Latest vulnerabilities [Wednesday, January 03, 2024]

Latest vulnerabilities [Wednesday, January 03, 2024]
{{titre}}

Last update performed on 01/03/2024 at 11:57:06 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : baidu.com

Vulnerability ID : CVE-2023-52310

First published on : 03-01-2024 09:15:10
Last modified on : 03-01-2024 13:48:00

Description :
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.

CVE ID : CVE-2023-52310
Source : paddle-security@baidu.com
CVSS Score : 9.6

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md | source : paddle-security@baidu.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-52311

First published on : 03-01-2024 09:15:10
Last modified on : 03-01-2024 13:48:00

Description :
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.

CVE ID : CVE-2023-52311
Source : paddle-security@baidu.com
CVSS Score : 9.6

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md | source : paddle-security@baidu.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-52314

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.

CVE ID : CVE-2023-52314
Source : paddle-security@baidu.com
CVSS Score : 9.6

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md | source : paddle-security@baidu.com

Vulnerability : CWE-78


Source : github.com

Vulnerability ID : CVE-2023-50253

First published on : 03-01-2024 17:15:11
Last modified on : 03-01-2024 17:26:57

Description :
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.

CVE ID : CVE-2023-50253
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/labring/laf/pull/1468 | source : security-advisories@github.com
https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f | source : security-advisories@github.com

Vulnerability : CWE-200


(20) HIGH VULNERABILITIES [7.0, 8.9]

Source : hcl.com

Vulnerability ID : CVE-2023-45722

First published on : 03-01-2024 03:15:09
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.

CVE ID : CVE-2023-45722
Source : psirt@hcl.com
CVSS Score : 8.8

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50343

First published on : 03-01-2024 03:15:11
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.

CVE ID : CVE-2023-50343
Source : psirt@hcl.com
CVSS Score : 8.3

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50350

First published on : 03-01-2024 02:15:44
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.

CVE ID : CVE-2023-50350
Source : psirt@hcl.com
CVSS Score : 8.2

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50351

First published on : 03-01-2024 02:15:44
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.

CVE ID : CVE-2023-50351
Source : psirt@hcl.com
CVSS Score : 8.2

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-45724

First published on : 03-01-2024 03:15:09
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.

CVE ID : CVE-2023-45724
Source : psirt@hcl.com
CVSS Score : 8.2

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-45723

First published on : 03-01-2024 03:15:09
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.

CVE ID : CVE-2023-45723
Source : psirt@hcl.com
CVSS Score : 7.6

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50341

First published on : 03-01-2024 03:15:10
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.

CVE ID : CVE-2023-50341
Source : psirt@hcl.com
CVSS Score : 7.6

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50342

First published on : 03-01-2024 03:15:10
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.

CVE ID : CVE-2023-50342
Source : psirt@hcl.com
CVSS Score : 7.1

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Source : wordfence.com

Vulnerability ID : CVE-2023-6600

First published on : 03-01-2024 06:15:47
Last modified on : 03-01-2024 13:48:00

Description :
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.

CVE ID : CVE-2023-6600
Source : security@wordfence.com
CVSS Score : 8.6

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3008876%40host-webfonts-local&new=3008876%40host-webfonts-local&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009010%40host-webfonts-local&new=3009010%40host-webfonts-local&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009453%40host-webfonts-local&new=3009453%40host-webfonts-local&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e835b97-c066-4e8f-b99f-1a930105af0c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7027

First published on : 03-01-2024 05:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7027
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L79 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/mobile.php#L219 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3016126%40post-smtp%2Ftrunk&old=3012318%40post-smtp%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=cve | source : security@wordfence.com


Source : baidu.com

Vulnerability ID : CVE-2023-52304

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

CVE ID : CVE-2023-52304
Source : paddle-security@baidu.com
CVSS Score : 8.2

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md | source : paddle-security@baidu.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-52307

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

CVE ID : CVE-2023-52307
Source : paddle-security@baidu.com
CVSS Score : 8.2

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md | source : paddle-security@baidu.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-52309

First published on : 03-01-2024 09:15:10
Last modified on : 03-01-2024 13:48:00

Description :
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

CVE ID : CVE-2023-52309
Source : paddle-security@baidu.com
CVSS Score : 8.2

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md | source : paddle-security@baidu.com

Vulnerability : CWE-120


Source : gitlab.com

Vulnerability ID : CVE-2024-0207

First published on : 03-01-2024 08:15:10
Last modified on : 03-01-2024 13:48:00

Description :
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2024-0207
Source : cve@gitlab.com
CVSS Score : 7.8

References :
https://gitlab.com/wireshark/wireshark/-/issues/19502 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2024-03.html | source : cve@gitlab.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-0208

First published on : 03-01-2024 08:15:10
Last modified on : 03-01-2024 13:48:00

Description :
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2024-0208
Source : cve@gitlab.com
CVSS Score : 7.8

References :
https://gitlab.com/wireshark/wireshark/-/issues/19496 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2024-01.html | source : cve@gitlab.com

Vulnerability : CWE-674


Vulnerability ID : CVE-2024-0209

First published on : 03-01-2024 08:15:10
Last modified on : 03-01-2024 13:48:00

Description :
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2024-0209
Source : cve@gitlab.com
CVSS Score : 7.8

References :
https://gitlab.com/wireshark/wireshark/-/issues/19501 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2024-02.html | source : cve@gitlab.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2024-0210

First published on : 03-01-2024 08:15:11
Last modified on : 03-01-2024 13:48:00

Description :
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2024-0210
Source : cve@gitlab.com
CVSS Score : 7.8

References :
https://gitlab.com/wireshark/wireshark/-/issues/19504 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2024-04.html | source : cve@gitlab.com

Vulnerability : CWE-674


Vulnerability ID : CVE-2024-0211

First published on : 03-01-2024 08:15:11
Last modified on : 03-01-2024 13:48:00

Description :
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE ID : CVE-2024-0211
Source : cve@gitlab.com
CVSS Score : 7.8

References :
https://gitlab.com/wireshark/wireshark/-/issues/19557 | source : cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2024-05.html | source : cve@gitlab.com

Vulnerability : CWE-674


Source : github.com

Vulnerability ID : CVE-2024-21633

First published on : 03-01-2024 17:15:13
Last modified on : 03-01-2024 17:26:57

Description :
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.

CVE ID : CVE-2024-21633
Source : security-advisories@github.com
CVSS Score : 7.8

References :
https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 | source : security-advisories@github.com
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w | source : security-advisories@github.com

Vulnerability : CWE-22


Source : lenovo.com

Vulnerability ID : CVE-2023-6338

First published on : 03-01-2024 21:15:08
Last modified on : 03-01-2024 21:15:08

Description :
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

CVE ID : CVE-2023-6338
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-121183 | source : psirt@lenovo.com

Vulnerability : CWE-427


(35) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : zte.com.cn

Vulnerability ID : CVE-2023-41776

First published on : 03-01-2024 02:15:42
Last modified on : 03-01-2024 13:48:00

Description :
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

CVE ID : CVE-2023-41776
Source : psirt@zte.com.cn
CVSS Score : 6.7

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 | source : psirt@zte.com.cn

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-41780

First published on : 03-01-2024 02:15:43
Last modified on : 03-01-2024 13:48:00

Description :
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

CVE ID : CVE-2023-41780
Source : psirt@zte.com.cn
CVSS Score : 6.4

References :
https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 | source : psirt@zte.com.cn

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-41779

First published on : 03-01-2024 02:15:43
Last modified on : 03-01-2024 13:48:00

Description :
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

CVE ID : CVE-2023-41779
Source : psirt@zte.com.cn
CVSS Score : 4.4

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 | source : psirt@zte.com.cn

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-41783

First published on : 03-01-2024 02:15:43
Last modified on : 03-01-2024 13:48:00

Description :
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

CVE ID : CVE-2023-41783
Source : psirt@zte.com.cn
CVSS Score : 4.3

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 | source : psirt@zte.com.cn

Vulnerability : CWE-94


Source : github.com

Vulnerability ID : CVE-2023-30617

First published on : 03-01-2024 16:15:08
Last modified on : 03-01-2024 17:26:57

Description :
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.

CVE ID : CVE-2023-30617
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw | source : security-advisories@github.com

Vulnerability : CWE-250
Vulnerability : CWE-269


Vulnerability ID : CVE-2023-46738

First published on : 03-01-2024 16:15:08
Last modified on : 03-01-2024 17:26:57

Description :
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading.

CVE ID : CVE-2023-46738
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1 | source : security-advisories@github.com
https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx | source : security-advisories@github.com

Vulnerability : CWE-770


Vulnerability ID : CVE-2023-46739

First published on : 03-01-2024 17:15:10
Last modified on : 03-01-2024 17:26:57

Description :
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading.

CVE ID : CVE-2023-46739
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/cubefs/cubefs/commit/6a0d5fa45a77ff20c752fa9e44738bf5d86c84bd | source : security-advisories@github.com
https://github.com/cubefs/cubefs/security/advisories/GHSA-8579-7p32-f398 | source : security-advisories@github.com

Vulnerability : CWE-203


Vulnerability ID : CVE-2023-46740

First published on : 03-01-2024 17:15:10
Last modified on : 03-01-2024 17:26:57

Description :
CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.

CVE ID : CVE-2023-46740
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/cubefs/cubefs/commit/8555c6402794cabdf2cc025c8bea1576122c07ba | source : security-advisories@github.com
https://github.com/cubefs/cubefs/security/advisories/GHSA-4248-p65p-hcrm | source : security-advisories@github.com

Vulnerability : CWE-330


Vulnerability ID : CVE-2024-21631

First published on : 03-01-2024 17:15:12
Last modified on : 03-01-2024 17:26:57

Description :
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.

CVE ID : CVE-2024-21631
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70 | source : security-advisories@github.com
https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp | source : security-advisories@github.com

Vulnerability : CWE-1104
Vulnerability : CWE-190
Vulnerability : CWE-20


Vulnerability ID : CVE-2024-21622

First published on : 03-01-2024 17:15:12
Last modified on : 03-01-2024 17:26:57

Description :
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

CVE ID : CVE-2024-21622
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 | source : security-advisories@github.com
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16 | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa | source : security-advisories@github.com
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843 | source : security-advisories@github.com
https://github.com/craftcms/cms/pull/13931 | source : security-advisories@github.com
https://github.com/craftcms/cms/pull/13932 | source : security-advisories@github.com
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx | source : security-advisories@github.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-46741

First published on : 03-01-2024 17:15:10
Last modified on : 03-01-2024 17:26:57

Description :
CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading.

CVE ID : CVE-2023-46741
Source : security-advisories@github.com
CVSS Score : 4.8

References :
https://github.com/cubefs/cubefs/commit/972f0275ee8d5dbba4b1530da7c145c269b31ef5 | source : security-advisories@github.com
https://github.com/cubefs/cubefs/security/advisories/GHSA-8h2x-gr2c-c275 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46742

First published on : 03-01-2024 17:15:11
Last modified on : 03-01-2024 17:26:57

Description :
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.

CVE ID : CVE-2023-46742
Source : security-advisories@github.com
CVSS Score : 4.8

References :
https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd | source : security-advisories@github.com
https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2 | source : security-advisories@github.com

Vulnerability : CWE-532


Source : lenovo.com

Vulnerability ID : CVE-2023-6540

First published on : 03-01-2024 21:15:08
Last modified on : 03-01-2024 21:15:08

Description :
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.

CVE ID : CVE-2023-6540
Source : psirt@lenovo.com
CVSS Score : 6.5

References :
https://iknow.lenovo.com.cn/detail/419251 | source : psirt@lenovo.com

Vulnerability : CWE-94


Source : wordfence.com

Vulnerability ID : CVE-2023-6524

First published on : 03-01-2024 06:15:47
Last modified on : 03-01-2024 13:48:00

Description :
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6524
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://advisory.abay.sh/cve-2023-6524 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3001436%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.13&new=3015598%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.14#file31 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6986

First published on : 03-01-2024 07:15:07
Last modified on : 03-01-2024 13:48:00

Description :
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6986
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/embedpress/trunk/EmbedPress/Shortcode.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3014595%40embedpress&new=3014595%40embedpress&sfp_email=&sfph_mail=#file11 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ceae0115-268c-401b-876b-3477d10c10e6?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6747

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6747
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://fooplugins.com/foogallery-wordpress-gallery-plugin/pricing/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6629

First published on : 03-01-2024 05:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-6629
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Wizard/NewWizard.php#L396 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012318%40post-smtp%2Ftrunk&old=3006604%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7681f984-d488-4da7-afe1-988e5ad012f2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6981

First published on : 03-01-2024 06:15:47
Last modified on : 03-01-2024 13:48:00

Description :
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.

CVE ID : CVE-2023-6981
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/wp-sms/wp-sms/commit/6656de201efe67c7983102c344a546eed976a819 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0201

First published on : 03-01-2024 10:15:09
Last modified on : 03-01-2024 13:48:00

Description :
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

CVE ID : CVE-2024-0201
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6984

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6984
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015474%40powerpack-lite-for-elementor&new=3015474%40powerpack-lite-for-elementor&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fe2cfc96-63f4-4e4b-bf49-6031594a4805?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6980

First published on : 03-01-2024 06:15:47
Last modified on : 03-01-2024 13:48:00

Description :
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6980
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://github.com/wp-sms/wp-sms/commit/0f36e2f521ade8ddfb3e04786defe074370afb50 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7068

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.

CVE ID : CVE-2023-7068
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3014977%40print-invoices-packing-slip-labels-for-woocommerce&new=3014977%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5abc282d-68c9-423c-a15c-d4d3f7035661?source=cve | source : security@wordfence.com


Source : hcl.com

Vulnerability ID : CVE-2023-50344

First published on : 03-01-2024 03:15:11
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.

CVE ID : CVE-2023-50344
Source : psirt@hcl.com
CVSS Score : 5.4

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Source : baidu.com

Vulnerability ID : CVE-2023-38674

First published on : 03-01-2024 09:15:08
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-38674
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-38675

First published on : 03-01-2024 09:15:08
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-38675
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-38676

First published on : 03-01-2024 09:15:08
Last modified on : 03-01-2024 13:48:00

Description :
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-38676
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md | source : paddle-security@baidu.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-38677

First published on : 03-01-2024 09:15:08
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-38677
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-38678

First published on : 03-01-2024 09:15:08
Last modified on : 03-01-2024 13:48:00

Description :
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-38678
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md | source : paddle-security@baidu.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-52302

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52302
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md | source : paddle-security@baidu.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-52303

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52303
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md | source : paddle-security@baidu.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-52305

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52305
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-52306

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52306
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-52308

First published on : 03-01-2024 09:15:10
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52308
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


Vulnerability ID : CVE-2023-52312

First published on : 03-01-2024 09:15:10
Last modified on : 03-01-2024 13:48:00

Description :
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52312
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md | source : paddle-security@baidu.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-52313

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVE ID : CVE-2023-52313
Source : paddle-security@baidu.com
CVSS Score : 4.7

References :
https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md | source : paddle-security@baidu.com

Vulnerability : CWE-369


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : redhat.com

Vulnerability ID : CVE-2023-6004

First published on : 03-01-2024 17:15:11
Last modified on : 03-01-2024 17:26:57

Description :
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CVE ID : CVE-2023-6004
Source : secalert@redhat.com
CVSS Score : 3.9

References :
https://access.redhat.com/security/cve/CVE-2023-6004 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2251110 | source : secalert@redhat.com
https://www.libssh.org/security/advisories/CVE-2023-6004.txt | source : secalert@redhat.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2024-0217

First published on : 03-01-2024 17:15:12
Last modified on : 03-01-2024 17:26:57

Description :
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

CVE ID : CVE-2024-0217
Source : secalert@redhat.com
CVSS Score : 3.3

References :
https://access.redhat.com/security/cve/CVE-2024-0217 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2256624 | source : secalert@redhat.com

Vulnerability : CWE-416


Source : hcl.com

Vulnerability ID : CVE-2023-50345

First published on : 03-01-2024 02:15:43
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.

CVE ID : CVE-2023-50345
Source : psirt@hcl.com
CVSS Score : 3.7

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50346

First published on : 03-01-2024 02:15:43
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.

CVE ID : CVE-2023-50346
Source : psirt@hcl.com
CVSS Score : 3.1

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-50348

First published on : 03-01-2024 02:15:44
Last modified on : 03-01-2024 13:48:00

Description :
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.

CVE ID : CVE-2023-50348
Source : psirt@hcl.com
CVSS Score : 3.1

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608 | source : psirt@hcl.com


(32) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-49554

First published on : 03-01-2024 00:15:08
Last modified on : 03-01-2024 13:48:00

Description :
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

CVE ID : CVE-2023-49554
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yasm/yasm/issues/249 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49555

First published on : 03-01-2024 00:15:09
Last modified on : 03-01-2024 13:48:00

Description :
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

CVE ID : CVE-2023-49555
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yasm/yasm/issues/248 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49556

First published on : 03-01-2024 00:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

CVE ID : CVE-2023-49556
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yasm/yasm/issues/250 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49557

First published on : 03-01-2024 00:15:09
Last modified on : 03-01-2024 13:48:00

Description :
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

CVE ID : CVE-2023-49557
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yasm/yasm/issues/253 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49558

First published on : 03-01-2024 00:15:09
Last modified on : 03-01-2024 13:48:00

Description :
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

CVE ID : CVE-2023-49558
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yasm/yasm/issues/252 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46308

First published on : 03-01-2024 05:15:11
Last modified on : 03-01-2024 13:48:00

Description :
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.

CVE ID : CVE-2023-46308
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/plotly/plotly.js/releases/tag/v2.25.2 | source : cve@mitre.org
https://plotly.com/javascript/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-42358

First published on : 03-01-2024 06:15:47
Last modified on : 03-01-2024 13:48:00

Description :
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.

CVE ID : CVE-2023-42358
Source : cve@mitre.org
CVSS Score : /

References :
https://jira.o-ran-sc.org/browse/RIC-1009 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47473

First published on : 03-01-2024 07:15:07
Last modified on : 03-01-2024 13:48:00

Description :
Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.

CVE ID : CVE-2023-47473
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/THMOAS0/SSR123/blob/main/%E4%BC%81%E8%AF%ADiFair%20Any%20file%20read.pdf | source : cve@mitre.org
https://www.yuque.com/ssr123/gxhh8t/xv5oxd5i5pxmxd1a?singleDoc | source : cve@mitre.org


Vulnerability ID : CVE-2023-50922

First published on : 03-01-2024 08:15:09
Last modified on : 03-01-2024 13:48:00

Description :
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50922
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50921

First published on : 03-01-2024 09:15:09
Last modified on : 03-01-2024 13:48:00

Description :
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50921
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Add_user_vulnerability.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-37608

First published on : 03-01-2024 13:15:08
Last modified on : 03-01-2024 13:48:00

Description :
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.

CVE ID : CVE-2023-37608
Source : cve@mitre.org
CVSS Score : /

References :
http://automatic-systems.com | source : cve@mitre.org
http://soc.com | source : cve@mitre.org
https://github.com/CQURE/CVEs/tree/main/CVE-2023-37608 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39655

First published on : 03-01-2024 13:15:08
Last modified on : 03-01-2024 13:48:00

Description :
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.

CVE ID : CVE-2023-39655
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655 | source : cve@mitre.org
https://www.npmjs.com/package/%40perfood/couch-auth | source : cve@mitre.org


Vulnerability ID : CVE-2023-50092

First published on : 03-01-2024 13:15:08
Last modified on : 03-01-2024 13:48:00

Description :
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).

CVE ID : CVE-2023-50092
Source : cve@mitre.org
CVSS Score : /

References :
https://apiida.com/product/apiida-api-gateway-manager/ | source : cve@mitre.org
https://senscybersecurity.nl/cve-2023-50092-explained/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-37607

First published on : 03-01-2024 14:15:08
Last modified on : 03-01-2024 17:26:57

Description :
Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.

CVE ID : CVE-2023-37607
Source : cve@mitre.org
CVSS Score : /

References :
http://automatic-systems.com | source : cve@mitre.org
http://soc.com | source : cve@mitre.org
https://github.com/CQURE/CVEs/blob/main/CVE-2023-37607/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50093

First published on : 03-01-2024 14:15:08
Last modified on : 03-01-2024 17:26:57

Description :
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.

CVE ID : CVE-2023-50093
Source : cve@mitre.org
CVSS Score : /

References :
https://apiida.com/product/apiida-api-gateway-manager/ | source : cve@mitre.org
https://senscybersecurity.nl/cve-2023-50093-explained/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45559

First published on : 03-01-2024 15:15:09
Last modified on : 03-01-2024 17:26:57

Description :
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVE ID : CVE-2023-45559
Source : cve@mitre.org
CVSS Score : /

References :
http://tamakihamanoki.com | source : cve@mitre.org
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45559.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46929

First published on : 03-01-2024 19:15:08
Last modified on : 03-01-2024 19:17:49

Description :
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

CVE ID : CVE-2023-46929
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 | source : cve@mitre.org
https://github.com/gpac/gpac/issues/2662 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50090

First published on : 03-01-2024 20:15:21
Last modified on : 03-01-2024 20:15:21

Description :
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

CVE ID : CVE-2023-50090
Source : cve@mitre.org
CVSS Score : /

References :
https://lemono.fun/thoughts/UReport2-RCE.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-49442

First published on : 03-01-2024 21:15:08
Last modified on : 03-01-2024 21:15:08

Description :
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

CVE ID : CVE-2023-49442
Source : cve@mitre.org
CVSS Score : /

References :
https://lemono.fun/thoughts/JEECG-RCE.html | source : cve@mitre.org


Source : wpscan.com

Vulnerability ID : CVE-2023-6621

First published on : 03-01-2024 09:15:11
Last modified on : 03-01-2024 13:48:00

Description :
The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE ID : CVE-2023-6621
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/b49ca336-5bc2-4d72-a9a5-b8c020057928 | source : contact@wpscan.com


Source : apache.org

Vulnerability ID : CVE-2023-51784

First published on : 03-01-2024 10:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329

CVE ID : CVE-2023-51784
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/03/1 | source : security@apache.org
https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j | source : security@apache.org

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-51785

First published on : 03-01-2024 10:15:09
Last modified on : 03-01-2024 13:48:00

Description :
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331

CVE ID : CVE-2023-51785
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/03/2 | source : security@apache.org
https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno | source : security@apache.org

Vulnerability : CWE-502


Source : vulncheck.com

Vulnerability ID : CVE-2024-21907

First published on : 03-01-2024 16:15:08
Last modified on : 03-01-2024 17:26:57

Description :
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

CVE ID : CVE-2024-21907
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://alephsecurity.com/2018/10/22/StackOverflowException/ | source : disclosure@vulncheck.com
https://alephsecurity.com/vulns/aleph-2018004 | source : disclosure@vulncheck.com
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 | source : disclosure@vulncheck.com
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 | source : disclosure@vulncheck.com
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 | source : disclosure@vulncheck.com
https://github.com/advisories/GHSA-5crp-9r3c-p9vr | source : disclosure@vulncheck.com
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr | source : disclosure@vulncheck.com

Vulnerability : CWE-755


Vulnerability ID : CVE-2024-21908

First published on : 03-01-2024 16:15:08
Last modified on : 03-01-2024 17:26:57

Description :
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

CVE ID : CVE-2024-21908
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-5h9g-x5rv-25wg | source : disclosure@vulncheck.com
https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg | source : disclosure@vulncheck.com
https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes | source : disclosure@vulncheck.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21909

First published on : 03-01-2024 16:15:09
Last modified on : 03-01-2024 17:26:57

Description :
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

CVE ID : CVE-2024-21909
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-6r92-cgxc-r5fg | source : disclosure@vulncheck.com
https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 | source : disclosure@vulncheck.com
https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 | source : disclosure@vulncheck.com
https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg | source : disclosure@vulncheck.com

Vulnerability : CWE-407


Vulnerability ID : CVE-2024-21910

First published on : 03-01-2024 16:15:09
Last modified on : 03-01-2024 17:26:57

Description :
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

CVE ID : CVE-2024-21910
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-r8hm-w5f7-wj39 | source : disclosure@vulncheck.com
https://github.com/jazzband/django-tinymce/issues/366 | source : disclosure@vulncheck.com
https://github.com/jazzband/django-tinymce/releases/tag/3.4.0 | source : disclosure@vulncheck.com
https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 | source : disclosure@vulncheck.com
https://pypi.org/project/django-tinymce/3.4.0/ | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39 | source : disclosure@vulncheck.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21911

First published on : 03-01-2024 16:15:09
Last modified on : 03-01-2024 17:26:57

Description :
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

CVE ID : CVE-2024-21911
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-w7jx-j77m-wp65 | source : disclosure@vulncheck.com
https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 | source : disclosure@vulncheck.com
https://www.npmjs.com/package/tinymce | source : disclosure@vulncheck.com
https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes | source : disclosure@vulncheck.com

Vulnerability : CWE-79


Source : rapid7.con

Vulnerability ID : CVE-2023-5879

First published on : 03-01-2024 20:15:21
Last modified on : 03-01-2024 20:15:21

Description :
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.

CVE ID : CVE-2023-5879
Source : cve@rapid7.con
CVSS Score : /

References :
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ | source : cve@rapid7.con

Vulnerability : CWE-922


Vulnerability ID : CVE-2023-5880

First published on : 03-01-2024 20:15:21
Last modified on : 03-01-2024 20:15:21

Description :
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.

CVE ID : CVE-2023-5880
Source : cve@rapid7.con
CVSS Score : /

References :
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ | source : cve@rapid7.con

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5881

First published on : 03-01-2024 20:15:21
Last modified on : 03-01-2024 20:15:21

Description :
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.

CVE ID : CVE-2023-5881
Source : cve@rapid7.con
CVSS Score : /

References :
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ | source : cve@rapid7.con

Vulnerability : CWE-306


Source : github.com

Vulnerability ID : CVE-2023-52140

First published on : 03-01-2024 22:15:11
Last modified on : 03-01-2024 22:15:11

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none.

CVE ID : CVE-2023-52140
Source : security-advisories@github.com
CVSS Score : /

References :


Vulnerability ID : CVE-2023-52141

First published on : 03-01-2024 22:15:11
Last modified on : 03-01-2024 22:15:11

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none.

CVE ID : CVE-2023-52141
Source : security-advisories@github.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.