Latest vulnerabilities [Wednesday, December 13, 2023]

Latest vulnerabilities [Wednesday, December 13, 2023]
{{titre}}

Last update performed on 12/13/2023 at 11:57:02 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : incibe.es

Vulnerability ID : CVE-2023-6723

First published on : 13-12-2023 11:15:08
Last modified on : 13-12-2023 13:35:16

Description :
An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.

CVE ID : CVE-2023-6723
Source : cve-coordination@incibe.es
CVSS Score : 10.0

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6718

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:21

Description :
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.

CVE ID : CVE-2023-6718
Source : cve-coordination@incibe.es
CVSS Score : 9.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-288


Source : cyber.gov.il

Vulnerability ID : CVE-2023-42495

First published on : 13-12-2023 13:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE ID : CVE-2023-42495
Source : cna@cyber.gov.il
CVSS Score : 9.8

References :
https://www.gov.il/en/Departments/faq/cve_advisories | source : cna@cyber.gov.il

Vulnerability : CWE-78


Source : huntr.dev

Vulnerability ID : CVE-2023-6753

First published on : 13-12-2023 00:15:07
Last modified on : 13-12-2023 01:50:36

Description :
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE ID : CVE-2023-6753
Source : security@huntr.dev
CVSS Score : 9.6

References :
https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4 | source : security@huntr.dev
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4 | source : security@huntr.dev

Vulnerability : CWE-22


(38) HIGH VULNERABILITIES [7.0, 8.9]

Source : fortinet.com

Vulnerability ID : CVE-2023-41678

First published on : 13-12-2023 07:15:17
Last modified on : 13-12-2023 13:35:21

Description :
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CVE ID : CVE-2023-41678
Source : psirt@fortinet.com
CVSS Score : 8.8

References :
https://fortiguard.com/psirt/FG-IR-23-196 | source : psirt@fortinet.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-48782

First published on : 13-12-2023 07:15:27
Last modified on : 13-12-2023 13:35:21

Description :
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

CVE ID : CVE-2023-48782
Source : psirt@fortinet.com
CVSS Score : 8.8

References :
https://fortiguard.com/psirt/FG-IR-23-450 | source : psirt@fortinet.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-48791

First published on : 13-12-2023 07:15:28
Last modified on : 13-12-2023 13:35:21

Description :
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.

CVE ID : CVE-2023-48791
Source : psirt@fortinet.com
CVSS Score : 8.8

References :
https://fortiguard.com/psirt/FG-IR-23-425 | source : psirt@fortinet.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-44252

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:21

Description :
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

CVE ID : CVE-2023-44252
Source : psirt@fortinet.com
CVSS Score : 8.8

References :
https://fortiguard.com/psirt/FG-IR-23-061 | source : psirt@fortinet.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2022-27488

First published on : 13-12-2023 07:15:10
Last modified on : 13-12-2023 13:35:21

Description :
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

CVE ID : CVE-2022-27488
Source : psirt@fortinet.com
CVSS Score : 8.3

References :
https://fortiguard.com/psirt/FG-IR-22-038 | source : psirt@fortinet.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-44251

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:21

Description :
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

CVE ID : CVE-2023-44251
Source : psirt@fortinet.com
CVSS Score : 8.3

References :
https://fortiguard.com/psirt/FG-IR-23-265 | source : psirt@fortinet.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-36639

First published on : 13-12-2023 07:15:12
Last modified on : 13-12-2023 13:35:21

Description :
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

CVE ID : CVE-2023-36639
Source : psirt@fortinet.com
CVSS Score : 7.2

References :
https://fortiguard.com/psirt/FG-IR-23-138 | source : psirt@fortinet.com

Vulnerability : CWE-134


Vulnerability ID : CVE-2023-41673

First published on : 13-12-2023 07:15:15
Last modified on : 13-12-2023 13:35:21

Description :
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

CVE ID : CVE-2023-41673
Source : psirt@fortinet.com
CVSS Score : 7.1

References :
https://fortiguard.com/psirt/FG-IR-23-270 | source : psirt@fortinet.com

Vulnerability : CWE-285


Source : checkmk.com

Vulnerability ID : CVE-2023-31210

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:25

Description :
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

CVE ID : CVE-2023-31210
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16226 | source : security@checkmk.com

Vulnerability : CWE-427


Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-6790

First published on : 13-12-2023 19:15:09
Last modified on : 13-12-2023 19:54:46

Description :
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administratorโ€™s browser when they view a specifically crafted link to the PAN-OS web interface.

CVE ID : CVE-2023-6790
Source : psirt@paloaltonetworks.com
CVSS Score : 8.8

References :
https://security.paloaltonetworks.com/CVE-2023-6790 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-46727

First published on : 13-12-2023 19:15:08
Last modified on : 13-12-2023 19:54:46

Description :
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.

CVE ID : CVE-2023-46727
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46 | source : security-advisories@github.com
https://github.com/glpi-project/glpi/releases/tag/10.0.11 | source : security-advisories@github.com
https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-47619

First published on : 13-12-2023 21:15:07
Last modified on : 13-12-2023 21:25:53

Description :
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.

CVE ID : CVE-2023-47619
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/ | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-918


Vulnerability ID : CVE-2023-46247

First published on : 13-12-2023 20:15:49
Last modified on : 13-12-2023 21:25:53

Description :
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.

CVE ID : CVE-2023-46247
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74 | source : security-advisories@github.com

Vulnerability : CWE-193
Vulnerability : CWE-682


Vulnerability ID : CVE-2023-47624

First published on : 13-12-2023 21:15:07
Last modified on : 13-12-2023 21:25:53

Description :
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.

CVE ID : CVE-2023-47624
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/ | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-46726

First published on : 13-12-2023 19:15:07
Last modified on : 13-12-2023 19:54:46

Description :
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

CVE ID : CVE-2023-46726
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2 | source : security-advisories@github.com
https://github.com/glpi-project/glpi/releases/tag/10.0.11 | source : security-advisories@github.com
https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95 | source : security-advisories@github.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2023-48702

First published on : 13-12-2023 21:15:07
Last modified on : 13-12-2023 21:25:53

Description :
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.

CVE ID : CVE-2023-48702
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/jellyfin/jellyfin/commit/83d2c69516471e2db72d9273c6a04247d0f37c86 | source : security-advisories@github.com
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rr9h-w522-cvmr | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-028_jellyfin/ | source : security-advisories@github.com

Vulnerability : CWE-77


Source : incibe.es

Vulnerability ID : CVE-2023-6721

First published on : 13-12-2023 10:15:11
Last modified on : 13-12-2023 13:35:16

Description :
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.

CVE ID : CVE-2023-6721
Source : cve-coordination@incibe.es
CVSS Score : 8.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-611


Vulnerability ID : CVE-2023-6722

First published on : 13-12-2023 10:15:12
Last modified on : 13-12-2023 13:35:16

Description :
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

CVE ID : CVE-2023-6722
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-23


Source : elastic.co

Vulnerability ID : CVE-2023-46671

First published on : 13-12-2023 07:15:22
Last modified on : 13-12-2023 13:35:21

Description :
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).

CVE ID : CVE-2023-46671
Source : bressers@elastic.co
CVSS Score : 8.0

References :
https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149 | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-46675

First published on : 13-12-2023 07:15:23
Last modified on : 13-12-2023 13:35:21

Description :
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.

CVE ID : CVE-2023-46675
Source : bressers@elastic.co
CVSS Score : 8.0

References :
https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2 | source : bressers@elastic.co

Vulnerability : CWE-532


Source : redhat.com

Vulnerability ID : CVE-2023-6377

First published on : 13-12-2023 07:15:30
Last modified on : 13-12-2023 15:15:07

Description :
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

CVE ID : CVE-2023-6377
Source : secalert@redhat.com
CVSS Score : 7.8

References :
http://www.openwall.com/lists/oss-security/2023/12/13/1 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-6377 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253291 | source : secalert@redhat.com
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd | source : secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html | source : secalert@redhat.com
https://lists.x.org/archives/xorg-announce/2023-December/003435.html | source : secalert@redhat.com
https://www.debian.org/security/2023/dsa-5576 | source : secalert@redhat.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-6478

First published on : 13-12-2023 07:15:31
Last modified on : 13-12-2023 15:15:07

Description :
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

CVE ID : CVE-2023-6478
Source : secalert@redhat.com
CVSS Score : 7.6

References :
http://www.openwall.com/lists/oss-security/2023/12/13/1 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-6478 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253298 | source : secalert@redhat.com
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 | source : secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html | source : secalert@redhat.com
https://lists.x.org/archives/xorg-announce/2023-December/003435.html | source : secalert@redhat.com
https://www.debian.org/security/2023/dsa-5576 | source : secalert@redhat.com

Vulnerability : CWE-125


Source : vmware.com

Vulnerability ID : CVE-2022-22942

First published on : 13-12-2023 09:15:33
Last modified on : 13-12-2023 13:35:25

Description :
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

CVE ID : CVE-2022-22942
Source : security@vmware.com
CVSS Score : 7.8

References :
https://github.com/vmware/photon/wiki/Security-Update-3.0-356 | source : security@vmware.com
https://github.com/vmware/photon/wiki/Security-Update-4.0-148 | source : security@vmware.com
https://www.openwall.com/lists/oss-security/2022/01/27/4 | source : security@vmware.com


Source : adobe.com

Vulnerability ID : CVE-2023-47063

First published on : 13-12-2023 10:15:08
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47063
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-47074

First published on : 13-12-2023 10:15:08
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47074
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47075

First published on : 13-12-2023 10:15:09
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47075
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html | source : psirt@adobe.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-48625

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48625
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48626

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48626
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48627

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48627
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48628

First published on : 13-12-2023 14:15:45
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48628
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48629

First published on : 13-12-2023 14:15:45
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48629
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48630

First published on : 13-12-2023 14:15:45
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48630
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48632

First published on : 13-12-2023 14:15:45
Last modified on : 13-12-2023 14:27:24

Description :
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48632
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-48633

First published on : 13-12-2023 14:15:45
Last modified on : 13-12-2023 14:27:24

Description :
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48633
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html | source : psirt@adobe.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-48634

First published on : 13-12-2023 14:15:46
Last modified on : 13-12-2023 14:27:24

Description :
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48634
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-48639

First published on : 13-12-2023 14:15:47
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48639
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html | source : psirt@adobe.com

Vulnerability : CWE-787


Source : krcert.or.kr

Vulnerability ID : CVE-2023-45800

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.

CVE ID : CVE-2023-45800
Source : vuln@krcert.or.kr
CVSS Score : 7.5

References :
https://hanbiro.com/ | source : vuln@krcert.or.kr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-45801

First published on : 13-12-2023 03:15:48
Last modified on : 13-12-2023 13:35:25

Description :
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.

CVE ID : CVE-2023-45801
Source : vuln@krcert.or.kr
CVSS Score : 7.5

References :
http://www.nadatel.com/ | source : vuln@krcert.or.kr

Vulnerability : CWE-287


(53) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : fortinet.com

Vulnerability ID : CVE-2023-40716

First published on : 13-12-2023 07:15:14
Last modified on : 13-12-2023 13:35:21

Description :
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

CVE ID : CVE-2023-40716
Source : psirt@fortinet.com
CVSS Score : 6.7

References :
https://fortiguard.com/psirt/FG-IR-22-345 | source : psirt@fortinet.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-46713

First published on : 13-12-2023 07:15:24
Last modified on : 13-12-2023 13:35:21

Description :
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

CVE ID : CVE-2023-46713
Source : psirt@fortinet.com
CVSS Score : 5.3

References :
https://fortiguard.com/psirt/FG-IR-23-256 | source : psirt@fortinet.com

Vulnerability : CWE-117


Source : github.com

Vulnerability ID : CVE-2023-43813

First published on : 13-12-2023 19:15:07
Last modified on : 13-12-2023 19:54:46

Description :
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.

CVE ID : CVE-2023-43813
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e | source : security-advisories@github.com
https://github.com/glpi-project/glpi/releases/tag/10.0.11 | source : security-advisories@github.com
https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362 | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50709

First published on : 13-12-2023 22:15:43
Last modified on : 13-12-2023 22:15:43

Description :
Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade.

CVE ID : CVE-2023-50709
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/cube-js/cube/releases/tag/v0.34.34 | source : security-advisories@github.com
https://github.com/cube-js/cube/security/advisories/GHSA-9759-3276-g2pm | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-49296

First published on : 13-12-2023 20:15:49
Last modified on : 13-12-2023 21:25:53

Description :
The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.

CVE ID : CVE-2023-49296
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/arduino/arduino-create-agent/commit/9a0e582bb8a1ff8e70d202943ddef8625ccefcc8 | source : security-advisories@github.com
https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-j5hc-wx84-844h | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50246

First published on : 13-12-2023 21:15:08
Last modified on : 13-12-2023 21:25:53

Description :
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.

CVE ID : CVE-2023-50246
Source : security-advisories@github.com
CVSS Score : 6.2

References :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574 | source : security-advisories@github.com
https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 | source : security-advisories@github.com
https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc | source : security-advisories@github.com

Vulnerability : CWE-120
Vulnerability : CWE-122


Vulnerability ID : CVE-2023-50268

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

CVE ID : CVE-2023-50268
Source : security-advisories@github.com
CVSS Score : 6.2

References :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771 | source : security-advisories@github.com
https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b | source : security-advisories@github.com
https://github.com/jqlang/jq/pull/2804 | source : security-advisories@github.com
https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j | source : security-advisories@github.com

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-47620

First published on : 13-12-2023 22:15:43
Last modified on : 13-12-2023 22:15:43

Description :
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available.

CVE ID : CVE-2023-47620
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/ | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47623

First published on : 13-12-2023 22:15:43
Last modified on : 13-12-2023 22:15:43

Description :
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.

CVE ID : CVE-2023-47623
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/ | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50262

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue.

CVE ID : CVE-2023-50262
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/dompdf/dompdf/blob/v2.0.3/src/Image/Cache.php#L136-L153 | source : security-advisories@github.com
https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593 | source : security-advisories@github.com
https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2 | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-674


Vulnerability ID : CVE-2023-50248

First published on : 13-12-2023 21:15:08
Last modified on : 13-12-2023 21:25:53

Description :
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.

CVE ID : CVE-2023-50248
Source : security-advisories@github.com
CVSS Score : 4.5

References :
https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be | source : security-advisories@github.com
https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5 | source : security-advisories@github.com

Vulnerability : CWE-130


Source : mitre.org

Vulnerability ID : CVE-2023-42483

First published on : 13-12-2023 01:15:07
Last modified on : 13-12-2023 01:50:36

Description :
A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system.

CVE ID : CVE-2023-42483
Source : cve@mitre.org
CVSS Score : 6.3

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43122

First published on : 13-12-2023 01:15:10
Last modified on : 13-12-2023 01:50:36

Description :
Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader.

CVE ID : CVE-2023-43122
Source : cve@mitre.org
CVSS Score : 4.8

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45864

First published on : 13-12-2023 01:15:10
Last modified on : 13-12-2023 01:50:36

Description :
A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.

CVE ID : CVE-2023-45864
Source : cve@mitre.org
CVSS Score : 4.0

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


Source : incibe.es

Vulnerability ID : CVE-2023-6719

First published on : 13-12-2023 10:15:11
Last modified on : 13-12-2023 13:35:16

Description :
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session.

CVE ID : CVE-2023-6719
Source : cve-coordination@incibe.es
CVSS Score : 6.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6380

First published on : 13-12-2023 11:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.

CVE ID : CVE-2023-6380
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms | source : cve-coordination@incibe.es

Vulnerability : CWE-601


Vulnerability ID : CVE-2023-6720

First published on : 13-12-2023 10:15:11
Last modified on : 13-12-2023 13:35:16

Description :
An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.

CVE ID : CVE-2023-6720
Source : cve-coordination@incibe.es
CVSS Score : 5.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6379

First published on : 13-12-2023 11:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

CVE ID : CVE-2023-6379
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-6760

First published on : 13-12-2023 16:15:12
Last modified on : 13-12-2023 16:33:21

Description :
A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888.

CVE ID : CVE-2023-6760
Source : cna@vuldb.com
CVSS Score : 6.3

References :
http://39.106.130.187/yue/yue.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247888 | source : cna@vuldb.com
https://vuldb.com/?id.247888 | source : cna@vuldb.com

Vulnerability : CWE-1018


Vulnerability ID : CVE-2023-6765

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895.

CVE ID : CVE-2023-6765
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://blog.csdn.net/xitanging/article/details/134903112 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247895 | source : cna@vuldb.com
https://vuldb.com/?id.247895 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6771

First published on : 13-12-2023 19:15:08
Last modified on : 13-12-2023 19:54:46

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.

CVE ID : CVE-2023-6771
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247907 | source : cna@vuldb.com
https://vuldb.com/?id.247907 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6762

First published on : 13-12-2023 16:15:12
Last modified on : 13-12-2023 16:33:21

Description :
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6762
Source : cna@vuldb.com
CVSS Score : 5.4

References :
http://39.106.130.187/jwt/wen/1.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247890 | source : cna@vuldb.com
https://vuldb.com/?id.247890 | source : cna@vuldb.com

Vulnerability : CWE-275


Vulnerability ID : CVE-2023-6756

First published on : 13-12-2023 14:15:47
Last modified on : 13-12-2023 14:27:24

Description :
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884.

CVE ID : CVE-2023-6756
Source : cna@vuldb.com
CVSS Score : 5.3

References :
http://124.71.147.32:8082/IceCMS2.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247884 | source : cna@vuldb.com
https://vuldb.com/?id.247884 | source : cna@vuldb.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-6757

First published on : 13-12-2023 14:15:47
Last modified on : 13-12-2023 14:27:24

Description :
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability.

CVE ID : CVE-2023-6757
Source : cna@vuldb.com
CVSS Score : 5.3

References :
http://124.71.147.32:8082/IceCMS3.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247885 | source : cna@vuldb.com
https://vuldb.com/?id.247885 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6758

First published on : 13-12-2023 15:15:08
Last modified on : 13-12-2023 16:33:21

Description :
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6758
Source : cna@vuldb.com
CVSS Score : 5.3

References :
http://124.71.147.32:8082/IceCMS4.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247886 | source : cna@vuldb.com
https://vuldb.com/?id.247886 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6759

First published on : 13-12-2023 15:15:08
Last modified on : 13-12-2023 16:33:21

Description :
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.

CVE ID : CVE-2023-6759
Source : cna@vuldb.com
CVSS Score : 5.3

References :
http://39.106.130.187/Icecms.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247887 | source : cna@vuldb.com
https://vuldb.com/?id.247887 | source : cna@vuldb.com

Vulnerability : CWE-837


Vulnerability ID : CVE-2023-6755

First published on : 13-12-2023 13:15:09
Last modified on : 13-12-2023 13:35:16

Description :
A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6755
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/ycwxy/test/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247883 | source : cna@vuldb.com
https://vuldb.com/?id.247883 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6772

First published on : 13-12-2023 19:15:08
Last modified on : 13-12-2023 19:54:46

Description :
A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908.

CVE ID : CVE-2023-6772
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Num-Nine/CVE/issues/8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247908 | source : cna@vuldb.com
https://vuldb.com/?id.247908 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6761

First published on : 13-12-2023 16:15:12
Last modified on : 13-12-2023 16:33:21

Description :
A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability.

CVE ID : CVE-2023-6761
Source : cna@vuldb.com
CVSS Score : 4.3

References :
http://39.106.130.187/chui/1.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.247889 | source : cna@vuldb.com
https://vuldb.com/?id.247889 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6766

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.

CVE ID : CVE-2023-6766
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_course.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247896 | source : cna@vuldb.com
https://vuldb.com/?id.247896 | source : cna@vuldb.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-6767

First published on : 13-12-2023 18:15:45
Last modified on : 13-12-2023 19:01:57

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899.

CVE ID : CVE-2023-6767
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.247899 | source : cna@vuldb.com
https://vuldb.com/?id.247899 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6773

First published on : 13-12-2023 20:15:49
Last modified on : 13-12-2023 21:25:53

Description :
A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability.

CVE ID : CVE-2023-6773
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.247909 | source : cna@vuldb.com
https://vuldb.com/?id.247909 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6774

First published on : 13-12-2023 20:15:50
Last modified on : 13-12-2023 21:25:53

Description :
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6774
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/drive/folders/1wnrdIuBhZh5ia9Q61b_V_72eIaHsX-B1?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.247910 | source : cna@vuldb.com
https://vuldb.com/?id.247910 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : adobe.com

Vulnerability ID : CVE-2023-47076

First published on : 13-12-2023 10:15:09
Last modified on : 13-12-2023 13:35:16

Description :
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47076
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-70.html | source : psirt@adobe.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-47077

First published on : 13-12-2023 10:15:09
Last modified on : 13-12-2023 13:35:16

Description :
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47077
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-70.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44362

First published on : 13-12-2023 12:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44362
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/prelude/apsb23-67.html | source : psirt@adobe.com

Vulnerability : CWE-824


Vulnerability ID : CVE-2023-47061

First published on : 13-12-2023 13:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47061
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-71.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47062

First published on : 13-12-2023 13:15:08
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47062
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-71.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47078

First published on : 13-12-2023 13:15:08
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47078
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-71.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47079

First published on : 13-12-2023 13:15:08
Last modified on : 13-12-2023 13:35:16

Description :
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47079
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-71.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47080

First published on : 13-12-2023 14:15:43
Last modified on : 13-12-2023 14:27:29

Description :
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47080
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47081

First published on : 13-12-2023 14:15:43
Last modified on : 13-12-2023 14:27:29

Description :
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47081
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-48635

First published on : 13-12-2023 14:15:46
Last modified on : 13-12-2023 14:27:24

Description :
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48635
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-48636

First published on : 13-12-2023 14:15:46
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48636
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-48637

First published on : 13-12-2023 14:15:46
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48637
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-48638

First published on : 13-12-2023 14:15:46
Last modified on : 13-12-2023 14:27:24

Description :
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-48638
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html | source : psirt@adobe.com

Vulnerability : CWE-125


Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-6792

First published on : 13-12-2023 19:15:09
Last modified on : 13-12-2023 19:54:46

Description :
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

CVE ID : CVE-2023-6792
Source : psirt@paloaltonetworks.com
CVSS Score : 5.5

References :
https://security.paloaltonetworks.com/CVE-2023-6792 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-88


Vulnerability ID : CVE-2023-6794

First published on : 13-12-2023 19:15:10
Last modified on : 13-12-2023 19:54:46

Description :
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

CVE ID : CVE-2023-6794
Source : psirt@paloaltonetworks.com
CVSS Score : 5.5

References :
https://security.paloaltonetworks.com/CVE-2023-6794 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6795

First published on : 13-12-2023 19:15:10
Last modified on : 13-12-2023 19:54:46

Description :
An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

CVE ID : CVE-2023-6795
Source : psirt@paloaltonetworks.com
CVSS Score : 5.5

References :
https://security.paloaltonetworks.com/CVE-2023-6795 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6791

First published on : 13-12-2023 19:15:09
Last modified on : 13-12-2023 19:54:46

Description :
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

CVE ID : CVE-2023-6791
Source : psirt@paloaltonetworks.com
CVSS Score : 4.9

References :
https://security.paloaltonetworks.com/CVE-2023-6791 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-701


Vulnerability ID : CVE-2023-6789

First published on : 13-12-2023 19:15:08
Last modified on : 13-12-2023 19:54:46

Description :
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

CVE ID : CVE-2023-6789
Source : psirt@paloaltonetworks.com
CVSS Score : 4.3

References :
https://security.paloaltonetworks.com/CVE-2023-6789 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-49877

First published on : 13-12-2023 21:15:08
Last modified on : 13-12-2023 21:25:53

Description :
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651.

CVE ID : CVE-2023-49877
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/272651 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7092383 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49878

First published on : 13-12-2023 21:15:08
Last modified on : 13-12-2023 21:25:53

Description :
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652.

CVE ID : CVE-2023-49878
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/272652 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7092383 | source : psirt@us.ibm.com

Vulnerability : CWE-209


(6) LOW VULNERABILITIES [0.1, 3.9]

Source : fortinet.com

Vulnerability ID : CVE-2023-41844

First published on : 13-12-2023 07:15:18
Last modified on : 13-12-2023 13:35:21

Description :
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.

CVE ID : CVE-2023-41844
Source : psirt@fortinet.com
CVSS Score : 3.5

References :
https://fortiguard.com/psirt/FG-IR-23-214 | source : psirt@fortinet.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45587

First published on : 13-12-2023 07:15:20
Last modified on : 13-12-2023 13:35:21

Description :
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests

CVE ID : CVE-2023-45587
Source : psirt@fortinet.com
CVSS Score : 3.5

References :
https://fortiguard.com/psirt/FG-IR-23-360 | source : psirt@fortinet.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47536

First published on : 13-12-2023 08:15:50
Last modified on : 13-12-2023 13:35:21

Description :
An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

CVE ID : CVE-2023-47536
Source : psirt@fortinet.com
CVSS Score : 3.1

References :
https://fortiguard.com/psirt/FG-IR-23-432 | source : psirt@fortinet.com

Vulnerability : CWE-284


Source : vuldb.com

Vulnerability ID : CVE-2023-6775

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911.

CVE ID : CVE-2023-6775
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/12llrfm5nmsbNexeyAroB6nL5yjqAYL8T?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.247911 | source : cna@vuldb.com
https://vuldb.com/?id.247911 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : incibe.es

Vulnerability ID : CVE-2023-6381

First published on : 13-12-2023 11:15:07
Last modified on : 13-12-2023 13:35:16

Description :
Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.

CVE ID : CVE-2023-6381
Source : cve-coordination@incibe.es
CVSS Score : 3.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-input-validation-newsletter-software-supermailer | source : cve-coordination@incibe.es

Vulnerability : CWE-20


Source : paloaltonetworks.com

Vulnerability ID : CVE-2023-6793

First published on : 13-12-2023 19:15:09
Last modified on : 13-12-2023 19:54:46

Description :
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.

CVE ID : CVE-2023-6793
Source : psirt@paloaltonetworks.com
CVSS Score : 2.7

References :
https://security.paloaltonetworks.com/CVE-2023-6793 | source : psirt@paloaltonetworks.com

Vulnerability : CWE-269


(43) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-47573

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:21

Description :
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.

CVE ID : CVE-2023-47573
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47574

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled.

CVE ID : CVE-2023-47574
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47575

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.

CVE ID : CVE-2023-47575
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47576

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.

CVE ID : CVE-2023-47576
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47577

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:21

Description :
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.

CVE ID : CVE-2023-47577
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47578

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.

CVE ID : CVE-2023-47578
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47579

First published on : 13-12-2023 02:15:07
Last modified on : 13-12-2023 13:35:25

Description :
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.

CVE ID : CVE-2023-47579
Source : cve@mitre.org
CVSS Score : /

References :
https://www.relyum.com/web/support/vulnerability-report/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-27171

First published on : 13-12-2023 14:15:43
Last modified on : 13-12-2023 14:15:43

Description :
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-27171
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-34194

First published on : 13-12-2023 14:15:43
Last modified on : 13-12-2023 14:27:29

Description :
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

CVE ID : CVE-2023-34194
Source : cve@mitre.org
CVSS Score : /

References :
https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp | source : cve@mitre.org
https://www.forescout.com/resources/sierra21-vulnerabilities | source : cve@mitre.org


Vulnerability ID : CVE-2023-47320

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:29

Description :
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

CVE ID : CVE-2023-47320
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47321

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:29

Description :
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.

CVE ID : CVE-2023-47321
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47322

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:29

Description :
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

CVE ID : CVE-2023-47322
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47323

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:29

Description :
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.

CVE ID : CVE-2023-47323
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47324

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.

CVE ID : CVE-2023-47324
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324 | source : cve@mitre.org
https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits | source : cve@mitre.org


Vulnerability ID : CVE-2023-47325

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.

CVE ID : CVE-2023-47325
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47326

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.

CVE ID : CVE-2023-47326
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47326 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47327

First published on : 13-12-2023 14:15:44
Last modified on : 13-12-2023 14:27:24

Description :
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.

CVE ID : CVE-2023-47327
Source : cve@mitre.org
CVSS Score : /

References :
http://silverpeas.com | source : cve@mitre.org
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49363

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.

CVE ID : CVE-2023-49363
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-50441

First published on : 13-12-2023 20:15:49
Last modified on : 13-12-2023 21:25:53

Description :
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.

CVE ID : CVE-2023-50441
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50444

First published on : 13-12-2023 20:15:49
Last modified on : 13-12-2023 21:25:53

Description :
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

CVE ID : CVE-2023-50444
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B30874/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50439

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).

CVE ID : CVE-2023-50439
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B30930/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50440

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

CVE ID : CVE-2023-50440
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50442

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)

CVE ID : CVE-2023-50442
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B30933/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50443

First published on : 13-12-2023 21:15:09
Last modified on : 13-12-2023 21:25:53

Description :
Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.

CVE ID : CVE-2023-50443
Source : cve@mitre.org
CVSS Score : /

References :
https://www.primx.eu/en/bulletins/security-bulletin-23B3093B/ | source : cve@mitre.org
https://www.primx.eu/fr/blog/ | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-45725

First published on : 13-12-2023 08:15:50
Last modified on : 13-12-2023 13:35:25

Description :
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers

CVE ID : CVE-2023-45725
Source : security@apache.org
CVSS Score : /

References :
https://docs.couchdb.org/en/stable/cve/2023-45725.html | source : security@apache.org
https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg | source : security@apache.org

Vulnerability : CWE-200


Source : freebsd.org

Vulnerability ID : CVE-2023-6534

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:25

Description :
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.

CVE ID : CVE-2023-6534
Source : secteam@freebsd.org
CVSS Score : /

References :
https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc | source : secteam@freebsd.org


Vulnerability ID : CVE-2023-6660

First published on : 13-12-2023 09:15:34
Last modified on : 13-12-2023 13:35:25

Description :
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication. The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network. Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.

CVE ID : CVE-2023-6660
Source : secteam@freebsd.org
CVSS Score : /

References :
https://security.freebsd.org/advisories/FreeBSD-SA-23:18.nfsclient.asc | source : secteam@freebsd.org


Source : googlegroups.com

Vulnerability ID : CVE-2023-50764

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2023-50764
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3205 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50765

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.

CVE ID : CVE-2023-50765
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3206 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50766

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

CVE ID : CVE-2023-50766
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3204 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50767

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

CVE ID : CVE-2023-50767
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3204 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50768

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE ID : CVE-2023-50768
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3203 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50769

First published on : 13-12-2023 18:15:43
Last modified on : 13-12-2023 19:01:57

Description :
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE ID : CVE-2023-50769
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3203 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50770

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

CVE ID : CVE-2023-50770
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50771

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

CVE ID : CVE-2023-50771
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-2979 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50772

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVE ID : CVE-2023-50772
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50773

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE ID : CVE-2023-50773
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50774

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2023-50774
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3183 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50775

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

CVE ID : CVE-2023-50775
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3092 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50776

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVE ID : CVE-2023-50776
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50777

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE ID : CVE-2023-50777
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50778

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.

CVE ID : CVE-2023-50778
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-50779

First published on : 13-12-2023 18:15:44
Last modified on : 13-12-2023 19:01:57

Description :
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.

CVE ID : CVE-2023-50779
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/13/4 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179 | source : jenkinsci-cert@googlegroups.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.