Latest vulnerabilities [Tuesday, January 02, 2024]

Latest vulnerabilities [Tuesday, January 02, 2024]
{{titre}}

Last update performed on 01/02/2024 at 11:57:05 PM

(8) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : google.com

Vulnerability ID : CVE-2023-48419

First published on : 02-01-2024 19:15:11
Last modified on : 02-01-2024 19:36:26

Description :
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege

CVE ID : CVE-2023-48419
Source : dsap-vuln-management@google.com
CVSS Score : 10.0

References :
https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA#zippy=%2Cspeakers | source : dsap-vuln-management@google.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-6339

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
Google Nest WiFi Pro root code-execution & user-data compromise

CVE ID : CVE-2023-6339
Source : dsap-vuln-management@google.com
CVSS Score : 10.0

References :
https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA | source : dsap-vuln-management@google.com

Vulnerability : CWE-311


Source : qualcomm.com

Vulnerability ID : CVE-2023-33025

First published on : 02-01-2024 06:15:08
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

CVE ID : CVE-2023-33025
Source : product-security@qualcomm.com
CVSS Score : 9.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33030

First published on : 02-01-2024 06:15:09
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in HLOS while running playready use-case.

CVE ID : CVE-2023-33030
Source : product-security@qualcomm.com
CVSS Score : 9.3

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33032

First published on : 02-01-2024 06:15:09
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE ID : CVE-2023-33032
Source : product-security@qualcomm.com
CVSS Score : 9.3

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6436

First published on : 02-01-2024 13:15:08
Last modified on : 02-01-2024 13:47:18

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: through 20231215.

CVE ID : CVE-2023-6436
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0001 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2024-21623

First published on : 02-01-2024 21:15:10
Last modified on : 02-01-2024 21:15:10

Description :
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.

CVE ID : CVE-2024-21623
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104 | source : security-advisories@github.com
https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254 | source : security-advisories@github.com
https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589 | source : security-advisories@github.com
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | source : security-advisories@github.com
https://securitylab.github.com/research/github-actions-untrusted-input/ | source : security-advisories@github.com

Vulnerability : CWE-74


Source : silabs.com

Vulnerability ID : CVE-2023-4280

First published on : 02-01-2024 17:15:09
Last modified on : 02-01-2024 19:36:26

Description :
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

CVE ID : CVE-2023-4280
Source : product-security@silabs.com
CVSS Score : 9.3

References :
https://community.silabs.com/069Vm0000004NinIAE | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk | source : product-security@silabs.com

Vulnerability : CWE-125
Vulnerability : CWE-20
Vulnerability : CWE-787


(28) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2024-21632

First published on : 02-01-2024 22:15:10
Last modified on : 02-01-2024 22:15:10

Description :
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.

CVE ID : CVE-2024-21632
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1 | source : security-advisories@github.com
https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj | source : security-advisories@github.com
https://www.descope.com/blog/post/noauth | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2024-21627

First published on : 02-01-2024 21:15:10
Last modified on : 02-01-2024 21:15:10

Description :
PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.

CVE ID : CVE-2024-21627
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-79


Source : qualcomm.com

Vulnerability ID : CVE-2023-33033

First published on : 02-01-2024 06:15:09
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in Audio during playback with speaker protection.

CVE ID : CVE-2023-33033
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33094

First published on : 02-01-2024 06:15:11
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption while running VK synchronization with KASAN enabled.

CVE ID : CVE-2023-33094
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33108

First published on : 02-01-2024 06:15:11
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

CVE ID : CVE-2023-33108
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33113

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

CVE ID : CVE-2023-33113
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33114

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

CVE ID : CVE-2023-33114
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43514

First published on : 02-01-2024 06:15:13
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

CVE ID : CVE-2023-43514
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33085

First published on : 02-01-2024 06:15:10
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption in wearables while processing data from AON.

CVE ID : CVE-2023-33085
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33110

First published on : 02-01-2024 06:15:11
Last modified on : 02-01-2024 13:47:24

Description :
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE ID : CVE-2023-33110
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33117

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

CVE ID : CVE-2023-33117
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33118

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

CVE ID : CVE-2023-33118
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33120

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE ID : CVE-2023-33120
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33014

First published on : 02-01-2024 06:15:08
Last modified on : 02-01-2024 13:47:24

Description :
Information disclosure in Core services while processing a Diag command.

CVE ID : CVE-2023-33014
Source : product-security@qualcomm.com
CVSS Score : 7.6

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33040

First published on : 02-01-2024 06:15:10
Last modified on : 02-01-2024 13:47:24

Description :
Transient DOS in Data Modem during DTLS handshake.

CVE ID : CVE-2023-33040
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33062

First published on : 02-01-2024 06:15:10
Last modified on : 02-01-2024 13:47:24

Description :
Transient DOS in WLAN Firmware while parsing a BTM request.

CVE ID : CVE-2023-33062
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33109

First published on : 02-01-2024 06:15:11
Last modified on : 02-01-2024 13:47:24

Description :
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVE ID : CVE-2023-33109
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33112

First published on : 02-01-2024 06:15:11
Last modified on : 02-01-2024 13:47:24

Description :
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

CVE ID : CVE-2023-33112
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33116

First published on : 02-01-2024 06:15:12
Last modified on : 02-01-2024 13:47:18

Description :
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

CVE ID : CVE-2023-33116
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43511

First published on : 02-01-2024 06:15:13
Last modified on : 02-01-2024 13:47:18

Description :
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

CVE ID : CVE-2023-43511
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43512

First published on : 02-01-2024 06:15:13
Last modified on : 02-01-2024 13:47:18

Description :
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

CVE ID : CVE-2023-43512
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33036

First published on : 02-01-2024 06:15:09
Last modified on : 02-01-2024 13:47:24

Description :
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

CVE ID : CVE-2023-33036
Source : product-security@qualcomm.com
CVSS Score : 7.1

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33037

First published on : 02-01-2024 06:15:10
Last modified on : 02-01-2024 13:47:24

Description :
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVE ID : CVE-2023-33037
Source : product-security@qualcomm.com
CVSS Score : 7.1

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Source : google.com

Vulnerability ID : CVE-2023-4164

First published on : 02-01-2024 22:15:08
Last modified on : 02-01-2024 22:15:08

Description :
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.

CVE ID : CVE-2023-4164
Source : dsap-vuln-management@google.com
CVSS Score : 8.4

References :
https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 | source : dsap-vuln-management@google.com

Vulnerability : CWE-200


Source : redhat.com

Vulnerability ID : CVE-2023-47039

First published on : 02-01-2024 06:15:13
Last modified on : 02-01-2024 13:47:18

Description :
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

CVE ID : CVE-2023-47039
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/security/cve/CVE-2023-47039 | source : secalert@redhat.com
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2249525 | source : secalert@redhat.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-0193

First published on : 02-01-2024 18:15:08
Last modified on : 02-01-2024 19:36:26

Description :
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user to escalate their privileges on the system.

CVE ID : CVE-2024-0193
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/security/cve/CVE-2024-0193 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2255653 | source : secalert@redhat.com

Vulnerability : CWE-416


Source : divd.nl

Vulnerability ID : CVE-2022-3010

First published on : 02-01-2024 19:15:09
Last modified on : 02-01-2024 19:36:26

Description :
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

CVE ID : CVE-2022-3010
Source : csirt@divd.nl
CVSS Score : 7.5

References :
https://csirt.divd.nl/CVE-2022-3010 | source : csirt@divd.nl
https://csirt.divd.nl/DIVD-2022-00035 | source : csirt@divd.nl
https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 | source : csirt@divd.nl

Vulnerability : CWE-1391


Source : snyk.io

Vulnerability ID : CVE-2023-26159

First published on : 02-01-2024 05:15:08
Last modified on : 02-01-2024 13:47:24

Description :
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

CVE ID : CVE-2023-26159
Source : report@snyk.io
CVSS Score : 7.3

References :
https://github.com/follow-redirects/follow-redirects/issues/235 | source : report@snyk.io
https://github.com/follow-redirects/follow-redirects/pull/236 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 | source : report@snyk.io

Vulnerability : CWE-20


(22) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : qualcomm.com

Vulnerability ID : CVE-2023-28583

First published on : 02-01-2024 06:15:08
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.

CVE ID : CVE-2023-28583
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33038

First published on : 02-01-2024 06:15:10
Last modified on : 02-01-2024 13:47:24

Description :
Memory corruption while receiving a message in Bus Socket Transport Server.

CVE ID : CVE-2023-33038
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin | source : product-security@qualcomm.com


Source : github.com

Vulnerability ID : CVE-2023-49794

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.

CVE ID : CVE-2023-49794
Source : security-advisories@github.com
CVSS Score : 6.7

References :
https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link | source : security-advisories@github.com
https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4 | source : security-advisories@github.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2023-51652

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `<tagrules>` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.

CVE ID : CVE-2023-51652
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6 | source : security-advisories@github.com
https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a | source : security-advisories@github.com
https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21629

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available.

CVE ID : CVE-2024-21629
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69 | source : security-advisories@github.com
https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4 | source : security-advisories@github.com
https://github.com/rust-ethereum/evm/pull/264 | source : security-advisories@github.com
https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v | source : security-advisories@github.com

Vulnerability : CWE-703


Vulnerability ID : CVE-2023-50711

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.

CVE ID : CVE-2023-50711
Source : security-advisories@github.com
CVSS Score : 5.7

References :
https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167 | source : security-advisories@github.com
https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9 | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2024-21628

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.

CVE ID : CVE-2024-21628
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597 | source : security-advisories@github.com
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf | source : security-advisories@github.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2024-0192

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.

CVE ID : CVE-2024-0192
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM | source : cna@vuldb.com
https://vuldb.com/?ctiid.249505 | source : cna@vuldb.com
https://vuldb.com/?id.249505 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0194

First published on : 02-01-2024 21:15:09
Last modified on : 02-01-2024 21:15:09

Description :
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.

CVE ID : CVE-2024-0194
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249509 | source : cna@vuldb.com
https://vuldb.com/?id.249509 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0195

First published on : 02-01-2024 21:15:10
Last modified on : 02-01-2024 21:15:10

Description :
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0195
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249510 | source : cna@vuldb.com
https://vuldb.com/?id.249510 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2024-0196

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.

CVE ID : CVE-2024-0196
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249511 | source : cna@vuldb.com
https://vuldb.com/?id.249511 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2024-0191

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

CVE ID : CVE-2024-0191
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY | source : cna@vuldb.com
https://vuldb.com/?ctiid.249504 | source : cna@vuldb.com
https://vuldb.com/?id.249504 | source : cna@vuldb.com

Vulnerability : CWE-538


Vulnerability ID : CVE-2024-0185

First published on : 02-01-2024 01:15:08
Last modified on : 02-01-2024 13:47:38

Description :
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.

CVE ID : CVE-2024-0185
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE | source : cna@vuldb.com
https://vuldb.com/?ctiid.249443 | source : cna@vuldb.com
https://vuldb.com/?id.249443 | source : cna@vuldb.com

Vulnerability : CWE-434


Source : redhat.com

Vulnerability ID : CVE-2023-7192

First published on : 02-01-2024 19:15:11
Last modified on : 02-01-2024 19:36:26

Description :
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

CVE ID : CVE-2023-7192
Source : secalert@redhat.com
CVSS Score : 6.1

References :
https://access.redhat.com/security/cve/CVE-2023-7192 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2256279 | source : secalert@redhat.com
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83 | source : secalert@redhat.com

Vulnerability : CWE-402


Vulnerability ID : CVE-2023-6693

First published on : 02-01-2024 10:15:08
Last modified on : 02-01-2024 13:47:18

Description :
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

CVE ID : CVE-2023-6693
Source : secalert@redhat.com
CVSS Score : 4.9

References :
https://access.redhat.com/security/cve/CVE-2023-6693 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254580 | source : secalert@redhat.com

Vulnerability : CWE-121


Source : snyk.io

Vulnerability ID : CVE-2023-26157

First published on : 02-01-2024 05:15:08
Last modified on : 02-01-2024 13:47:24

Description :
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVE ID : CVE-2023-26157
Source : report@snyk.io
CVSS Score : 5.5

References :
https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc | source : report@snyk.io
https://github.com/LibreDWG/libredwg/issues/850 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730 | source : report@snyk.io

Vulnerability : CWE-400


Source : mattermost.com

Vulnerability ID : CVE-2023-47858

First published on : 02-01-2024 10:15:08
Last modified on : 02-01-2024 13:47:18

Description :
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.

CVE ID : CVE-2023-47858
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-48732

First published on : 02-01-2024 10:15:08
Last modified on : 02-01-2024 13:47:18

Description :
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.

CVE ID : CVE-2023-48732
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Source : openharmony.io

Vulnerability ID : CVE-2023-47857

First published on : 02-01-2024 08:15:09
Last modified on : 02-01-2024 13:47:18

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.

CVE ID : CVE-2023-47857
Source : scy@openharmony.io
CVSS Score : 4.0

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-01.md | source : scy@openharmony.io

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-48360

First published on : 02-01-2024 08:15:09
Last modified on : 02-01-2024 13:47:18

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

CVE ID : CVE-2023-48360
Source : scy@openharmony.io
CVSS Score : 4.0

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-01.md | source : scy@openharmony.io

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-49135

First published on : 02-01-2024 08:15:09
Last modified on : 02-01-2024 13:47:18

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

CVE ID : CVE-2023-49135
Source : scy@openharmony.io
CVSS Score : 4.0

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-01.md | source : scy@openharmony.io

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-49142

First published on : 02-01-2024 08:15:10
Last modified on : 02-01-2024 13:47:18

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.

CVE ID : CVE-2023-49142
Source : scy@openharmony.io
CVSS Score : 4.0

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-01.md | source : scy@openharmony.io

Vulnerability : CWE-416


(10) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-0186

First published on : 02-01-2024 01:15:08
Last modified on : 02-01-2024 13:47:31

Description :
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.

CVE ID : CVE-2024-0186
Source : cna@vuldb.com
CVSS Score : 3.7

References :
https://note.zhaoj.in/share/WwPWWizD2Spk | source : cna@vuldb.com
https://vuldb.com/?ctiid.249444 | source : cna@vuldb.com
https://vuldb.com/?id.249444 | source : cna@vuldb.com

Vulnerability : CWE-640


Vulnerability ID : CVE-2015-10128

First published on : 02-01-2024 14:15:07
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.

CVE ID : CVE-2015-10128
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249422 | source : cna@vuldb.com
https://vuldb.com/?id.249422 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2018-25097

First published on : 02-01-2024 16:15:11
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.

CVE ID : CVE-2018-25097
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd | source : cna@vuldb.com
https://github.com/acumos/design-studio/releases/tag/2.0.8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249420 | source : cna@vuldb.com
https://vuldb.com/?id.249420 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0189

First published on : 02-01-2024 18:15:08
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0189
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q | source : cna@vuldb.com
https://vuldb.com/?ctiid.249502 | source : cna@vuldb.com
https://vuldb.com/?id.249502 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0190

First published on : 02-01-2024 19:15:11
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503.

CVE ID : CVE-2024-0190
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw | source : cna@vuldb.com
https://vuldb.com/?ctiid.249503 | source : cna@vuldb.com
https://vuldb.com/?id.249503 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0188

First published on : 02-01-2024 15:15:10
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.

CVE ID : CVE-2024-0188
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk | source : cna@vuldb.com
https://vuldb.com/?ctiid.249501 | source : cna@vuldb.com
https://vuldb.com/?id.249501 | source : cna@vuldb.com

Vulnerability : CWE-521


Vulnerability ID : CVE-2017-20188

First published on : 02-01-2024 15:15:08
Last modified on : 02-01-2024 19:36:26

Description :
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability.

CVE ID : CVE-2017-20188
Source : cna@vuldb.com
CVSS Score : 2.6

References :
https://github.com/Zimbra/zm-ajax/commit/8d039d6efe80780adc40c6f670c06d21de272105 | source : cna@vuldb.com
https://github.com/Zimbra/zm-ajax/releases/tag/8.8.2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249421 | source : cna@vuldb.com
https://vuldb.com/?id.249421 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0184

First published on : 02-01-2024 00:15:08
Last modified on : 02-01-2024 13:47:38

Description :
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0184
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k | source : cna@vuldb.com
https://vuldb.com/?ctiid.249442 | source : cna@vuldb.com
https://vuldb.com/?id.249442 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : mattermost.com

Vulnerability ID : CVE-2023-50333

First published on : 02-01-2024 10:15:08
Last modified on : 02-01-2024 13:47:18

Description :
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

CVE ID : CVE-2023-50333
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.7

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Source : openharmony.io

Vulnerability ID : CVE-2023-47216

First published on : 02-01-2024 08:15:09
Last modified on : 02-01-2024 13:47:18

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources

CVE ID : CVE-2023-47216
Source : scy@openharmony.io
CVSS Score : 2.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-01.md | source : scy@openharmony.io

Vulnerability : CWE-772


(31) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mediatek.com

Vulnerability ID : CVE-2023-32831

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

CVE ID : CVE-2023-32831
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32872

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.

CVE ID : CVE-2023-32872
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32874

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).

CVE ID : CVE-2023-32874
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32875

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.

CVE ID : CVE-2023-32875
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32876

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.

CVE ID : CVE-2023-32876
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32877

First published on : 02-01-2024 03:15:07
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070.

CVE ID : CVE-2023-32877
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32878

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.

CVE ID : CVE-2023-32878
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32879

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.

CVE ID : CVE-2023-32879
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32880

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076.

CVE ID : CVE-2023-32880
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32881

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080.

CVE ID : CVE-2023-32881
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32882

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616.

CVE ID : CVE-2023-32882
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32883

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.

CVE ID : CVE-2023-32883
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32884

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.

CVE ID : CVE-2023-32884
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32885

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.

CVE ID : CVE-2023-32885
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32886

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.

CVE ID : CVE-2023-32886
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32887

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).

CVE ID : CVE-2023-32887
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32888

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).

CVE ID : CVE-2023-32888
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32889

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895).

CVE ID : CVE-2023-32889
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32890

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:31

Description :
In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).

CVE ID : CVE-2023-32890
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2023-32891

First published on : 02-01-2024 03:15:08
Last modified on : 02-01-2024 13:47:24

Description :
In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.

CVE ID : CVE-2023-32891
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/January-2024 | source : security@mediatek.com


Source : fluidattacks.com

Vulnerability ID : CVE-2023-48721

First published on : 02-01-2024 16:15:12
Last modified on : 02-01-2024 16:15:12

Description :
Rejected reason: Not used

CVE ID : CVE-2023-48721
Source : help@fluidattacks.com
CVSS Score : /

References :


Source : wordfence.com

Vulnerability ID : CVE-2023-6752

First published on : 02-01-2024 20:15:10
Last modified on : 02-01-2024 20:15:10

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6747. Reason: This candidate is a reservation duplicate of CVE-2023-6747. Notes: All CVE users should reference CVE-2023-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-6752
Source : security@wordfence.com
CVSS Score : /

References :


Source : mitre.org

Vulnerability ID : CVE-2023-45561

First published on : 02-01-2024 21:15:09
Last modified on : 02-01-2024 21:15:09

Description :
An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVE ID : CVE-2023-45561
Source : cve@mitre.org
CVSS Score : /

References :
http://a-world.com | source : cve@mitre.org
http://oirase.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45561.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45892

First published on : 02-01-2024 21:15:09
Last modified on : 02-01-2024 21:15:09

Description :
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

CVE ID : CVE-2023-45892
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45893

First published on : 02-01-2024 21:15:09
Last modified on : 02-01-2024 21:15:09

Description :
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

CVE ID : CVE-2023-45893
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47458

First published on : 02-01-2024 21:15:09
Last modified on : 02-01-2024 21:15:09

Description :
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

CVE ID : CVE-2023-47458
Source : cve@mitre.org
CVSS Score : /

References :
http://springblade.com | source : cve@mitre.org
https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a | source : cve@mitre.org
https://gitee.com/smallc/SpringBlade | source : cve@mitre.org


Vulnerability ID : CVE-2020-26623

First published on : 02-01-2024 22:15:07
Last modified on : 02-01-2024 22:15:07

Description :
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.

CVE ID : CVE-2020-26623
Source : cve@mitre.org
CVSS Score : /

References :
http://gilacms.com | source : cve@mitre.org
https://github.com/GilaCMS/gila | source : cve@mitre.org
https://github.com/GilaCMS/gila/security/policy | source : cve@mitre.org
https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2020-26624

First published on : 02-01-2024 22:15:07
Last modified on : 02-01-2024 22:15:07

Description :
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

CVE ID : CVE-2020-26624
Source : cve@mitre.org
CVSS Score : /

References :
http://gilacms.com | source : cve@mitre.org
https://github.com/GilaCMS/gila | source : cve@mitre.org
https://github.com/GilaCMS/gila/security/policy | source : cve@mitre.org
https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2020-26625

First published on : 02-01-2024 22:15:07
Last modified on : 02-01-2024 22:15:07

Description :
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

CVE ID : CVE-2020-26625
Source : cve@mitre.org
CVSS Score : /

References :
http://gilacms.com | source : cve@mitre.org
https://github.com/GilaCMS/gila | source : cve@mitre.org
https://github.com/GilaCMS/gila/security/policy | source : cve@mitre.org
https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50019

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.

CVE ID : CVE-2023-50019
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 | source : cve@mitre.org
https://github.com/open5gs/open5gs/issues/2733 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50020

First published on : 02-01-2024 22:15:09
Last modified on : 02-01-2024 22:15:09

Description :
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.

CVE ID : CVE-2023-50020
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/open5gs/open5gs/commit/1aba814938e3a1b2eec7014bf6ce132d34622e08 | source : cve@mitre.org
https://github.com/open5gs/open5gs/issues/2734 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.