Latest vulnerabilities [Wednesday, January 10, 2024]

Latest vulnerabilities [Wednesday, January 10, 2024]
{{titre}}

Last update performed on 01/10/2024 at 11:57:06 PM

(5) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : cisco.com

Vulnerability ID : CVE-2023-47862

First published on : 10-01-2024 16:15:47
Last modified on : 10-01-2024 18:15:46

Description :
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE ID : CVE-2023-47862
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-49599

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user.

CVE ID : CVE-2023-49599
Source : talos-cna@cisco.com
CVSS Score : 9.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900 | source : talos-cna@cisco.com

Vulnerability : CWE-331


Vulnerability ID : CVE-2023-48728

First published on : 10-01-2024 16:15:47
Last modified on : 10-01-2024 18:15:46

Description :
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVE ID : CVE-2023-48728
Source : talos-cna@cisco.com
CVSS Score : 9.6

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883 | source : talos-cna@cisco.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47861

First published on : 10-01-2024 16:15:47
Last modified on : 10-01-2024 18:15:46

Description :
A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVE ID : CVE-2023-47861
Source : talos-cna@cisco.com
CVSS Score : 9.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884 | source : talos-cna@cisco.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2024-21638

First published on : 10-01-2024 22:15:51
Last modified on : 10-01-2024 22:15:51

Description :
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

CVE ID : CVE-2024-21638
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f | source : security-advisories@github.com
https://github.com/Azure/ipam/pull/218 | source : security-advisories@github.com
https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6 | source : security-advisories@github.com

Vulnerability : CWE-269


(22) HIGH VULNERABILITIES [7.0, 8.9]

Source : bosch.com

Vulnerability ID : CVE-2023-48252

First published on : 10-01-2024 13:15:45
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.

CVE ID : CVE-2023-48252
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-48253

First published on : 10-01-2024 13:15:45
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.

CVE ID : CVE-2023-48253
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48243

First published on : 10-01-2024 11:15:08
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.

CVE ID : CVE-2023-48243
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48250

First published on : 10-01-2024 11:15:10
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.

CVE ID : CVE-2023-48250
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-48251

First published on : 10-01-2024 13:15:45
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.

CVE ID : CVE-2023-48251
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-48262

First published on : 10-01-2024 13:15:47
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVE ID : CVE-2023-48262
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-48263

First published on : 10-01-2024 13:15:47
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVE ID : CVE-2023-48263
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-48264

First published on : 10-01-2024 13:15:47
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVE ID : CVE-2023-48264
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-48265

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVE ID : CVE-2023-48265
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-48266

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVE ID : CVE-2023-48266
Source : psirt@bosch.com
CVSS Score : 8.1

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-48257

First published on : 10-01-2024 13:15:46
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

CVE ID : CVE-2023-48257
Source : psirt@bosch.com
CVSS Score : 7.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-1391


Source : cisco.com

Vulnerability ID : CVE-2023-49589

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-49589
Source : talos-cna@cisco.com
CVSS Score : 8.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 | source : talos-cna@cisco.com

Vulnerability : CWE-640


Vulnerability ID : CVE-2023-48730

First published on : 10-01-2024 16:15:47
Last modified on : 10-01-2024 18:15:46

Description :
A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CVE ID : CVE-2023-48730
Source : talos-cna@cisco.com
CVSS Score : 8.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882 | source : talos-cna@cisco.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49738

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

CVE ID : CVE-2023-49738
Source : talos-cna@cisco.com
CVSS Score : 7.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-49810

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to bruteforce users credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE ID : CVE-2023-49810
Source : talos-cna@cisco.com
CVSS Score : 7.3

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898 | source : talos-cna@cisco.com

Vulnerability : CWE-307


Source : fortinet.com

Vulnerability ID : CVE-2023-44250

First published on : 10-01-2024 18:15:46
Last modified on : 10-01-2024 18:15:46

Description :
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.

CVE ID : CVE-2023-44250
Source : psirt@fortinet.com
CVSS Score : 8.8

References :
https://fortiguard.com/psirt/FG-IR-23-315 | source : psirt@fortinet.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-46712

First published on : 10-01-2024 18:15:46
Last modified on : 10-01-2024 18:15:46

Description :
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.

CVE ID : CVE-2023-46712
Source : psirt@fortinet.com
CVSS Score : 7.2

References :
https://fortiguard.com/psirt/FG-IR-23-395 | source : psirt@fortinet.com

Vulnerability : CWE-284


Source : github.com

Vulnerability ID : CVE-2023-41056

First published on : 10-01-2024 16:15:46
Last modified on : 10-01-2024 16:59:53

Description :
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

CVE ID : CVE-2023-41056
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/redis/redis/releases/tag/7.0.15 | source : security-advisories@github.com
https://github.com/redis/redis/releases/tag/7.2.4 | source : security-advisories@github.com
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m | source : security-advisories@github.com

Vulnerability : CWE-190
Vulnerability : CWE-762


Vulnerability ID : CVE-2023-45139

First published on : 10-01-2024 16:15:46
Last modified on : 10-01-2024 16:59:48

Description :
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.

CVE ID : CVE-2023-45139
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c | source : security-advisories@github.com
https://github.com/fonttools/fonttools/releases/tag/4.43.0 | source : security-advisories@github.com
https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5 | source : security-advisories@github.com

Vulnerability : CWE-611


Vulnerability ID : CVE-2024-21643

First published on : 10-01-2024 05:15:09
Last modified on : 10-01-2024 13:56:12

Description :
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.

CVE ID : CVE-2024-21643
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0 | source : security-advisories@github.com
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2 | source : security-advisories@github.com
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h | source : security-advisories@github.com
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve | source : security-advisories@github.com

Vulnerability : CWE-94


Source : dragos.com

Vulnerability ID : CVE-2023-29445

First published on : 10-01-2024 21:15:08
Last modified on : 10-01-2024 21:15:08

Description :
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.

CVE ID : CVE-2023-29445
Source : ot-cert@dragos.com
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 | source : ot-cert@dragos.com
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/ | source : ot-cert@dragos.com
https://www.ptc.com/en/support/article/cs399528 | source : ot-cert@dragos.com

Vulnerability : CWE-427


Source : vuldb.com

Vulnerability ID : CVE-2024-0359

First published on : 10-01-2024 02:15:46
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0359
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250126 | source : cna@vuldb.com
https://vuldb.com/?id.250126 | source : cna@vuldb.com

Vulnerability : CWE-89


(49) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : bosch.com

Vulnerability ID : CVE-2023-48242

First published on : 10-01-2024 11:15:08
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.

CVE ID : CVE-2023-48242
Source : psirt@bosch.com
CVSS Score : 6.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48245

First published on : 10-01-2024 11:15:09
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

CVE ID : CVE-2023-48245
Source : psirt@bosch.com
CVSS Score : 6.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-48246

First published on : 10-01-2024 11:15:09
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.

CVE ID : CVE-2023-48246
Source : psirt@bosch.com
CVSS Score : 6.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48249

First published on : 10-01-2024 11:15:10
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users.

CVE ID : CVE-2023-48249
Source : psirt@bosch.com
CVSS Score : 6.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48255

First published on : 10-01-2024 13:15:46
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.

CVE ID : CVE-2023-48255
Source : psirt@bosch.com
CVSS Score : 6.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48248

First published on : 10-01-2024 11:15:09
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.

CVE ID : CVE-2023-48248
Source : psirt@bosch.com
CVSS Score : 5.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48258

First published on : 10-01-2024 13:15:46
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.

CVE ID : CVE-2023-48258
Source : psirt@bosch.com
CVSS Score : 5.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48244

First published on : 10-01-2024 11:15:08
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

CVE ID : CVE-2023-48244
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48247

First published on : 10-01-2024 11:15:09
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

CVE ID : CVE-2023-48247
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-48254

First published on : 10-01-2024 13:15:45
Last modified on : 10-01-2024 13:56:06

Description :
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

CVE ID : CVE-2023-48254
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48256

First published on : 10-01-2024 13:15:46
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

CVE ID : CVE-2023-48256
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-113


Vulnerability ID : CVE-2023-48259

First published on : 10-01-2024 13:15:46
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.

CVE ID : CVE-2023-48259
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48260

First published on : 10-01-2024 13:15:47
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.

CVE ID : CVE-2023-48260
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48261

First published on : 10-01-2024 13:15:47
Last modified on : 10-01-2024 13:56:00

Description :
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.

CVE ID : CVE-2023-48261
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | source : psirt@bosch.com

Vulnerability : CWE-89


Source : redhat.com

Vulnerability ID : CVE-2023-5455

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 15:15:09

Description :
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.

CVE ID : CVE-2023-5455
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/errata/RHSA-2024:0137 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0138 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0139 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0140 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0141 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0142 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0143 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0144 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0145 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5455 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2242828 | source : secalert@redhat.com
https://www.freeipa.org/release-notes/4-10-3.html | source : secalert@redhat.com
https://www.freeipa.org/release-notes/4-11-1.html | source : secalert@redhat.com
https://www.freeipa.org/release-notes/4-6-10.html | source : secalert@redhat.com
https://www.freeipa.org/release-notes/4-9-14.html | source : secalert@redhat.com

Vulnerability : CWE-352


Source : wordfence.com

Vulnerability ID : CVE-2023-6158

First published on : 10-01-2024 15:15:10
Last modified on : 10-01-2024 16:59:53

Description :
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection.

CVE ID : CVE-2023-6158
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://docs.myeventon.com/documentations/eventon-changelog/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3017578/eventon-lite/trunk/includes/admin/class-admin-ajax.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/19f94c4f-145b-4058-aabd-06525fce3cea?source=cve | source : security@wordfence.com


Source : cisco.com

Vulnerability ID : CVE-2023-47171

First published on : 10-01-2024 16:15:47
Last modified on : 10-01-2024 18:15:46

Description :
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

CVE ID : CVE-2023-47171
Source : talos-cna@cisco.com
CVSS Score : 6.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-49862

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter.

CVE ID : CVE-2023-49862
Source : talos-cna@cisco.com
CVSS Score : 6.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-49863

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 18:15:47

Description :
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter.

CVE ID : CVE-2023-49863
Source : talos-cna@cisco.com
CVSS Score : 6.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-49864

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 18:15:47

Description :
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter.

CVE ID : CVE-2023-49864
Source : talos-cna@cisco.com
CVSS Score : 6.5

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880 | source : talos-cna@cisco.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-50172

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 18:15:47

Description :
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user.

CVE ID : CVE-2023-50172
Source : talos-cna@cisco.com
CVSS Score : 5.3

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 | source : talos-cna@cisco.com

Vulnerability : CWE-640


Vulnerability ID : CVE-2023-49715

First published on : 10-01-2024 16:15:48
Last modified on : 10-01-2024 18:15:47

Description :
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE ID : CVE-2023-49715
Source : talos-cna@cisco.com
CVSS Score : 4.3

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 | source : talos-cna@cisco.com

Vulnerability : CWE-434


Source : fortinet.com

Vulnerability ID : CVE-2023-37932

First published on : 10-01-2024 18:15:45
Last modified on : 10-01-2024 18:15:45

Description :
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

CVE ID : CVE-2023-37932
Source : psirt@fortinet.com
CVSS Score : 6.5

References :
https://fortiguard.com/psirt/FG-IR-23-219 | source : psirt@fortinet.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48783

First published on : 10-01-2024 18:15:46
Last modified on : 10-01-2024 18:15:46

Description :
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.

CVE ID : CVE-2023-48783
Source : psirt@fortinet.com
CVSS Score : 5.4

References :
https://fortiguard.com/psirt/FG-IR-23-408 | source : psirt@fortinet.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-37934

First published on : 10-01-2024 18:15:45
Last modified on : 10-01-2024 18:15:45

Description :
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.

CVE ID : CVE-2023-37934
Source : psirt@fortinet.com
CVSS Score : 4.3

References :
https://fortiguard.com/psirt/FG-IR-23-226 | source : psirt@fortinet.com

Vulnerability : CWE-770


Source : github.com

Vulnerability ID : CVE-2023-49295

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.

CVE ID : CVE-2023-49295
Source : security-advisories@github.com
CVSS Score : 6.4

References :
https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965 | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49 | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4 | source : security-advisories@github.com
https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8 | source : security-advisories@github.com
https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf | source : security-advisories@github.com

Vulnerability : CWE-400


Source : vuldb.com

Vulnerability ID : CVE-2024-0389

First published on : 10-01-2024 14:15:44
Last modified on : 10-01-2024 16:59:53

Description :
A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0389
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250230 | source : cna@vuldb.com
https://vuldb.com/?id.250230 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0355

First published on : 10-01-2024 00:15:46
Last modified on : 10-01-2024 01:21:28

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0355
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250122 | source : cna@vuldb.com
https://vuldb.com/?id.250122 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0357

First published on : 10-01-2024 01:15:43
Last modified on : 10-01-2024 01:21:28

Description :
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124.

CVE ID : CVE-2024-0357
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250124 | source : cna@vuldb.com
https://vuldb.com/?id.250124 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0360

First published on : 10-01-2024 02:15:46
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.

CVE ID : CVE-2024-0360
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250127 | source : cna@vuldb.com
https://vuldb.com/?id.250127 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0361

First published on : 10-01-2024 03:15:44
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.

CVE ID : CVE-2024-0361
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250128 | source : cna@vuldb.com
https://vuldb.com/?id.250128 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0362

First published on : 10-01-2024 03:15:44
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability.

CVE ID : CVE-2024-0362
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250129 | source : cna@vuldb.com
https://vuldb.com/?id.250129 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0363

First published on : 10-01-2024 03:15:44
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0363
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250130 | source : cna@vuldb.com
https://vuldb.com/?id.250130 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0364

First published on : 10-01-2024 03:15:44
Last modified on : 10-01-2024 13:56:12

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131.

CVE ID : CVE-2024-0364
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250131 | source : cna@vuldb.com
https://vuldb.com/?id.250131 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0354

First published on : 10-01-2024 00:15:45
Last modified on : 10-01-2024 01:21:28

Description :
A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability.

CVE ID : CVE-2024-0354
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/nHD5xiHQgHG0 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250121 | source : cna@vuldb.com
https://vuldb.com/?id.250121 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2024-0358

First published on : 10-01-2024 01:15:43
Last modified on : 10-01-2024 01:21:28

Description :
A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability.

CVE ID : CVE-2024-0358
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/Po2N8SpTuzrV | source : cna@vuldb.com
https://vuldb.com/?ctiid.250125 | source : cna@vuldb.com
https://vuldb.com/?id.250125 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0356

First published on : 10-01-2024 01:15:43
Last modified on : 10-01-2024 01:21:28

Description :
A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123.

CVE ID : CVE-2024-0356
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e | source : cna@vuldb.com
https://vuldb.com/?ctiid.250123 | source : cna@vuldb.com
https://vuldb.com/?id.250123 | source : cna@vuldb.com

Vulnerability : CWE-284


Source : dragos.com

Vulnerability ID : CVE-2023-29444

First published on : 10-01-2024 17:15:08
Last modified on : 10-01-2024 17:15:08

Description :
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

CVE ID : CVE-2023-29444
Source : ot-cert@dragos.com
CVSS Score : 6.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 | source : ot-cert@dragos.com
https://www.ptc.com/en/support/article/cs399528 | source : ot-cert@dragos.com

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-29447

First published on : 10-01-2024 21:15:08
Last modified on : 10-01-2024 21:15:08

Description :
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.

CVE ID : CVE-2023-29447
Source : ot-cert@dragos.com
CVSS Score : 5.7

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 | source : ot-cert@dragos.com
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/ | source : ot-cert@dragos.com
https://www.ptc.com/en/support/article/cs399528 | source : ot-cert@dragos.com

Vulnerability : CWE-522


Vulnerability ID : CVE-2022-45793

First published on : 10-01-2024 21:15:08
Last modified on : 10-01-2024 21:15:08

Description :
[PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT].

CVE ID : CVE-2022-45793
Source : ot-cert@dragos.com
CVSS Score : 5.5

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 | source : ot-cert@dragos.com
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/ | source : ot-cert@dragos.com
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf | source : ot-cert@dragos.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-29446

First published on : 10-01-2024 21:15:08
Last modified on : 10-01-2024 21:15:08

Description :
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

CVE ID : CVE-2023-29446
Source : ot-cert@dragos.com
CVSS Score : 4.7

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 | source : ot-cert@dragos.com
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/ | source : ot-cert@dragos.com
https://www.ptc.com/en/support/article/cs399528 | source : ot-cert@dragos.com

Vulnerability : CWE-20


Source : trellix.com

Vulnerability ID : CVE-2024-0310

First published on : 10-01-2024 11:15:10
Last modified on : 10-01-2024 13:56:06

Description :
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.

CVE ID : CVE-2024-0310
Source : trellixpsirt@trellix.com
CVSS Score : 6.1

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10417 | source : trellixpsirt@trellix.com

Vulnerability : CWE-79


Source : zte.com.cn

Vulnerability ID : CVE-2023-41781

First published on : 10-01-2024 07:15:49
Last modified on : 10-01-2024 13:56:12

Description :
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

CVE ID : CVE-2023-41781
Source : psirt@zte.com.cn
CVSS Score : 5.7

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 | source : psirt@zte.com.cn

Vulnerability : CWE-20


Source : adobe.com

Vulnerability ID : CVE-2024-20710

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20710
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-20711

First published on : 10-01-2024 13:15:49
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20711
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-20712

First published on : 10-01-2024 13:15:49
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20712
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-20713

First published on : 10-01-2024 13:15:49
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20713
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-20714

First published on : 10-01-2024 13:15:49
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20714
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-20715

First published on : 10-01-2024 13:15:49
Last modified on : 10-01-2024 13:56:00

Description :
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20715
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | source : psirt@adobe.com

Vulnerability : CWE-125


(0) LOW VULNERABILITIES [0.1, 3.9]

(103) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-47997

First published on : 10-01-2024 00:15:45
Last modified on : 10-01-2024 01:21:28

Description :
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.

CVE ID : CVE-2023-47997
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997 | source : cve@mitre.org


Vulnerability ID : CVE-2023-31446

First published on : 10-01-2024 03:15:43
Last modified on : 10-01-2024 13:56:12

Description :
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

CVE ID : CVE-2023-31446
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution | source : cve@mitre.org
https://www.cassianetworks.com | source : cve@mitre.org


Vulnerability ID : CVE-2022-46025

First published on : 10-01-2024 08:15:37
Last modified on : 10-01-2024 13:56:12

Description :
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.

CVE ID : CVE-2022-46025
Source : cve@mitre.org
CVSS Score : /

References :
https://pastebin.com/aan5jT40 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41603

First published on : 10-01-2024 08:15:37
Last modified on : 10-01-2024 13:56:12

Description :
D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.

CVE ID : CVE-2023-41603
Source : cve@mitre.org
CVSS Score : /

References :
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48864

First published on : 10-01-2024 08:15:37
Last modified on : 10-01-2024 13:56:12

Description :
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.

CVE ID : CVE-2023-48864
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/NoBlake/cve-2023-48864 | source : cve@mitre.org


Vulnerability ID : CVE-2020-26627

First published on : 10-01-2024 09:15:43
Last modified on : 10-01-2024 13:56:12

Description :
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.

CVE ID : CVE-2020-26627
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2020-26628

First published on : 10-01-2024 09:15:43
Last modified on : 10-01-2024 13:56:12

Description :
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.

CVE ID : CVE-2020-26628
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2020-26629

First published on : 10-01-2024 09:15:43
Last modified on : 10-01-2024 13:56:12

Description :
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.

CVE ID : CVE-2020-26629
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2020-26630

First published on : 10-01-2024 09:15:43
Last modified on : 10-01-2024 13:56:12

Description :
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.

CVE ID : CVE-2020-26630
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-49394

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 13:56:12

Description :
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.

CVE ID : CVE-2023-49394
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/xue-yao-go/87d088fa3f423bba8098ef22988e4626 | source : cve@mitre.org
https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-URL-redirect-b03f8f9f5b4e4cbea819c2961c097d92?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49427

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 13:56:06

Description :
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.

CVE ID : CVE-2023-49427
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-49471

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 13:56:06

Description :
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.

CVE ID : CVE-2023-49471
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zunak/CVE-2023-49471 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50120

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 13:56:06

Description :
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

CVE ID : CVE-2023-50120
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2698 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51252

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 13:56:06

Description :
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.

CVE ID : CVE-2023-51252
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sanluan/PublicCMS/issues/79 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51971

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 16:15:50

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.

CVE ID : CVE-2023-51971
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51972

First published on : 10-01-2024 13:15:48
Last modified on : 10-01-2024 13:56:00

Description :
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.

CVE ID : CVE-2023-51972
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Command-Injection-in-fromAdvSetLanIp-7b2892fac8234cff90ca15af4947a8e7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51961

First published on : 10-01-2024 14:15:44
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.

CVE ID : CVE-2023-51961
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a | source : cve@mitre.org


Vulnerability ID : CVE-2023-51966

First published on : 10-01-2024 14:15:44
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

CVE ID : CVE-2023-51966
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd | source : cve@mitre.org


Vulnerability ID : CVE-2023-51952

First published on : 10-01-2024 15:15:08
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.

CVE ID : CVE-2023-51952
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51953

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

CVE ID : CVE-2023-51953
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51954

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.

CVE ID : CVE-2023-51954
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51955

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

CVE ID : CVE-2023-51955
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51956

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv

CVE ID : CVE-2023-51956
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51957

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

CVE ID : CVE-2023-51957
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a | source : cve@mitre.org


Vulnerability ID : CVE-2023-51958

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.

CVE ID : CVE-2023-51958
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a | source : cve@mitre.org


Vulnerability ID : CVE-2023-51959

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

CVE ID : CVE-2023-51959
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a | source : cve@mitre.org


Vulnerability ID : CVE-2023-51960

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

CVE ID : CVE-2023-51960
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a | source : cve@mitre.org


Vulnerability ID : CVE-2023-51963

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

CVE ID : CVE-2023-51963
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd | source : cve@mitre.org


Vulnerability ID : CVE-2023-51964

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

CVE ID : CVE-2023-51964
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd | source : cve@mitre.org


Vulnerability ID : CVE-2023-51965

First published on : 10-01-2024 15:15:09
Last modified on : 10-01-2024 16:59:53

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

CVE ID : CVE-2023-51965
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd | source : cve@mitre.org


Vulnerability ID : CVE-2023-51962

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 16:59:48

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

CVE ID : CVE-2023-51962
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd | source : cve@mitre.org


Vulnerability ID : CVE-2023-51967

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 16:59:48

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.

CVE ID : CVE-2023-51967
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51968

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 16:59:48

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.

CVE ID : CVE-2023-51968
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51969

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 16:59:48

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.

CVE ID : CVE-2023-51969
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51970

First published on : 10-01-2024 16:15:49
Last modified on : 10-01-2024 16:59:48

Description :
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

CVE ID : CVE-2023-51970
Source : cve@mitre.org
CVSS Score : /

References :
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50916

First published on : 10-01-2024 19:15:08
Last modified on : 10-01-2024 19:15:08

Description :
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.

CVE ID : CVE-2023-50916
Source : cve@mitre.org
CVSS Score : /

References :
https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html | source : cve@mitre.org
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/ | source : cve@mitre.org
https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-001_kyocera-v2.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-31488

First published on : 10-01-2024 20:15:45
Last modified on : 10-01-2024 20:15:45

Description :
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.

CVE ID : CVE-2023-31488
Source : cve@mitre.org
CVSS Score : /

References :
https://bst.cisco.com/quickview/bug/CSCwe11003 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51195

First published on : 10-01-2024 20:15:45
Last modified on : 10-01-2024 20:15:45

Description :
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-51195
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-51126

First published on : 10-01-2024 21:15:09
Last modified on : 10-01-2024 21:15:09

Description :
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.

CVE ID : CVE-2023-51126
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/risuxx/CVE-2023-51126 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51127

First published on : 10-01-2024 21:15:09
Last modified on : 10-01-2024 21:15:09

Description :
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file.

CVE ID : CVE-2023-51127
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/risuxx/CVE-2023-51127 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52064

First published on : 10-01-2024 21:15:09
Last modified on : 10-01-2024 21:15:09

Description :
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

CVE ID : CVE-2023-52064
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/wuzhicms/wuzhicms/issues/208 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51123

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.

CVE ID : CVE-2023-51123
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/WhereisRain/dir-815 | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-49619

First published on : 10-01-2024 09:15:44
Last modified on : 10-01-2024 15:15:08

Description :
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

CVE ID : CVE-2023-49619
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/10/1 | source : security@apache.org
https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4 | source : security@apache.org

Vulnerability : CWE-362


Source : puiterwijk.org

Vulnerability ID : CVE-2024-0395

First published on : 10-01-2024 14:15:44
Last modified on : 10-01-2024 14:15:44

Description :
Rejected reason: NON Security Issue.

CVE ID : CVE-2024-0395
Source : patrick@puiterwijk.org
CVSS Score : /

References :


Source : apple.com

Vulnerability ID : CVE-2022-32919

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.

CVE ID : CVE-2022-32919
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213530 | source : product-security@apple.com
https://support.apple.com/en-us/HT213532 | source : product-security@apple.com


Vulnerability ID : CVE-2022-32931

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.

CVE ID : CVE-2022-32931
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-42816

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.

CVE ID : CVE-2022-42816
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-42839

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.

CVE ID : CVE-2022-42839
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213530 | source : product-security@apple.com
https://support.apple.com/en-us/HT213532 | source : product-security@apple.com


Vulnerability ID : CVE-2022-46710

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.

CVE ID : CVE-2022-46710
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213530 | source : product-security@apple.com
https://support.apple.com/en-us/HT213532 | source : product-security@apple.com


Vulnerability ID : CVE-2022-46721

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2022-46721
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-47915

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2022-47915
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-47965

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2022-47965
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-48504

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

CVE ID : CVE-2022-48504
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2022-48577

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

CVE ID : CVE-2022-48577
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213488 | source : product-security@apple.com


Vulnerability ID : CVE-2023-28185

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.

CVE ID : CVE-2023-28185
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213673 | source : product-security@apple.com
https://support.apple.com/en-us/HT213674 | source : product-security@apple.com
https://support.apple.com/en-us/HT213675 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213677 | source : product-security@apple.com
https://support.apple.com/en-us/HT213678 | source : product-security@apple.com


Vulnerability ID : CVE-2023-28197

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-28197
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213675 | source : product-security@apple.com
https://support.apple.com/en-us/HT213677 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32366

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.

CVE ID : CVE-2023-32366
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213673 | source : product-security@apple.com
https://support.apple.com/en-us/HT213675 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213677 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32378

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-32378
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213675 | source : product-security@apple.com
https://support.apple.com/en-us/HT213677 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32383

First published on : 10-01-2024 22:15:47
Last modified on : 10-01-2024 22:15:47

Description :
This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

CVE ID : CVE-2023-32383
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/en-us/HT213759 | source : product-security@apple.com
https://support.apple.com/en-us/HT213760 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32401

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.

CVE ID : CVE-2023-32401
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com
https://support.apple.com/en-us/HT213759 | source : product-security@apple.com
https://support.apple.com/en-us/HT213760 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32424

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CVE ID : CVE-2023-32424
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213678 | source : product-security@apple.com


Vulnerability ID : CVE-2023-32436

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-32436
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com


Vulnerability ID : CVE-2023-38607

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings.

CVE ID : CVE-2023-38607
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-38610

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.

CVE ID : CVE-2023-38610
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-38612

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.

CVE ID : CVE-2023-38612
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213927 | source : product-security@apple.com
https://support.apple.com/en-us/HT213931 | source : product-security@apple.com
https://support.apple.com/en-us/HT213932 | source : product-security@apple.com
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40383

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-40383
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40385

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

CVE ID : CVE-2023-40385
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com
https://support.apple.com/en-us/HT213941 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40393

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.

CVE ID : CVE-2023-40393
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40394

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data.

CVE ID : CVE-2023-40394
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40411

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.

CVE ID : CVE-2023-40411
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40414

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-40414
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213936 | source : product-security@apple.com
https://support.apple.com/en-us/HT213937 | source : product-security@apple.com
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com
https://support.apple.com/en-us/HT213941 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40430

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent.

CVE ID : CVE-2023-40430
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40433

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.

CVE ID : CVE-2023-40433
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40437

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.

CVE ID : CVE-2023-40437
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40438

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.

CVE ID : CVE-2023-40438
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213927 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40439

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.

CVE ID : CVE-2023-40439
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnerability ID : CVE-2023-40529

First published on : 10-01-2024 22:15:48
Last modified on : 10-01-2024 22:15:48

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.

CVE ID : CVE-2023-40529
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41060

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution.

CVE ID : CVE-2023-41060
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41069

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

CVE ID : CVE-2023-41069
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41075

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-41075
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213673 | source : product-security@apple.com
https://support.apple.com/en-us/HT213675 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213677 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41974

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-41974
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41987

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE ID : CVE-2023-41987
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-41994

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission.

CVE ID : CVE-2023-41994
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42826

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution.

CVE ID : CVE-2023-42826
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42828

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.

CVE ID : CVE-2023-42828
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42829

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.

CVE ID : CVE-2023-42829
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42830

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.

CVE ID : CVE-2023-42830
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42831

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.

CVE ID : CVE-2023-42831
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213842 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42832

First published on : 10-01-2024 22:15:49
Last modified on : 10-01-2024 22:15:49

Description :
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.

CVE ID : CVE-2023-42832
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213844 | source : product-security@apple.com
https://support.apple.com/en-us/HT213845 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42833

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-42833
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com
https://support.apple.com/en-us/HT213941 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42862

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.

CVE ID : CVE-2023-42862
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213674 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213678 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42865

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.

CVE ID : CVE-2023-42865
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213670 | source : product-security@apple.com
https://support.apple.com/en-us/HT213674 | source : product-security@apple.com
https://support.apple.com/en-us/HT213676 | source : product-security@apple.com
https://support.apple.com/en-us/HT213678 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42866

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2023-42866
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213841 | source : product-security@apple.com
https://support.apple.com/en-us/HT213843 | source : product-security@apple.com
https://support.apple.com/en-us/HT213846 | source : product-security@apple.com
https://support.apple.com/en-us/HT213847 | source : product-security@apple.com
https://support.apple.com/en-us/HT213848 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42869

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.

CVE ID : CVE-2023-42869
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213757 | source : product-security@apple.com
https://support.apple.com/en-us/HT213758 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42870

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-42870
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42871

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2023-42871
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42872

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.

CVE ID : CVE-2023-42872
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42876

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

CVE ID : CVE-2023-42876
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42929

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data.

CVE ID : CVE-2023-42929
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42933

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges.

CVE ID : CVE-2023-42933
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42934

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.

CVE ID : CVE-2023-42934
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT213938 | source : product-security@apple.com
https://support.apple.com/en-us/HT213940 | source : product-security@apple.com


Vulnerability ID : CVE-2023-42941

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.

CVE ID : CVE-2023-42941
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214035 | source : product-security@apple.com


Source : google.com

Vulnerability ID : CVE-2024-0333

First published on : 10-01-2024 22:15:50
Last modified on : 10-01-2024 22:15:50

Description :
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0333
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html | source : chrome-cve-admin@google.com
https://crbug.com/1513379 | source : chrome-cve-admin@google.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.