Latest vulnerabilities [Tuesday, December 12, 2023]

Latest vulnerabilities [Tuesday, December 12, 2023]
{{titre}}

Last update performed on 12/12/2023 at 11:57:02 PM

(6) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : huntr.dev

Vulnerability ID : CVE-2023-6709

First published on : 12-12-2023 04:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE ID : CVE-2023-6709
Source : security@huntr.dev
CVSS Score : 10.0

References :
https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625 | source : security@huntr.dev
https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d | source : security@huntr.dev

Vulnerability : CWE-1336


Source : microsoft.com

Vulnerability ID : CVE-2023-36019

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft Power Platform Connector Spoofing Vulnerability

CVE ID : CVE-2023-36019
Source : secure@microsoft.com
CVSS Score : 9.6

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019 | source : secure@microsoft.com


Source : sap.com

Vulnerability ID : CVE-2023-49583

First published on : 12-12-2023 02:15:07
Last modified on : 12-12-2023 13:43:48

Description :
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

CVE ID : CVE-2023-49583
Source : cna@sap.com
CVSS Score : 9.1

References :
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | source : cna@sap.com
https://me.sap.com/notes/3411067 | source : cna@sap.com
https://www.npmjs.com/package/@sap/xssec | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-50422

First published on : 12-12-2023 02:15:08
Last modified on : 12-12-2023 13:43:48

Description :
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

CVE ID : CVE-2023-50422
Source : cna@sap.com
CVSS Score : 9.1

References :
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | source : cna@sap.com
https://github.com/SAP/cloud-security-services-integration-library/ | source : cna@sap.com
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73 | source : cna@sap.com
https://me.sap.com/notes/3411067 | source : cna@sap.com
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa | source : cna@sap.com
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security | source : cna@sap.com
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-50423

First published on : 12-12-2023 02:15:08
Last modified on : 12-12-2023 13:43:48

Description :
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

CVE ID : CVE-2023-50423
Source : cna@sap.com
CVSS Score : 9.1

References :
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | source : cna@sap.com
https://github.com/SAP/cloud-pysec/ | source : cna@sap.com
https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5 | source : cna@sap.com
https://me.sap.com/notes/3411067 | source : cna@sap.com
https://pypi.org/project/sap-xssec/ | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-50424

First published on : 12-12-2023 03:15:07
Last modified on : 12-12-2023 13:43:48

Description :
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

CVE ID : CVE-2023-50424
Source : cna@sap.com
CVSS Score : 9.1

References :
https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | source : cna@sap.com
https://github.com/SAP/cloud-security-client-go | source : cna@sap.com
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73 | source : cna@sap.com
https://me.sap.com/notes/3411067 | source : cna@sap.com
https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-269


(50) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2023-48225

First published on : 12-12-2023 21:15:08
Last modified on : 12-12-2023 21:15:08

Description :
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.

CVE ID : CVE-2023-48225
Source : security-advisories@github.com
CVSS Score : 8.9

References :
https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50 | source : security-advisories@github.com
https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306 | source : security-advisories@github.com
https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-50252

First published on : 12-12-2023 21:15:08
Last modified on : 12-12-2023 21:15:08

Description :
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.

CVE ID : CVE-2023-50252
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030 | source : security-advisories@github.com
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr | source : security-advisories@github.com

Vulnerability : CWE-15
Vulnerability : CWE-502


Vulnerability ID : CVE-2023-49089

First published on : 12-12-2023 19:15:07
Last modified on : 12-12-2023 20:20:16

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.

CVE ID : CVE-2023-49089
Source : security-advisories@github.com
CVSS Score : 7.7

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5 | source : security-advisories@github.com

Vulnerability : CWE-22


Source : mitre.org

Vulnerability ID : CVE-2023-41117

First published on : 12-12-2023 07:15:44
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.

CVE ID : CVE-2023-41117
Source : cve@mitre.org
CVSS Score : 8.8

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341117/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41119

First published on : 12-12-2023 07:15:45
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.

CVE ID : CVE-2023-41119
Source : cve@mitre.org
CVSS Score : 8.8

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341119/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48641

First published on : 12-12-2023 08:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.

CVE ID : CVE-2023-48641
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859 | source : cve@mitre.org


Source : microsoft.com

Vulnerability ID : CVE-2023-35630

First published on : 12-12-2023 18:15:18
Last modified on : 12-12-2023 18:58:44

Description :
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE ID : CVE-2023-35630
Source : secure@microsoft.com
CVSS Score : 8.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35639

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE ID : CVE-2023-35639
Source : secure@microsoft.com
CVSS Score : 8.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35641

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:37

Description :
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE ID : CVE-2023-35641
Source : secure@microsoft.com
CVSS Score : 8.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36006

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE ID : CVE-2023-36006
Source : secure@microsoft.com
CVSS Score : 8.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35628

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Windows MSHTML Platform Remote Code Execution Vulnerability

CVE ID : CVE-2023-35628
Source : secure@microsoft.com
CVSS Score : 8.1

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35634

First published on : 12-12-2023 18:15:18
Last modified on : 12-12-2023 18:58:44

Description :
Windows Bluetooth Driver Remote Code Execution Vulnerability

CVE ID : CVE-2023-35634
Source : secure@microsoft.com
CVSS Score : 8.0

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-21740

First published on : 12-12-2023 18:15:16
Last modified on : 12-12-2023 18:58:44

Description :
Windows Media Remote Code Execution Vulnerability

CVE ID : CVE-2023-21740
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35631

First published on : 12-12-2023 18:15:18
Last modified on : 12-12-2023 18:58:44

Description :
Win32k Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35631
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35632

First published on : 12-12-2023 18:15:18
Last modified on : 12-12-2023 18:58:44

Description :
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35632
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35633

First published on : 12-12-2023 18:15:18
Last modified on : 12-12-2023 18:58:44

Description :
Windows Kernel Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35633
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35644

First published on : 12-12-2023 18:15:20
Last modified on : 12-12-2023 18:58:37

Description :
Windows Sysmain Service Elevation of Privilege

CVE ID : CVE-2023-35644
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36011

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
Win32k Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36011
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36391

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36391
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36696

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36696
Source : secure@microsoft.com
CVSS Score : 7.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36020

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE ID : CVE-2023-36020
Source : secure@microsoft.com
CVSS Score : 7.6

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35621

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

CVE ID : CVE-2023-35621
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35622

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Windows DNS Spoofing Vulnerability

CVE ID : CVE-2023-35622
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35638

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:44

Description :
DHCP Server Service Denial of Service Vulnerability

CVE ID : CVE-2023-35638
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35643

First published on : 12-12-2023 18:15:20
Last modified on : 12-12-2023 18:58:37

Description :
DHCP Server Service Information Disclosure Vulnerability

CVE ID : CVE-2023-35643
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36004

First published on : 12-12-2023 18:15:20
Last modified on : 12-12-2023 18:58:37

Description :
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

CVE ID : CVE-2023-36004
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36005

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
Windows Telephony Server Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36005
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36010

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft Defender Denial of Service Vulnerability

CVE ID : CVE-2023-36010
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35624

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVE ID : CVE-2023-35624
Source : secure@microsoft.com
CVSS Score : 7.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624 | source : secure@microsoft.com


Source : sap.com

Vulnerability ID : CVE-2023-42481

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.

CVE ID : CVE-2023-42481
Source : cna@sap.com
CVSS Score : 8.1

References :
https://me.sap.com/notes/3394567 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-42478

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

CVE ID : CVE-2023-42478
Source : cna@sap.com
CVSS Score : 7.5

References :
https://me.sap.com/notes/3382353 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49580

First published on : 12-12-2023 02:15:07
Last modified on : 12-12-2023 13:43:48

Description :
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.

CVE ID : CVE-2023-49580
Source : cna@sap.com
CVSS Score : 7.3

References :
https://me.sap.com/notes/3385711 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6542

First published on : 12-12-2023 02:15:09
Last modified on : 12-12-2023 13:43:48

Description :
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

CVE ID : CVE-2023-6542
Source : cna@sap.com
CVSS Score : 7.1

References :
https://me.sap.com/notes/3406244 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-863


Source : siemens.com

Vulnerability ID : CVE-2023-48427

First published on : 12-12-2023 12:15:14
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.

CVE ID : CVE-2023-48427
Source : productcert@siemens.com
CVSS Score : 8.1

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | source : productcert@siemens.com

Vulnerability : CWE-295


Vulnerability ID : CVE-2022-42784

First published on : 12-12-2023 10:15:09
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

CVE ID : CVE-2022-42784
Source : productcert@siemens.com
CVSS Score : 7.6

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf | source : productcert@siemens.com

Vulnerability : CWE-1319


Vulnerability ID : CVE-2022-47374

First published on : 12-12-2023 12:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

CVE ID : CVE-2022-47374
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf | source : productcert@siemens.com

Vulnerability : CWE-674


Vulnerability ID : CVE-2022-47375

First published on : 12-12-2023 12:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

CVE ID : CVE-2022-47375
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf | source : productcert@siemens.com

Vulnerability : CWE-805


Vulnerability ID : CVE-2023-38380

First published on : 12-12-2023 12:15:11
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

CVE ID : CVE-2023-38380
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf | source : productcert@siemens.com

Vulnerability : CWE-401


Vulnerability ID : CVE-2023-46156

First published on : 12-12-2023 12:15:13
Last modified on : 12-12-2023 13:43:48

Description :
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

CVE ID : CVE-2023-46156
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf | source : productcert@siemens.com
https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf | source : productcert@siemens.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-46283

First published on : 12-12-2023 12:15:14
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

CVE ID : CVE-2023-46283
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf | source : productcert@siemens.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-46284

First published on : 12-12-2023 12:15:14
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

CVE ID : CVE-2023-46284
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf | source : productcert@siemens.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-46285

First published on : 12-12-2023 12:15:14
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.

CVE ID : CVE-2023-46285
Source : productcert@siemens.com
CVSS Score : 7.5

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf | source : productcert@siemens.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-48428

First published on : 12-12-2023 12:15:14
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.

CVE ID : CVE-2023-48428
Source : productcert@siemens.com
CVSS Score : 7.2

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | source : productcert@siemens.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-49691

First published on : 12-12-2023 12:15:15
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.

CVE ID : CVE-2023-49691
Source : productcert@siemens.com
CVSS Score : 7.2

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf | source : productcert@siemens.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-49692

First published on : 12-12-2023 12:15:16
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.

CVE ID : CVE-2023-49692
Source : productcert@siemens.com
CVSS Score : 7.2

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf | source : productcert@siemens.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-46281

First published on : 12-12-2023 12:15:13
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVE ID : CVE-2023-46281
Source : productcert@siemens.com
CVSS Score : 7.1

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf | source : productcert@siemens.com

Vulnerability : CWE-942


Vulnerability ID : CVE-2023-46282

First published on : 12-12-2023 12:15:13
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

CVE ID : CVE-2023-46282
Source : productcert@siemens.com
CVSS Score : 7.1

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf | source : productcert@siemens.com

Vulnerability : CWE-79


Source : redhat.com

Vulnerability ID : CVE-2023-5379

First published on : 12-12-2023 22:15:22
Last modified on : 12-12-2023 22:15:22

Description :
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).

CVE ID : CVE-2023-5379
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-5379 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2242099 | source : secalert@redhat.com

Vulnerability : CWE-770


Source : mattermost.com

Vulnerability ID : CVE-2023-45316

First published on : 12-12-2023 09:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.

CVE ID : CVE-2023-45316
Source : responsibledisclosure@mattermost.com
CVSS Score : 7.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-352


Source : acronis.com

Vulnerability ID : CVE-2023-48677

First published on : 12-12-2023 09:15:08
Last modified on : 12-12-2023 13:43:48

Description :
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.

CVE ID : CVE-2023-48677
Source : security@acronis.com
CVSS Score : 7.3

References :
https://security-advisory.acronis.com/advisories/SEC-5620 | source : security@acronis.com

Vulnerability : CWE-427


(45) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : sap.com

Vulnerability ID : CVE-2023-42476

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

CVE ID : CVE-2023-42476
Source : cna@sap.com
CVSS Score : 6.8

References :
https://me.sap.com/notes/3382353 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49587

First published on : 12-12-2023 02:15:08
Last modified on : 12-12-2023 13:43:48

Description :
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

CVE ID : CVE-2023-49587
Source : cna@sap.com
CVSS Score : 6.4

References :
https://me.sap.com/notes/3395306 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-42479

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

CVE ID : CVE-2023-42479
Source : cna@sap.com
CVSS Score : 6.1

References :
https://me.sap.com/notes/3383321 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49577

First published on : 12-12-2023 02:15:07
Last modified on : 12-12-2023 13:43:48

Description :
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

CVE ID : CVE-2023-49577
Source : cna@sap.com
CVSS Score : 6.1

References :
https://me.sap.com/notes/3217087 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49584

First published on : 12-12-2023 02:15:08
Last modified on : 12-12-2023 13:43:48

Description :
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.

CVE ID : CVE-2023-49584
Source : cna@sap.com
CVSS Score : 4.3

References :
https://me.sap.com/notes/3406786 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-444


Vulnerability ID : CVE-2023-49581

First published on : 12-12-2023 02:15:07
Last modified on : 12-12-2023 13:43:48

Description :
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

CVE ID : CVE-2023-49581
Source : cna@sap.com
CVSS Score : 4.1

References :
https://me.sap.com/notes/3392547 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-200


Source : siemens.com

Vulnerability ID : CVE-2023-48431

First published on : 12-12-2023 12:15:15
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).

CVE ID : CVE-2023-48431
Source : productcert@siemens.com
CVSS Score : 6.8

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | source : productcert@siemens.com

Vulnerability : CWE-754


Vulnerability ID : CVE-2022-46141

First published on : 12-12-2023 12:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

CVE ID : CVE-2022-46141
Source : productcert@siemens.com
CVSS Score : 4.2

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf | source : productcert@siemens.com

Vulnerability : CWE-316


Source : microsoft.com

Vulnerability ID : CVE-2023-35629

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

CVE ID : CVE-2023-35629
Source : secure@microsoft.com
CVSS Score : 6.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35629 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36003

First published on : 12-12-2023 18:15:20
Last modified on : 12-12-2023 18:58:37

Description :
XAML Diagnostics Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36003
Source : secure@microsoft.com
CVSS Score : 6.7

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35636

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:44

Description :
Microsoft Outlook Information Disclosure Vulnerability

CVE ID : CVE-2023-35636
Source : secure@microsoft.com
CVSS Score : 6.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35642

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:37

Description :
Internet Connection Sharing (ICS) Denial of Service Vulnerability

CVE ID : CVE-2023-35642
Source : secure@microsoft.com
CVSS Score : 6.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35642 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35635

First published on : 12-12-2023 18:15:19
Last modified on : 12-12-2023 18:58:44

Description :
Windows Kernel Denial of Service Vulnerability

CVE ID : CVE-2023-35635
Source : secure@microsoft.com
CVSS Score : 5.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36009

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
Microsoft Word Information Disclosure Vulnerability

CVE ID : CVE-2023-36009
Source : secure@microsoft.com
CVSS Score : 5.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35619

First published on : 12-12-2023 18:15:16
Last modified on : 12-12-2023 18:58:44

Description :
Microsoft Outlook for Mac Spoofing Vulnerability

CVE ID : CVE-2023-35619
Source : secure@microsoft.com
CVSS Score : 5.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-36012

First published on : 12-12-2023 18:15:21
Last modified on : 12-12-2023 18:58:37

Description :
DHCP Server Service Information Disclosure Vulnerability

CVE ID : CVE-2023-36012
Source : secure@microsoft.com
CVSS Score : 5.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36012 | source : secure@microsoft.com


Vulnerability ID : CVE-2023-35625

First published on : 12-12-2023 18:15:17
Last modified on : 12-12-2023 18:58:44

Description :
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

CVE ID : CVE-2023-35625
Source : secure@microsoft.com
CVSS Score : 4.7

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625 | source : secure@microsoft.com


Source : elastic.co

Vulnerability ID : CVE-2023-49923

First published on : 12-12-2023 18:15:23
Last modified on : 12-12-2023 18:58:37

Description :
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.

CVE ID : CVE-2023-49923
Source : bressers@elastic.co
CVSS Score : 6.8

References :
https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-49922

First published on : 12-12-2023 19:15:08
Last modified on : 12-12-2023 20:20:16

Description :
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.

CVE ID : CVE-2023-49922
Source : bressers@elastic.co
CVSS Score : 6.8

References :
https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180 | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-6687

First published on : 12-12-2023 19:15:08
Last modified on : 12-12-2023 20:20:16

Description :
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.

CVE ID : CVE-2023-6687
Source : bressers@elastic.co
CVSS Score : 6.8

References :
https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180 | source : bressers@elastic.co

Vulnerability : CWE-532


Source : redhat.com

Vulnerability ID : CVE-2023-5764

First published on : 12-12-2023 22:15:22
Last modified on : 12-12-2023 22:15:22

Description :
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.

CVE ID : CVE-2023-5764
Source : secalert@redhat.com
CVSS Score : 6.6

References :
https://access.redhat.com/security/cve/CVE-2023-5764 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2247629 | source : secalert@redhat.com

Vulnerability : CWE-1336


Vulnerability ID : CVE-2023-4958

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

CVE ID : CVE-2023-4958
Source : secalert@redhat.com
CVSS Score : 6.1

References :
https://access.redhat.com/errata/RHSA-2023:5206 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-4958 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1990363 | source : secalert@redhat.com

Vulnerability : CWE-77


Source : mitre.org

Vulnerability ID : CVE-2023-41114

First published on : 12-12-2023 07:15:43
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.

CVE ID : CVE-2023-41114
Source : cve@mitre.org
CVSS Score : 6.5

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341114/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41115

First published on : 12-12-2023 07:15:43
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.

CVE ID : CVE-2023-41115
Source : cve@mitre.org
CVSS Score : 6.5

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341115/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41120

First published on : 12-12-2023 07:15:45
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.

CVE ID : CVE-2023-41120
Source : cve@mitre.org
CVSS Score : 6.5

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341120/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41113

First published on : 12-12-2023 07:15:42
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.

CVE ID : CVE-2023-41113
Source : cve@mitre.org
CVSS Score : 4.3

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341113/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41116

First published on : 12-12-2023 07:15:44
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.

CVE ID : CVE-2023-41116
Source : cve@mitre.org
CVSS Score : 4.3

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341116/ | source : cve@mitre.org


Source : mattermost.com

Vulnerability ID : CVE-2023-46701

First published on : 12-12-2023 09:15:08
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

CVE ID : CVE-2023-46701
Source : responsibledisclosure@mattermost.com
CVSS Score : 6.5

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-45847

First published on : 12-12-2023 09:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin

CVE ID : CVE-2023-45847
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-49607

First published on : 12-12-2023 09:15:08
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.

CVE ID : CVE-2023-49607
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-754


Vulnerability ID : CVE-2023-49809

First published on : 12-12-2023 09:15:09
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.

CVE ID : CVE-2023-49809
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-49874

First published on : 12-12-2023 09:15:09
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.

CVE ID : CVE-2023-49874
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Source : huawei.com

Vulnerability ID : CVE-2022-48616

First published on : 12-12-2023 08:15:07
Last modified on : 12-12-2023 13:43:48

Description :
A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges.

CVE ID : CVE-2022-48616
Source : psirt@huawei.com
CVSS Score : 6.4

References :
https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/ | source : psirt@huawei.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2022-48615

First published on : 12-12-2023 08:15:06
Last modified on : 12-12-2023 13:43:48

Description :
An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.

CVE ID : CVE-2022-48615
Source : psirt@huawei.com
CVSS Score : 4.8

References :
https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/ | source : psirt@huawei.com

Vulnerability : CWE-284


Source : cert.pl

Vulnerability ID : CVE-2023-4932

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.

CVE ID : CVE-2023-4932
Source : cvd@cert.pl
CVSS Score : 6.3

References :
https://cert.pl/en/posts/2023/12/CVE-2023-4932/ | source : cvd@cert.pl
https://cert.pl/posts/2023/12/CVE-2023-4932/ | source : cvd@cert.pl
https://support.sas.com/kb/70/265.html | source : cvd@cert.pl

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-41337

First published on : 12-12-2023 20:15:07
Last modified on : 12-12-2023 20:20:16

Description :
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent. The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening. Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server. An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities. A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones.

CVE ID : CVE-2023-41337
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/h2o/h2o/commit/35760540337a47e5150da0f4a66a609fad2ef0ab | source : security-advisories@github.com
https://github.com/h2o/h2o/security/advisories/GHSA-5v5r-rghf-rm6q | source : security-advisories@github.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2023-49273

First published on : 12-12-2023 19:15:08
Last modified on : 12-12-2023 20:20:16

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CVE ID : CVE-2023-49273
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8 | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-49278

First published on : 12-12-2023 20:15:08
Last modified on : 12-12-2023 20:20:16

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CVE ID : CVE-2023-49278
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-307


Vulnerability ID : CVE-2023-50251

First published on : 12-12-2023 21:15:08
Last modified on : 12-12-2023 21:15:08

Description :
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.

CVE ID : CVE-2023-50251
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0 | source : security-advisories@github.com
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2 | source : security-advisories@github.com

Vulnerability : CWE-674


Vulnerability ID : CVE-2023-48227

First published on : 12-12-2023 17:15:08
Last modified on : 12-12-2023 17:22:30

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.

CVE ID : CVE-2023-48227
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2 | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-48313

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.

CVE ID : CVE-2023-48313
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r | source : security-advisories@github.com

Vulnerability : CWE-79


Source : apple.com

Vulnerability ID : CVE-2023-42894

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 22:28:03

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user's contacts.

CVE ID : CVE-2023-42894
Source : product-security@apple.com
CVSS Score : 5.5

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com

Vulnerability : NVD-CWE-noinfo

Vulnerable product(s) : cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*


Source : cloudflare.com

Vulnerability ID : CVE-2023-6193

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem.

CVE ID : CVE-2023-6193
Source : cna@cloudflare.com
CVSS Score : 5.3

References :
https://datatracker.ietf.org/doc/html/rfc9000#section-8.2 | source : cna@cloudflare.com
https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm | source : cna@cloudflare.com

Vulnerability : CWE-400


Source : ubuntu.com

Vulnerability ID : CVE-2023-5536

First published on : 12-12-2023 02:15:09
Last modified on : 12-12-2023 13:43:48

Description :
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

CVE ID : CVE-2023-5536
Source : security@ubuntu.com
CVSS Score : 5.0

References :
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 | source : security@ubuntu.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 | source : security@ubuntu.com
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 | source : security@ubuntu.com
https://ubuntu.com/security/CVE-2023-5536 | source : security@ubuntu.com


Source : cisco.com

Vulnerability ID : CVE-2023-20275

First published on : 12-12-2023 18:15:16
Last modified on : 12-12-2023 18:58:44

Description :
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets.

CVE ID : CVE-2023-20275
Source : ykramarz@cisco.com
CVSS Score : 4.1

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-Y88QOm77 | source : ykramarz@cisco.com


(11) LOW VULNERABILITIES [0.1, 3.9]

Source : mattermost.com

Vulnerability ID : CVE-2023-6547

First published on : 12-12-2023 09:15:09
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.

CVE ID : CVE-2023-6547
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.7

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6727

First published on : 12-12-2023 11:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.

CVE ID : CVE-2023-6727
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.1

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Source : github.com

Vulnerability ID : CVE-2023-49274

First published on : 12-12-2023 20:15:07
Last modified on : 12-12-2023 20:20:16

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CVE ID : CVE-2023-49274
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49279

First published on : 12-12-2023 20:15:08
Last modified on : 12-12-2023 20:20:16

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.

CVE ID : CVE-2023-49279
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation | source : security-advisories@github.com
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50247

First published on : 12-12-2023 20:15:08
Last modified on : 12-12-2023 20:20:16

Description :
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.

CVE ID : CVE-2023-50247
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/h2o/h2o/commit/d67e81d03be12a9d53dc8271af6530f40164cd35 | source : security-advisories@github.com
https://github.com/h2o/h2o/security/advisories/GHSA-2ch5-p59c-7mv6 | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-38694

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.

CVE ID : CVE-2023-38694
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w | source : security-advisories@github.com

Vulnerability : CWE-79


Source : sap.com

Vulnerability ID : CVE-2023-49058

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

CVE ID : CVE-2023-49058
Source : cna@sap.com
CVSS Score : 3.5

References :
https://me.sap.com/notes/3363690 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-49578

First published on : 12-12-2023 02:15:07
Last modified on : 12-12-2023 13:43:48

Description :
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.

CVE ID : CVE-2023-49578
Source : cna@sap.com
CVSS Score : 3.5

References :
https://me.sap.com/notes/3362463 | source : cna@sap.com
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | source : cna@sap.com

Vulnerability : CWE-400


Source : redhat.com

Vulnerability ID : CVE-2023-6710

First published on : 12-12-2023 22:15:22
Last modified on : 12-12-2023 22:15:22

Description :
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.

CVE ID : CVE-2023-6710
Source : secalert@redhat.com
CVSS Score : 3.5

References :
https://access.redhat.com/security/cve/CVE-2023-6710 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254128 | source : secalert@redhat.com

Vulnerability : CWE-79


Source : siemens.com

Vulnerability ID : CVE-2023-48429

First published on : 12-12-2023 12:15:15
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.

CVE ID : CVE-2023-48429
Source : productcert@siemens.com
CVSS Score : 2.7

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | source : productcert@siemens.com

Vulnerability : CWE-394


Vulnerability ID : CVE-2023-48430

First published on : 12-12-2023 12:15:15
Last modified on : 12-12-2023 13:43:48

Description :
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

CVE ID : CVE-2023-48430
Source : productcert@siemens.com
CVSS Score : 2.7

References :
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | source : productcert@siemens.com

Vulnerability : CWE-392


(78) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-36646

First published on : 12-12-2023 00:15:28
Last modified on : 12-12-2023 13:43:48

Description :
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

CVE ID : CVE-2023-36646
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36647

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

CVE ID : CVE-2023-36647
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36648

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

CVE ID : CVE-2023-36648
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36649

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

CVE ID : CVE-2023-36649
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36650

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

CVE ID : CVE-2023-36650
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36651

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.

CVE ID : CVE-2023-36651
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36651 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36652

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.

CVE ID : CVE-2023-36652
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36652 | source : cve@mitre.org


Vulnerability ID : CVE-2023-36654

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.

CVE ID : CVE-2023-36654
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36654 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41118

First published on : 12-12-2023 07:15:45
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.

CVE ID : CVE-2023-41118
Source : cve@mitre.org
CVSS Score : /

References :
https://www.enterprisedb.com/docs/security/advisories/cve202341118/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48642

First published on : 12-12-2023 08:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.

CVE ID : CVE-2023-48642
Source : cve@mitre.org
CVSS Score : /

References :
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41623

First published on : 12-12-2023 09:15:07
Last modified on : 12-12-2023 13:43:48

Description :
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.

CVE ID : CVE-2023-41623
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41623 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49563

First published on : 12-12-2023 09:15:08
Last modified on : 12-12-2023 13:43:48

Description :
Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.

CVE ID : CVE-2023-49563
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ph4nt0mbyt3/b237bfb06b2bff405ab47e4ea52c0bd2 | source : cve@mitre.org


Vulnerability ID : CVE-2020-12615

First published on : 12-12-2023 13:15:06
Last modified on : 12-12-2023 13:43:48

Description :
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

CVE ID : CVE-2020-12615
Source : cve@mitre.org
CVSS Score : /

References :
https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 | source : cve@mitre.org
https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 | source : cve@mitre.org


Vulnerability ID : CVE-2020-12612

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.

CVE ID : CVE-2020-12612
Source : cve@mitre.org
CVSS Score : /

References :
https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 | source : cve@mitre.org
https://www.beyondtrust.com/trust-center/security-advisories/bt22-09 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49990

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE ID : CVE-2023-49990
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espeak-ng/espeak-ng/issues/1824 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49991

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

CVE ID : CVE-2023-49991
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espeak-ng/espeak-ng/issues/1825 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49992

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

CVE ID : CVE-2023-49992
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espeak-ng/espeak-ng/issues/1827 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49993

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE ID : CVE-2023-49993
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espeak-ng/espeak-ng/issues/1826 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49994

First published on : 12-12-2023 14:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

CVE ID : CVE-2023-49994
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espeak-ng/espeak-ng/issues/1823 | source : cve@mitre.org


Vulnerability ID : CVE-2020-12614

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

CVE ID : CVE-2020-12614
Source : cve@mitre.org
CVSS Score : /

References :
https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 | source : cve@mitre.org
https://www.beyondtrust.com/trust-center/security-advisories/bt22-10 | source : cve@mitre.org


Vulnerability ID : CVE-2020-28369

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

CVE ID : CVE-2020-28369
Source : cve@mitre.org
CVSS Score : /

References :
https://www.beyondtrust.com/privilege-management/windows-mac | source : cve@mitre.org
https://www.beyondtrust.com/trust-center/security-advisories/bt22-08 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46454

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

CVE ID : CVE-2023-46454
Source : cve@mitre.org
CVSS Score : /

References :
https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46455

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

CVE ID : CVE-2023-46455
Source : cve@mitre.org
CVSS Score : /

References :
https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/ | source : cve@mitre.org
https://www.gl-inet.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46456

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

CVE ID : CVE-2023-46456
Source : cve@mitre.org
CVSS Score : /

References :
https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/ | source : cve@mitre.org
https://www.gl-inet.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50495

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

CVE ID : CVE-2023-50495
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html | source : cve@mitre.org
https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html | source : cve@mitre.org


Vulnerability ID : CVE-2009-4123

First published on : 12-12-2023 16:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

CVE ID : CVE-2009-4123
Source : cve@mitre.org
CVSS Score : /

References :
http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl | source : cve@mitre.org
https://github.com/advisories/GHSA-xgv7-pqqh-h2w9 | source : cve@mitre.org
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml | source : cve@mitre.org
https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl | source : cve@mitre.org


Vulnerability ID : CVE-2013-2513

First published on : 12-12-2023 16:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.

CVE ID : CVE-2013-2513
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/advisories/GHSA-6325-6g32-7p35 | source : cve@mitre.org
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml | source : cve@mitre.org


Vulnerability ID : CVE-2015-2179

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.

CVE ID : CVE-2015-2179
Source : cve@mitre.org
CVSS Score : /

References :
http://www.vapid.dhs.org/advisory.php?v=115 | source : cve@mitre.org


Vulnerability ID : CVE-2015-8314

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

CVE ID : CVE-2015-8314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/advisories/GHSA-746g-3gfp-hfhw | source : cve@mitre.org
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24 | source : cve@mitre.org
https://rubysec.com/advisories/CVE-2015-8314/ | source : cve@mitre.org


Vulnerability ID : CVE-2018-16153

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

CVE ID : CVE-2018-16153
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.opencast.org/r/10.x/admin/#changelog | source : cve@mitre.org
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9 | source : cve@mitre.org
https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51 | source : cve@mitre.org
https://www.apereo.org/projects/opencast/news | source : cve@mitre.org


Vulnerability ID : CVE-2020-10676

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

CVE ID : CVE-2020-10676
Source : cve@mitre.org
CVSS Score : /

References :
https://forums.rancher.com/c/announcements | source : cve@mitre.org
https://github.com/advisories/GHSA-8vhc-hwhc-cpj4 | source : cve@mitre.org
https://github.com/rancher/rancher/releases/tag/v2.6.13 | source : cve@mitre.org
https://github.com/rancher/rancher/releases/tag/v2.7.4 | source : cve@mitre.org


Vulnerability ID : CVE-2022-44543

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.

CVE ID : CVE-2022-44543
Source : cve@mitre.org
CVSS Score : /

References :
https://typo3.org/help/security-advisories | source : cve@mitre.org
https://typo3.org/security/advisory/typo3-ext-sa-2022-015 | source : cve@mitre.org


Vulnerability ID : CVE-2023-26920

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.

CVE ID : CVE-2023-26920
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7 | source : cve@mitre.org
https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804 | source : cve@mitre.org
https://github.com/advisories/GHSA-793h-6f7r-6qvm | source : cve@mitre.org


Vulnerability ID : CVE-2023-28465

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057.

CVE ID : CVE-2023-28465
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/advisories/GHSA-9654-pr4f-gh6m | source : cve@mitre.org
https://www.smilecdr.com/our-blog | source : cve@mitre.org
https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health | source : cve@mitre.org


Vulnerability ID : CVE-2023-28604

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.

CVE ID : CVE-2023-28604
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sitegeist/fluid-components/blob/master/Documentation/XssIssue.md | source : cve@mitre.org
https://typo3.org/security/advisory/typo3-ext-sa-2023-003 | source : cve@mitre.org


Vulnerability ID : CVE-2023-31048

First published on : 12-12-2023 17:15:07
Last modified on : 12-12-2023 17:22:30

Description :
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.

CVE ID : CVE-2023-31048
Source : cve@mitre.org
CVSS Score : /

References :
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf | source : cve@mitre.org
https://github.com/OPCFoundation/UA-.NETStandard/releases | source : cve@mitre.org
https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43364

First published on : 12-12-2023 18:15:22
Last modified on : 12-12-2023 18:58:37

Description :
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.

CVE ID : CVE-2023-43364
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b | source : cve@mitre.org
https://github.com/ArjunSharda/Searchor/pull/130 | source : cve@mitre.org
https://github.com/advisories/GHSA-66m2-493m-crh2 | source : cve@mitre.org
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit- | source : cve@mitre.org
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection | source : cve@mitre.org


Source : apple.com

Vulnerability ID : CVE-2023-40446

First published on : 12-12-2023 01:15:10
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.

CVE ID : CVE-2023-40446
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213981 | source : product-security@apple.com
https://support.apple.com/en-us/HT213982 | source : product-security@apple.com
https://support.apple.com/en-us/HT213983 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42874

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.

CVE ID : CVE-2023-42874
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42882

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution.

CVE ID : CVE-2023-42882
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42883

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

CVE ID : CVE-2023-42883
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214039 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42884

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.

CVE ID : CVE-2023-42884
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42886

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42886
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42890

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-42890
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214039 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42891

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission.

CVE ID : CVE-2023-42891
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42897

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE ID : CVE-2023-42897
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42898

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.

CVE ID : CVE-2023-42898
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42899

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.

CVE ID : CVE-2023-42899
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42900

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-42900
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42901

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42901
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42902

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42902
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42903

First published on : 12-12-2023 01:15:11
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42903
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42904

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42904
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42905

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42905
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42906

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42906
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42907

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42907
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42908

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42908
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42909

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42909
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42910

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42910
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42911

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42911
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42912

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42912
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42914

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.

CVE ID : CVE-2023-42914
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com
https://support.apple.com/en-us/HT214040 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42919

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42919
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42922

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information.

CVE ID : CVE-2023-42922
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214034 | source : product-security@apple.com
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42923

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.

CVE ID : CVE-2023-42923
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42924

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42924
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42926

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-42926
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42927

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42927
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214041 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42932

First published on : 12-12-2023 01:15:12
Last modified on : 12-12-2023 13:43:48

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

CVE ID : CVE-2023-42932
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214036 | source : product-security@apple.com
https://support.apple.com/en-us/HT214037 | source : product-security@apple.com
https://support.apple.com/en-us/HT214038 | source : product-security@apple.com


Source : hackerone.com

Vulnerability ID : CVE-2023-46219

First published on : 12-12-2023 02:15:06
Last modified on : 12-12-2023 13:43:48

Description :
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

CVE ID : CVE-2023-46219
Source : support@hackerone.com
CVSS Score : /

References :
https://curl.se/docs/CVE-2023-46219.html | source : support@hackerone.com
https://hackerone.com/reports/2236133 | source : support@hackerone.com


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-49695

First published on : 12-12-2023 09:15:08
Last modified on : 12-12-2023 13:43:48

Description :
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.

CVE ID : CVE-2023-49695
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU97499577/ | source : vultures@jpcert.or.jp
https://www.elecom.co.jp/news/security/20231212-01/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-41963

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE ID : CVE-2023-41963
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN34145838/ | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202312116562/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49140

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE ID : CVE-2023-49140
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN34145838/ | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202312116562/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49143

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE ID : CVE-2023-49143
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN34145838/ | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202312116562/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-49713

First published on : 12-12-2023 10:15:10
Last modified on : 12-12-2023 13:43:48

Description :
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE ID : CVE-2023-49713
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN34145838/ | source : vultures@jpcert.or.jp
https://www.electronics.jtekt.co.jp/en/topics/202312116562/ | source : vultures@jpcert.or.jp


Source : devolutions.net

Vulnerability ID : CVE-2023-6593

First published on : 12-12-2023 15:15:07
Last modified on : 12-12-2023 15:52:06

Description :
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.

CVE ID : CVE-2023-6593
Source : security@devolutions.net
CVSS Score : /

References :
https://devolutions.net/security/advisories/DEVO-2023-0023/ | source : security@devolutions.net


Source : mozilla.org

Vulnerability ID : CVE-2023-4421

First published on : 12-12-2023 17:15:08
Last modified on : 12-12-2023 17:22:30

Description :
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.

CVE ID : CVE-2023-4421
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1651411 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2023-53/ | source : security@mozilla.org


Source : vmware.com

Vulnerability ID : CVE-2023-34064

First published on : 12-12-2023 20:15:06
Last modified on : 12-12-2023 20:20:16

Description :
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

CVE ID : CVE-2023-34064
Source : security@vmware.com
CVSS Score : /

References :
https://www.vmware.com/security/advisories/VMSA-2023-0027.html | source : security@vmware.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.