Vulnerability ID : CVE-2024-20805

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

CVE ID : CVE-2024-20805
Source : mobile.security@samsung.com
CVSS Score : 3.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20807

First published on : 04-01-2024 01:15:09
Last modified on : 04-01-2024 01:30:19

Description :
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.

CVE ID : CVE-2024-20807
Source : mobile.security@samsung.com
CVSS Score : 3.3

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 | source : mobile.security@samsung.com


Source : vulncheck.com

Vulnerability ID : CVE-2024-22047

First published on : 04-01-2024 21:15:09
Last modified on : 04-01-2024 21:15:09

Description :
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.

CVE ID : CVE-2024-22047
Source : disclosure@vulncheck.com
CVSS Score : 3.1

References :
https://github.com/advisories/GHSA-hjp3-5g2q-7jww | source : disclosure@vulncheck.com
https://github.com/collectiveidea/audited/issues/601 | source : disclosure@vulncheck.com
https://github.com/collectiveidea/audited/pull/669 | source : disclosure@vulncheck.com
https://github.com/collectiveidea/audited/pull/671 | source : disclosure@vulncheck.com
https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww | source : disclosure@vulncheck.com

Vulnerability : CWE-362


(19) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : google.com

Vulnerability ID : CVE-2024-0222

First published on : 04-01-2024 02:15:28
Last modified on : 04-01-2024 14:58:23

Description :
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0222
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://crbug.com/1501798 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0223

First published on : 04-01-2024 02:15:28
Last modified on : 04-01-2024 14:58:23

Description :
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0223
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://crbug.com/1505009 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0224

First published on : 04-01-2024 02:15:29
Last modified on : 04-01-2024 14:58:23

Description :
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0224
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://crbug.com/1505086 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0225

First published on : 04-01-2024 02:15:29
Last modified on : 04-01-2024 14:58:23

Description :
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0225
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://crbug.com/1506923 | source : chrome-cve-admin@google.com


Source : mitre.org

Vulnerability ID : CVE-2023-29962

First published on : 04-01-2024 06:15:45
Last modified on : 04-01-2024 14:58:23

Description :
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

CVE ID : CVE-2023-29962
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/superjock1988/546df50f8251cb2c99adda4351098528 | source : cve@mitre.org
https://github.com/superjock1988/debug/blob/main/s-cms.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52322

First published on : 04-01-2024 07:15:09
Last modified on : 04-01-2024 14:58:23

Description :
ecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

CVE ID : CVE-2023-52322
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr | source : cve@mitre.org
https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb | source : cve@mitre.org


Vulnerability ID : CVE-2023-50082

First published on : 04-01-2024 08:15:08
Last modified on : 04-01-2024 14:58:23

Description :
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.

CVE ID : CVE-2023-50082
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/juraorab/cve/blob/master/CVE/README.md | source : cve@mitre.org
https://github.com/juraorab/cve/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50630

First published on : 04-01-2024 08:15:09
Last modified on : 04-01-2024 14:58:23

Description :
Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.

CVE ID : CVE-2023-50630
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/xiweicheng/tms/issues/19 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51154

First published on : 04-01-2024 19:15:08
Last modified on : 04-01-2024 19:15:08

Description :
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

CVE ID : CVE-2023-51154
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/blue_ty/cms/issues/I8O7IV | source : cve@mitre.org


Vulnerability ID : CVE-2023-51812

First published on : 04-01-2024 19:15:08
Last modified on : 04-01-2024 19:15:08

Description :
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

CVE ID : CVE-2023-51812
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/blue_ty/cms/issues/I8PG2A | source : cve@mitre.org


Source : siemens.com

Vulnerability ID : CVE-2022-43375

First published on : 04-01-2024 07:15:08
Last modified on : 04-01-2024 07:15:08

Description :
Rejected reason: This CVE ID was unused by the CNA.

CVE ID : CVE-2022-43375
Source : productcert@siemens.com
CVSS Score : /

References :


Source : cert.pl

Vulnerability ID : CVE-2023-6551

First published on : 04-01-2024 16:15:09
Last modified on : 04-01-2024 18:46:53

Description :
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.

CVE ID : CVE-2023-6551
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-6551 | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-6551 | source : cvd@cert.pl

Vulnerability : CWE-20


Source : wordfence.com

Vulnerability ID : CVE-2023-5442

First published on : 04-01-2024 19:15:08
Last modified on : 04-01-2024 19:15:08

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6991. Reason: This candidate is a reservation duplicate of CVE-2023-6991. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-5442
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2023-5619

First published on : 04-01-2024 20:15:25
Last modified on : 04-01-2024 20:15:25

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6530. Reason: This candidate is a reservation duplicate of CVE-2023-6530. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-5619
Source : security@wordfence.com
CVSS Score : /

References :


Source : vulncheck.com

Vulnerability ID : CVE-2024-0241

First published on : 04-01-2024 21:15:09
Last modified on : 04-01-2024 21:15:09

Description :
encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.

CVE ID : CVE-2024-0241
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-3px7-jm2p-6h2c | source : disclosure@vulncheck.com
https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91 | source : disclosure@vulncheck.com
https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c | source : disclosure@vulncheck.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-22048

First published on : 04-01-2024 21:15:09
Last modified on : 04-01-2024 21:15:09

Description :
govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.

CVE ID : CVE-2024-22048
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-x2xw-hw8g-6773 | source : disclosure@vulncheck.com
https://github.com/alphagov/tech-docs-gem/pull/323 | source : disclosure@vulncheck.com
https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1 | source : disclosure@vulncheck.com
https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773 | source : disclosure@vulncheck.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-22049

First published on : 04-01-2024 21:15:10
Last modified on : 04-01-2024 21:15:10

Description :
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

CVE ID : CVE-2024-22049
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-5pq7-52mg-hr42 | source : disclosure@vulncheck.com
https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 | source : disclosure@vulncheck.com
https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e | source : disclosure@vulncheck.com
https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42 | source : disclosure@vulncheck.com

Vulnerability : CWE-472


Vulnerability ID : CVE-2024-22050

First published on : 04-01-2024 21:15:10
Last modified on : 04-01-2024 21:15:10

Description :
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

CVE ID : CVE-2024-22050
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-85rf-xh54-whp3 | source : disclosure@vulncheck.com
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889 | source : disclosure@vulncheck.com
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 | source : disclosure@vulncheck.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2024-22051

First published on : 04-01-2024 21:15:10
Last modified on : 04-01-2024 21:15:10

Description :
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

CVE ID : CVE-2024-22051
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-fmx4-26r3-wxpf | source : disclosure@vulncheck.com
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x | source : disclosure@vulncheck.com
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 | source : disclosure@vulncheck.com
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf | source : disclosure@vulncheck.com

Vulnerability : CWE-190


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.