Latest vulnerabilities [Tuesday, December 5, 2023]

Latest vulnerabilities [Tuesday, December 5, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 12/05/2023 at 11:57:02 PM

(8) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : 551230f0-3615-47bd-b7cc-93e92e730bbf

Vulnerability ID : CVE-2023-6269

First published on : 05-12-2023 08:15:08
Last modified on : 05-12-2023 13:51:04

Description :
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

CVE ID : CVE-2023-6269
Source : 551230f0-3615-47bd-b7cc-93e92e730bbf
CVSS Score : 10.0

References :
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf | source : 551230f0-3615-47bd-b7cc-93e92e730bbf
https://r.sec-consult.com/unifyroot | source : 551230f0-3615-47bd-b7cc-93e92e730bbf

Vulnerability : CWE-88


Source : github.com

Vulnerability ID : CVE-2023-48316

First published on : 05-12-2023 01:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48316
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq | source : security-advisories@github.com

Vulnerability : CWE-787
Vulnerability : CWE-825


Vulnerability ID : CVE-2023-49291

First published on : 05-12-2023 00:15:09
Last modified on : 05-12-2023 13:51:04

Description :
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49291
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337 | source : security-advisories@github.com
https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815 | source : security-advisories@github.com
https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060 | source : security-advisories@github.com
https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf | source : security-advisories@github.com
https://securitylab.github.com/research/github-actions-untrusted-input | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-48692

First published on : 05-12-2023 01:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48692
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-m2rx-243p-9w64 | source : security-advisories@github.com

Vulnerability : CWE-787
Vulnerability : CWE-825


Source : qualcomm.com

Vulnerability ID : CVE-2023-33082

First published on : 05-12-2023 03:15:13
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

CVE ID : CVE-2023-33082
Source : product-security@qualcomm.com
CVSS Score : 9.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33083

First published on : 05-12-2023 03:15:13
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in WLAN Host while processing RRM beacon on the AP.

CVE ID : CVE-2023-33083
Source : product-security@qualcomm.com
CVSS Score : 9.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33054

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CVE ID : CVE-2023-33054
Source : product-security@qualcomm.com
CVSS Score : 9.1

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Source : 9119a7d8-5eab-497f-8521-727c672e3725

Vulnerability ID : CVE-2023-6448

First published on : 05-12-2023 18:15:12
Last modified on : 05-12-2023 20:13:47

Description :
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system.

CVE ID : CVE-2023-6448
Source : 9119a7d8-5eab-497f-8521-727c672e3725
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems | source : 9119a7d8-5eab-497f-8521-727c672e3725

Vulnerability : CWE-1188


(53) HIGH VULNERABILITIES [7.0, 8.9]

Source : hitachivantara.com

Vulnerability ID : CVE-2023-5808

First published on : 05-12-2023 00:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).

CVE ID : CVE-2023-5808
Source : security.vulnerabilities@hitachivantara.com
CVSS Score : 8.8

References :
https://support.hitachivantara.com/ | source : security.vulnerabilities@hitachivantara.com

Vulnerability : CWE-285


Source : github.com

Vulnerability ID : CVE-2023-48315

First published on : 05-12-2023 01:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48315
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-rj6h-jjg2-7gf3 | source : security-advisories@github.com

Vulnerability : CWE-787
Vulnerability : CWE-825


Vulnerability ID : CVE-2023-48693

First published on : 05-12-2023 01:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48693
Source : security-advisories@github.com
CVSS Score : 8.7

References :
https://github.com/azure-rtos/threadx/security/advisories/GHSA-p7w6-62rq-vrf9 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-48691

First published on : 05-12-2023 01:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48691
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48695

First published on : 05-12-2023 01:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48695
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc | source : security-advisories@github.com

Vulnerability : CWE-787


Source : cert.vde.com

Vulnerability ID : CVE-2023-6357

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

CVE ID : CVE-2023-6357
Source : info@cert.vde.com
CVSS Score : 8.8

References :
https://https://cert.vde.com/en/advisories/VDE-2023-066 | source : info@cert.vde.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-5188

First published on : 05-12-2023 08:15:07
Last modified on : 05-12-2023 13:51:04

Description :
The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

CVE ID : CVE-2023-5188
Source : info@cert.vde.com
CVSS Score : 7.5

References :
https://cert.vde.com/en/advisories/VDE-2023-044/ | source : info@cert.vde.com

Vulnerability : CWE-20


Source : qualcomm.com

Vulnerability ID : CVE-2023-33022

First published on : 05-12-2023 03:15:10
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in HLOS while invoking IOCTL calls from user-space.

CVE ID : CVE-2023-33022
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33053

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Kernel while parsing metadata.

CVE ID : CVE-2023-33053
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33071

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.

CVE ID : CVE-2023-33071
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33088

First published on : 05-12-2023 03:15:13
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption when processing cmd parameters while parsing vdev.

CVE ID : CVE-2023-33088
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33092

First published on : 05-12-2023 03:15:14
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.

CVE ID : CVE-2023-33092
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33106

First published on : 05-12-2023 03:15:14
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

CVE ID : CVE-2023-33106
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33107

First published on : 05-12-2023 03:15:14
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

CVE ID : CVE-2023-33107
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28585

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while loading an ELF segment in TEE Kernel.

CVE ID : CVE-2023-28585
Source : product-security@qualcomm.com
CVSS Score : 8.2

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28546

First published on : 05-12-2023 03:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE ID : CVE-2023-28546
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28550

First published on : 05-12-2023 03:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE ID : CVE-2023-28550
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28551

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE ID : CVE-2023-28551
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28587

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

CVE ID : CVE-2023-28587
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33017

First published on : 05-12-2023 03:15:10
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE ID : CVE-2023-33017
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33018

First published on : 05-12-2023 03:15:10
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while using the UIM diag command to get the operators name.

CVE ID : CVE-2023-33018
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33063

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in DSP Services during a remote call from HLOS to DSP.

CVE ID : CVE-2023-33063
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33079

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Audio while running invalid audio recording from ADSP.

CVE ID : CVE-2023-33079
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33087

First published on : 05-12-2023 03:15:13
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in Core while processing RX intent request.

CVE ID : CVE-2023-33087
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28588

First published on : 05-12-2023 03:15:10
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in Bluetooth Host while rfc slot allocation.

CVE ID : CVE-2023-28588
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33041

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE ID : CVE-2023-33041
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33042

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in Modem after RRC Setup message is received.

CVE ID : CVE-2023-33042
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33043

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

CVE ID : CVE-2023-33043
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33044

First published on : 05-12-2023 03:15:11
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in Data modem while handling TLB control messages from the Network.

CVE ID : CVE-2023-33044
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33080

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE ID : CVE-2023-33080
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33081

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

CVE ID : CVE-2023-33081
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33089

First published on : 05-12-2023 03:15:13
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVE ID : CVE-2023-33089
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33097

First published on : 05-12-2023 03:15:14
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in WLAN Firmware while processing a FTMR frame.

CVE ID : CVE-2023-33097
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33098

First published on : 05-12-2023 03:15:14
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVE ID : CVE-2023-33098
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33070

First published on : 05-12-2023 03:15:12
Last modified on : 05-12-2023 13:51:04

Description :
Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

CVE ID : CVE-2023-33070
Source : product-security@qualcomm.com
CVSS Score : 7.1

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Source : cisco.com

Vulnerability ID : CVE-2023-43608

First published on : 05-12-2023 12:15:42
Last modified on : 05-12-2023 18:15:11

Description :
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.

CVE ID : CVE-2023-43608
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Vulnerability ID : CVE-2023-45838

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:12

Description :
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package.

CVE ID : CVE-2023-45838
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Vulnerability ID : CVE-2023-45839

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:12

Description :
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package.

CVE ID : CVE-2023-45839
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Vulnerability ID : CVE-2023-45840

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:12

Description :
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.

CVE ID : CVE-2023-45840
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Vulnerability ID : CVE-2023-45841

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:12

Description :
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.

CVE ID : CVE-2023-45841
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Vulnerability ID : CVE-2023-45842

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:12

Description :
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package.

CVE ID : CVE-2023-45842
Source : talos-cna@cisco.com
CVSS Score : 8.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | source : talos-cna@cisco.com

Vulnerability : CWE-494


Source : samsung.com

Vulnerability ID : CVE-2023-42571

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

CVE ID : CVE-2023-42571
Source : mobile.security@samsung.com
CVSS Score : 7.6

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42580

First published on : 05-12-2023 03:15:19
Last modified on : 05-12-2023 13:51:04

Description :
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

CVE ID : CVE-2023-42580
Source : mobile.security@samsung.com
CVSS Score : 7.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42581

First published on : 05-12-2023 03:15:19
Last modified on : 05-12-2023 13:51:04

Description :
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

CVE ID : CVE-2023-42581
Source : mobile.security@samsung.com
CVSS Score : 7.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42560

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

CVE ID : CVE-2023-42560
Source : mobile.security@samsung.com
CVSS Score : 7.4

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42565

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

CVE ID : CVE-2023-42565
Source : mobile.security@samsung.com
CVSS Score : 7.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42566

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

CVE ID : CVE-2023-42566
Source : mobile.security@samsung.com
CVSS Score : 7.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42567

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

CVE ID : CVE-2023-42567
Source : mobile.security@samsung.com
CVSS Score : 7.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42561

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

CVE ID : CVE-2023-42561
Source : mobile.security@samsung.com
CVSS Score : 7.1

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Source : emc.com

Vulnerability ID : CVE-2023-39248

First published on : 05-12-2023 06:15:48
Last modified on : 05-12-2023 13:51:04

Description :
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

CVE ID : CVE-2023-39248
Source : security_alert@emc.com
CVSS Score : 7.5

References :
https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-os10-security-updates-for-uncontrolled-resource-consumption | source : security_alert@emc.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-44288

First published on : 05-12-2023 06:15:48
Last modified on : 05-12-2023 13:51:04

Description :
Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.

CVE ID : CVE-2023-44288
Source : security_alert@emc.com
CVSS Score : 7.5

References :
https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-664


Vulnerability ID : CVE-2023-44297

First published on : 05-12-2023 16:15:07
Last modified on : 05-12-2023 20:13:47

Description :
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

CVE ID : CVE-2023-44297
Source : security_alert@emc.com
CVSS Score : 7.1

References :
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-1234


Source : 0a72a055-908d-47f5-a16a-1f09049c16c6

Vulnerability ID : CVE-2023-45084

First published on : 05-12-2023 17:15:08
Last modified on : 05-12-2023 20:13:47

Description :
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

CVE ID : CVE-2023-45084
Source : 0a72a055-908d-47f5-a16a-1f09049c16c6
CVSS Score : 7.0

References :
https://advisories.softiron.cloud | source : 0a72a055-908d-47f5-a16a-1f09049c16c6

Vulnerability : CWE-820


(37) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-48694

First published on : 05-12-2023 01:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48694
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/azure-rtos/usbx/security/advisories/GHSA-qjw8-7w86-44qj | source : security-advisories@github.com

Vulnerability : CWE-825
Vulnerability : CWE-843


Vulnerability ID : CVE-2023-48698

First published on : 05-12-2023 01:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48698
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/azure-rtos/usbx/security/advisories/GHSA-grhp-f66q-x857 | source : security-advisories@github.com

Vulnerability : CWE-754
Vulnerability : CWE-825


Vulnerability ID : CVE-2023-48696

First published on : 05-12-2023 01:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48696
Source : security-advisories@github.com
CVSS Score : 6.7

References :
https://github.com/azure-rtos/usbx/security/advisories/GHSA-h733-98hq-f884 | source : security-advisories@github.com

Vulnerability : CWE-754
Vulnerability : CWE-825


Vulnerability ID : CVE-2023-48697

First published on : 05-12-2023 01:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48697
Source : security-advisories@github.com
CVSS Score : 6.4

References :
https://github.com/azure-rtos/usbx/security/advisories/GHSA-p2p9-wp2q-wjv4 | source : security-advisories@github.com

Vulnerability : CWE-476
Vulnerability : CWE-787
Vulnerability : CWE-825


Vulnerability ID : CVE-2023-49289

First published on : 05-12-2023 00:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49289
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/michaelschwarz/Ajax.NET-Professional/commit/c89e39b9679fcb8ab6644fe21cc7e652cb615e2b | source : security-advisories@github.com
https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-8v6j-gc74-fmpp | source : security-advisories@github.com
https://www.nuget.org/packages/AjaxNetProfessional/ | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49290

First published on : 05-12-2023 00:15:09
Last modified on : 05-12-2023 13:51:04

Description :
lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49290
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/lestrrat-go/jwx/commit/64f2a229b8e18605f47361d292b526bdc4aee01c | source : security-advisories@github.com
https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-46736

First published on : 05-12-2023 21:15:07
Last modified on : 05-12-2023 21:15:07

Description :
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-46736
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/espocrm/espocrm/commit/c536cee6375e2088f961af13db7aaa652c983072 | source : security-advisories@github.com
https://github.com/espocrm/espocrm/security/advisories/GHSA-g955-rwxx-jvf6 | source : security-advisories@github.com
https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-49292

First published on : 05-12-2023 00:15:09
Last modified on : 05-12-2023 13:51:04

Description :
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.

CVE ID : CVE-2023-49292
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md | source : security-advisories@github.com
https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd | source : security-advisories@github.com
https://github.com/ecies/go/releases/tag/v2.0.8 | source : security-advisories@github.com
https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h | source : security-advisories@github.com

Vulnerability : CWE-200


Source : samsung.com

Vulnerability ID : CVE-2023-42577

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen.

CVE ID : CVE-2023-42577
Source : mobile.security@samsung.com
CVSS Score : 6.8

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42562

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

CVE ID : CVE-2023-42562
Source : mobile.security@samsung.com
CVSS Score : 6.7

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42563

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

CVE ID : CVE-2023-42563
Source : mobile.security@samsung.com
CVSS Score : 6.7

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42564

First published on : 05-12-2023 03:15:16
Last modified on : 05-12-2023 13:51:04

Description :
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

CVE ID : CVE-2023-42564
Source : mobile.security@samsung.com
CVSS Score : 6.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42578

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.

CVE ID : CVE-2023-42578
Source : mobile.security@samsung.com
CVSS Score : 6.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42579

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

CVE ID : CVE-2023-42579
Source : mobile.security@samsung.com
CVSS Score : 6.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42558

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

CVE ID : CVE-2023-42558
Source : mobile.security@samsung.com
CVSS Score : 6.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42568

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with SystemUI privilege.

CVE ID : CVE-2023-42568
Source : mobile.security@samsung.com
CVSS Score : 5.9

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42570

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

CVE ID : CVE-2023-42570
Source : mobile.security@samsung.com
CVSS Score : 5.9

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42557

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

CVE ID : CVE-2023-42557
Source : mobile.security@samsung.com
CVSS Score : 5.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42575

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.

CVE ID : CVE-2023-42575
Source : mobile.security@samsung.com
CVSS Score : 5.4

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42576

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.

CVE ID : CVE-2023-42576
Source : mobile.security@samsung.com
CVSS Score : 5.4

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42574

First published on : 05-12-2023 03:15:18
Last modified on : 05-12-2023 13:51:04

Description :
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.

CVE ID : CVE-2023-42574
Source : mobile.security@samsung.com
CVSS Score : 5.1

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42559

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

CVE ID : CVE-2023-42559
Source : mobile.security@samsung.com
CVSS Score : 4.9

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42573

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.

CVE ID : CVE-2023-42573
Source : mobile.security@samsung.com
CVSS Score : 4.7

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42569

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.

CVE ID : CVE-2023-42569
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Source : qualcomm.com

Vulnerability ID : CVE-2023-21634

First published on : 05-12-2023 03:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

CVE ID : CVE-2023-21634
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-22383

First published on : 05-12-2023 03:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Memory Corruption in camera while installing a fd for a particular DMA buffer.

CVE ID : CVE-2023-22383
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-22668

First published on : 05-12-2023 03:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

CVE ID : CVE-2023-22668
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28579

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.

CVE ID : CVE-2023-28579
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28580

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.

CVE ID : CVE-2023-28580
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33024

First published on : 05-12-2023 03:15:10
Last modified on : 05-12-2023 13:51:04

Description :
Memory corruption while sending SMS from AP firmware.

CVE ID : CVE-2023-33024
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-28586

First published on : 05-12-2023 03:15:09
Last modified on : 05-12-2023 13:51:04

Description :
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE ID : CVE-2023-28586
Source : product-security@qualcomm.com
CVSS Score : 6.0

References :
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin | source : product-security@qualcomm.com


Source : emc.com

Vulnerability ID : CVE-2023-44295

First published on : 05-12-2023 06:15:49
Last modified on : 05-12-2023 13:51:04

Description :
Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

CVE ID : CVE-2023-44295
Source : security_alert@emc.com
CVSS Score : 6.3

References :
https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-664


Source : elastic.co

Vulnerability ID : CVE-2023-46674

First published on : 05-12-2023 18:15:12
Last modified on : 05-12-2023 20:13:47

Description :
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.

CVE ID : CVE-2023-46674
Source : bressers@elastic.co
CVSS Score : 6.0

References :
https://discuss.elastic.co/t/elasticsearch-hadoop-7-17-11-8-9-0-security-update-esa-2023-28/348663 | source : bressers@elastic.co

Vulnerability : CWE-502


Source : cisco.com

Vulnerability ID : CVE-2023-43628

First published on : 05-12-2023 12:15:43
Last modified on : 05-12-2023 18:15:11

Description :
An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.

CVE ID : CVE-2023-43628
Source : talos-cna@cisco.com
CVSS Score : 5.9

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860 | source : talos-cna@cisco.com

Vulnerability : CWE-191


Source : cloudflare.com

Vulnerability ID : CVE-2023-6180

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.

CVE ID : CVE-2023-6180
Source : cna@cloudflare.com
CVSS Score : 5.3

References :
https://github.com/cloudflare/boring/security/advisories/GHSA-pjrj-h4fg-6gm4 | source : cna@cloudflare.com

Vulnerability : CWE-400
Vulnerability : CWE-404


Source : ncsc.nl

Vulnerability ID : CVE-2022-24403

First published on : 05-12-2023 14:15:07
Last modified on : 05-12-2023 15:27:54

Description :
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs.

CVE ID : CVE-2022-24403
Source : cert@ncsc.nl
CVSS Score : 4.3

References :
https://tetraburst.com/ | source : cert@ncsc.nl

Vulnerability : CWE-327


Source : 0a72a055-908d-47f5-a16a-1f09049c16c6

Vulnerability ID : CVE-2023-45083

First published on : 05-12-2023 17:15:07
Last modified on : 05-12-2023 20:13:47

Description :
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

CVE ID : CVE-2023-45083
Source : 0a72a055-908d-47f5-a16a-1f09049c16c6
CVSS Score : 4.2

References :
https://advisories.softiron.cloud | source : 0a72a055-908d-47f5-a16a-1f09049c16c6

Vulnerability : CWE-269


(6) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-49284

First published on : 05-12-2023 00:15:08
Last modified on : 05-12-2023 13:51:04

Description :
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49284
Source : security-advisories@github.com
CVSS Score : 3.9

References :
https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 | source : security-advisories@github.com
https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f | source : security-advisories@github.com

Vulnerability : CWE-436


Vulnerability ID : CVE-2023-49297

First published on : 05-12-2023 21:15:07
Last modified on : 05-12-2023 21:15:07

Description :
PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-49297
Source : security-advisories@github.com
CVSS Score : 3.3

References :
https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 | source : security-advisories@github.com
https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5 | source : security-advisories@github.com

Vulnerability : CWE-502


Source : emc.com

Vulnerability ID : CVE-2023-44298

First published on : 05-12-2023 16:15:07
Last modified on : 05-12-2023 20:13:47

Description :
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

CVE ID : CVE-2023-44298
Source : security_alert@emc.com
CVSS Score : 3.6

References :
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-1234


Source : samsung.com

Vulnerability ID : CVE-2023-42556

First published on : 05-12-2023 03:15:15
Last modified on : 05-12-2023 13:51:04

Description :
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

CVE ID : CVE-2023-42556
Source : mobile.security@samsung.com
CVSS Score : 3.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2023-42572

First published on : 05-12-2023 03:15:17
Last modified on : 05-12-2023 13:51:04

Description :
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.

CVE ID : CVE-2023-42572
Source : mobile.security@samsung.com
CVSS Score : 3.3

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 | source : mobile.security@samsung.com


Source : 0a72a055-908d-47f5-a16a-1f09049c16c6

Vulnerability ID : CVE-2023-45085

First published on : 05-12-2023 17:15:08
Last modified on : 05-12-2023 20:13:47

Description :
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE ID : CVE-2023-45085
Source : 0a72a055-908d-47f5-a16a-1f09049c16c6
CVSS Score : 3.2

References :
https://advisories.softiron.cloud | source : 0a72a055-908d-47f5-a16a-1f09049c16c6


(32) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2022-46480

First published on : 05-12-2023 00:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

CVE ID : CVE-2022-46480
Source : cve@mitre.org
CVSS Score : /

References :
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent | source : cve@mitre.org


Vulnerability ID : CVE-2023-26941

First published on : 05-12-2023 00:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.

CVE ID : CVE-2023-26941
Source : cve@mitre.org
CVSS Score : /

References :
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent | source : cve@mitre.org


Vulnerability ID : CVE-2023-26942

First published on : 05-12-2023 00:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.

CVE ID : CVE-2023-26942
Source : cve@mitre.org
CVSS Score : /

References :
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent | source : cve@mitre.org


Vulnerability ID : CVE-2023-26943

First published on : 05-12-2023 00:15:08
Last modified on : 05-12-2023 13:51:04

Description :
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.

CVE ID : CVE-2023-26943
Source : cve@mitre.org
CVSS Score : /

References :
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent | source : cve@mitre.org


Vulnerability ID : CVE-2023-47304

First published on : 05-12-2023 04:15:07
Last modified on : 05-12-2023 13:51:04

Description :
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.

CVE ID : CVE-2023-47304
Source : cve@mitre.org
CVSS Score : /

References :
https://trojanhorsey.substack.com/p/cve-2023-47304-unsecured-uart-in | source : cve@mitre.org


Vulnerability ID : CVE-2022-47531

First published on : 05-12-2023 06:15:48
Last modified on : 05-12-2023 13:51:04

Description :
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.

CVE ID : CVE-2022-47531
Source : cve@mitre.org
CVSS Score : /

References :
https://www.gruppotim.it/it/footer/red-team.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-37572

First published on : 05-12-2023 06:15:48
Last modified on : 05-12-2023 13:51:04

Description :
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service.

CVE ID : CVE-2023-37572
Source : cve@mitre.org
CVSS Score : /

References :
https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43472

First published on : 05-12-2023 07:15:07
Last modified on : 05-12-2023 13:51:04

Description :
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

CVE ID : CVE-2023-43472
Source : cve@mitre.org
CVSS Score : /

References :
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security | source : cve@mitre.org


Vulnerability ID : CVE-2023-49372

First published on : 05-12-2023 15:15:07
Last modified on : 05-12-2023 15:27:54

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.

CVE ID : CVE-2023-49372
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20present%20at%20the%20new%20location%20of%20the%20rotation%20image.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49373

First published on : 05-12-2023 15:15:07
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.

CVE ID : CVE-2023-49373
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49374

First published on : 05-12-2023 15:15:07
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.

CVE ID : CVE-2023-49374
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/li-yu320/cms/blob/main/There%20is%20CSRF%20in%20the%20rotation%20image%20editing%20section.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49375

First published on : 05-12-2023 15:15:07
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

CVE ID : CVE-2023-49375
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/There%20is%20CSRF%20in%20the%20modification%20of%20the%20friendship%20link.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49376

First published on : 05-12-2023 15:15:07
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.

CVE ID : CVE-2023-49376
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/Delete%20existing%20CSRF%20in%20label%20management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49377

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

CVE ID : CVE-2023-49377
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/Modification%20of%20CSRF%20in%20Label%20Management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49378

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

CVE ID : CVE-2023-49378
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20creation%20location%20of%20the%20custom%20table.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49379

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.

CVE ID : CVE-2023-49379
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20new%20location%20of%20the%20friendship%20link.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49380

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

CVE ID : CVE-2023-49380
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20friendship%20link.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49381

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

CVE ID : CVE-2023-49381
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20modification%20point%20of%20the%20custom%20table.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49382

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

CVE ID : CVE-2023-49382
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20the%20custom%20table.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49383

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

CVE ID : CVE-2023-49383
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/cms/blob/main/Added%20CSRF%20in%20Label%20Management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49395

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

CVE ID : CVE-2023-49395
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20in%20the%20column%20management%20modification%20section.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49396

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

CVE ID : CVE-2023-49396
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20newly%20added%20section%20of%20column%20management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49397

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

CVE ID : CVE-2023-49397
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20change%20of%20column%20management%20status.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49398

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.

CVE ID : CVE-2023-49398
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20column%20management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49446

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.

CVE ID : CVE-2023-49446
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ysuzhangbin/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20newly%20added%20navigation%20management%20area.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49447

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.

CVE ID : CVE-2023-49447
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20navigation%20management%20modification%20location.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49448

First published on : 05-12-2023 15:15:08
Last modified on : 05-12-2023 15:27:51

Description :
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.

CVE ID : CVE-2023-49448
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20navigation%20management.md | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-49070

First published on : 05-12-2023 08:15:07
Last modified on : 05-12-2023 13:51:04

Description :
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

CVE ID : CVE-2023-49070
Source : security@apache.org
CVSS Score : /

References :
https://issues.apache.org/jira/browse/OFBIZ-12812 | source : security@apache.org
https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3 | source : security@apache.org
https://ofbiz.apache.org/download.html | source : security@apache.org
https://ofbiz.apache.org/release-notes-18.12.10.html | source : security@apache.org
https://ofbiz.apache.org/security.html | source : security@apache.org

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-41835

First published on : 05-12-2023 09:15:07
Last modified on : 05-12-2023 13:51:04

Description :
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

CVE ID : CVE-2023-41835
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft | source : security@apache.org

Vulnerability : CWE-913


Source : golang.org

Vulnerability ID : CVE-2023-45287

First published on : 05-12-2023 17:15:08
Last modified on : 05-12-2023 20:13:47

Description :
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.

CVE ID : CVE-2023-45287
Source : security@golang.org
CVSS Score : /

References :
https://go.dev/cl/326012/26 | source : security@golang.org
https://go.dev/issue/20654 | source : security@golang.org
https://groups.google.com/g/golang-announce/c/QMK8IQALDvA | source : security@golang.org
https://people.redhat.com/~hkario/marvin/ | source : security@golang.org
https://pkg.go.dev/vuln/GO-2023-2375 | source : security@golang.org


Source : sonicwall.com

Vulnerability ID : CVE-2023-44221

First published on : 05-12-2023 21:15:07
Last modified on : 05-12-2023 21:15:07

Description :
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

CVE ID : CVE-2023-44221
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | source : PSIRT@sonicwall.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-5970

First published on : 05-12-2023 21:15:07
Last modified on : 05-12-2023 21:15:07

Description :
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

CVE ID : CVE-2023-5970
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 | source : PSIRT@sonicwall.com

Vulnerability : CWE-287


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.