Latest vulnerabilities [Wednesday, December 27, 2023]

Latest vulnerabilities [Wednesday, December 27, 2023]
{{titre}}

Last update performed on 12/27/2023 at 11:57:06 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2023-50255

First published on : 27-12-2023 17:15:07
Last modified on : 27-12-2023 18:24:09

Description :
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-50255
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 | source : security-advisories@github.com
https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2 | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-23
Vulnerability : CWE-26


(5) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2023-52077

First published on : 27-12-2023 19:15:07
Last modified on : 27-12-2023 21:37:15

Description :
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5.

CVE ID : CVE-2023-52077
Source : security-advisories@github.com
CVSS Score : 8.9

References :
https://github.com/mei23/misskey-v12/commit/78173e376f14fcc1987b02196f5538bf5b18225c | source : security-advisories@github.com
https://github.com/misskey-dev/misskey/commit/5150053275594278e9eb23e72d98b16593c4c230 | source : security-advisories@github.com
https://github.com/nexryai/nexkey/commit/a4e4c9c47c5f84ec7ccd309bde59d4ae5d7e5a98 | source : security-advisories@github.com
https://github.com/nexryai/nexkey/security/advisories/GHSA-pjj7-7hcj-9cpc | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-51443

First published on : 27-12-2023 17:15:08
Last modified on : 27-12-2023 18:24:09

Description :
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.

CVE ID : CVE-2023-51443
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/signalwire/freeswitch/commit/86cbda90b84ba186e508fbc7bfae469270a97d11 | source : security-advisories@github.com
https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6 | source : security-advisories@github.com

Vulnerability : CWE-703


Vulnerability ID : CVE-2023-52075

First published on : 27-12-2023 20:15:19
Last modified on : 27-12-2023 21:37:15

Description :
ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.

CVE ID : CVE-2023-52075
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q | source : security-advisories@github.com

Vulnerability : CWE-755


Vulnerability ID : CVE-2023-51664

First published on : 27-12-2023 17:15:08
Last modified on : 27-12-2023 18:24:09

Description :
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.

CVE ID : CVE-2023-51664
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/tj-actions/changed-files/commit/0102c07446a3cad972f4afcbd0ee4dbc4b6d2d1b | source : security-advisories@github.com
https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f | source : security-advisories@github.com
https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede | source : security-advisories@github.com
https://github.com/tj-actions/changed-files/security/advisories/GHSA-mcph-m25j-8j63 | source : security-advisories@github.com

Vulnerability : CWE-74
Vulnerability : CWE-77


Source : redhat.com

Vulnerability ID : CVE-2023-3171

First published on : 27-12-2023 16:15:13
Last modified on : 27-12-2023 18:24:09

Description :
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

CVE ID : CVE-2023-3171
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/errata/RHSA-2023:5484 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:5485 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:5486 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:5488 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-3171 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2213639 | source : secalert@redhat.com

Vulnerability : CWE-789


(6) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-6190

First published on : 27-12-2023 15:15:45
Last modified on : 27-12-2023 18:24:09

Description :
Improper Input Validation vulnerability in ?zmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.

CVE ID : CVE-2023-6190
Source : iletisim@usom.gov.tr
CVSS Score : 6.5

References :
https://www.usom.gov.tr/bildirim/tr-23-0735-2 | source : iletisim@usom.gov.tr

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-51700

First published on : 27-12-2023 18:15:23
Last modified on : 27-12-2023 18:24:09

Description :
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.

CVE ID : CVE-2023-51700
Source : security-advisories@github.com
CVSS Score : 6.4

References :
https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f | source : security-advisories@github.com
https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/security/advisories/GHSA-pqwp-qrp7-grg4 | source : security-advisories@github.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-51665

First published on : 27-12-2023 18:15:23
Last modified on : 27-12-2023 18:24:09

Description :
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-51665
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82 | source : security-advisories@github.com
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-51697

First published on : 27-12-2023 18:15:23
Last modified on : 27-12-2023 18:24:09

Description :
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-51697
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64 | source : security-advisories@github.com
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7 | source : security-advisories@github.com

Vulnerability : CWE-918


Source : vuldb.com

Vulnerability ID : CVE-2023-7116

First published on : 27-12-2023 16:15:13
Last modified on : 27-12-2023 18:24:09

Description :
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7116
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://medium.com/@2839549219ljk/rec-vulnerability-e8f2e1033b1f | source : cna@vuldb.com
https://vuldb.com/?ctiid.249086 | source : cna@vuldb.com
https://vuldb.com/?id.249086 | source : cna@vuldb.com

Vulnerability : CWE-78


Source : redhat.com

Vulnerability ID : CVE-2023-4641

First published on : 27-12-2023 16:15:13
Last modified on : 27-12-2023 18:24:09

Description :
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVE ID : CVE-2023-4641
Source : secalert@redhat.com
CVSS Score : 4.7

References :
https://access.redhat.com/errata/RHSA-2023:6632 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7112 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-4641 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2215945 | source : secalert@redhat.com

Vulnerability : CWE-303


(0) LOW VULNERABILITIES [0.1, 3.9]

(16) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-40038

First published on : 27-12-2023 20:15:19
Last modified on : 27-12-2023 21:37:15

Description :
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)

CVE ID : CVE-2023-40038
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038 | source : cve@mitre.org
https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg | source : cve@mitre.org


Vulnerability ID : CVE-2023-43481

First published on : 27-12-2023 21:15:07
Last modified on : 27-12-2023 22:15:16

Description :
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component.

CVE ID : CVE-2023-43481
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.tcl.browser/blob/main/CWE-94.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43955

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.

CVE ID : CVE-2023-43955
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.phlox.tvwebbrowser | source : cve@mitre.org
https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md | source : cve@mitre.org
https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk | source : cve@mitre.org
https://github.com/truefedex/tv-bro/pull/182#issue-1901769895 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46919

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission.

CVE ID : CVE-2023-46919
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47882

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

CVE ID : CVE-2023-47882
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/yi/blob/main/CWE-319.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.yunyi.smartcamera | source : cve@mitre.org


Vulnerability ID : CVE-2023-47883

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

CVE ID : CVE-2023-47883
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk | source : cve@mitre.org
https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md | source : cve@mitre.org
https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif | source : cve@mitre.org


Vulnerability ID : CVE-2023-51074

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.

CVE ID : CVE-2023-51074
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/json-path/JsonPath/issues/973 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51075

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

CVE ID : CVE-2023-51075
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dromara/hutool/issues/3421 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51079

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.

CVE ID : CVE-2023-51079
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mvel/mvel/issues/348 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51080

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.

CVE ID : CVE-2023-51080
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dromara/hutool/issues/3423 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51084

First published on : 27-12-2023 21:15:08
Last modified on : 27-12-2023 21:37:15

Description :
hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.

CVE ID : CVE-2023-51084
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PoppingSnack/VulReport/issues/12 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46918

First published on : 27-12-2023 22:15:16
Last modified on : 27-12-2023 22:15:16

Description :
Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.

CVE ID : CVE-2023-46918
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.phlox.simpleserver/blob/main/CWE-321.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49000

First published on : 27-12-2023 22:15:16
Last modified on : 27-12-2023 22:15:16

Description :
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.

CVE ID : CVE-2023-49000
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-49000 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49001

First published on : 27-12-2023 22:15:16
Last modified on : 27-12-2023 22:15:16

Description :
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.

CVE ID : CVE-2023-49001
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-49001 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49002

First published on : 27-12-2023 22:15:16
Last modified on : 27-12-2023 22:15:16

Description :
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.

CVE ID : CVE-2023-49002
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.sinous.voice.dialer/blob/main/CWE-928.md | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-49002 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49003

First published on : 27-12-2023 22:15:16
Last modified on : 27-12-2023 22:15:16

Description :
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.

CVE ID : CVE-2023-49003
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.simplemobiletools.dialer/blob/main/CWE-928.md | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/CVE-2023-49003 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.