Latest vulnerabilities [Wednesday, November 29, 2023]

Latest vulnerabilities [Wednesday, November 29, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/29/2023 at 11:57:02 PM

(2) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2023-49079

First published on : 29-11-2023 19:15:07
Last modified on : 29-11-2023 20:53:05

Description :
Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

CVE ID : CVE-2023-49079
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/misskey-dev/misskey/security/advisories/GHSA-3f39-6537-3cgc | source : security-advisories@github.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2023-49083

First published on : 29-11-2023 19:15:07
Last modified on : 29-11-2023 21:15:07

Description :
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

CVE ID : CVE-2023-49083
Source : security-advisories@github.com
CVSS Score : 9.1

References :
http://www.openwall.com/lists/oss-security/2023/11/29/2 | source : security-advisories@github.com
https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a | source : security-advisories@github.com
https://github.com/pyca/cryptography/pull/9926 | source : security-advisories@github.com
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 | source : security-advisories@github.com

Vulnerability : CWE-476


(4) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2023-49091

First published on : 29-11-2023 20:15:08
Last modified on : 29-11-2023 20:53:05

Description :
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0.

CVE ID : CVE-2023-49091
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x | source : security-advisories@github.com

Vulnerability : CWE-613


Source : progress.com

Vulnerability ID : CVE-2023-6218

First published on : 29-11-2023 17:15:07
Last modified on : 29-11-2023 20:53:05

Description :
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

CVE ID : CVE-2023-6218
Source : security@progress.com
CVSS Score : 7.2

References :
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023 | source : security@progress.com
https://www.progress.com/moveit | source : security@progress.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-6217

First published on : 29-11-2023 17:15:07
Last modified on : 29-11-2023 20:53:05

Description :
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victimโ€™s browser.

CVE ID : CVE-2023-6217
Source : security@progress.com
CVSS Score : 7.1

References :
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023 | source : security@progress.com
https://www.progress.com/moveit | source : security@progress.com

Vulnerability : CWE-79


Source : ncsc.ch

Vulnerability ID : CVE-2023-6378

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

CVE ID : CVE-2023-6378
Source : vulnerability@ncsc.ch
CVSS Score : 7.1

References :
https://logback.qos.ch/news.html#1.3.12 | source : vulnerability@ncsc.ch


(4) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2023-49090

First published on : 29-11-2023 15:15:08
Last modified on : 29-11-2023 20:53:05

Description :
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

CVE ID : CVE-2023-49090
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5 | source : security-advisories@github.com
https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3 | source : security-advisories@github.com
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44383

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.

CVE ID : CVE-2023-44383
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b | source : security-advisories@github.com
https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49082

First published on : 29-11-2023 20:15:08
Last modified on : 29-11-2023 20:53:05

Description :
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.

CVE ID : CVE-2023-49082
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b | source : security-advisories@github.com
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-93


Source : trellix.com

Vulnerability ID : CVE-2023-6070

First published on : 29-11-2023 09:15:21
Last modified on : 29-11-2023 14:18:05

Description :
A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data

CVE ID : CVE-2023-6070
Source : trellixpsirt@trellix.com
CVSS Score : 4.3

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10413 | source : trellixpsirt@trellix.com

Vulnerability : CWE-918


(0) LOW VULNERABILITIES [0.1, 3.9]

(43) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-23324

First published on : 29-11-2023 01:15:07
Last modified on : 29-11-2023 14:18:11

Description :
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.

CVE ID : CVE-2023-23324
Source : cve@mitre.org
CVSS Score : /

References :
http://zumtobel.com | source : cve@mitre.org
https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-23325

First published on : 29-11-2023 01:15:07
Last modified on : 29-11-2023 14:18:11

Description :
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.

CVE ID : CVE-2023-23325
Source : cve@mitre.org
CVSS Score : /

References :
http://zumtobel.com | source : cve@mitre.org
https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-24294

First published on : 29-11-2023 01:15:07
Last modified on : 29-11-2023 14:18:11

Description :
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.

CVE ID : CVE-2023-24294
Source : cve@mitre.org
CVSS Score : /

References :
http://zumtobel.com | source : cve@mitre.org
https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46886

First published on : 29-11-2023 05:15:07
Last modified on : 29-11-2023 14:18:11

Description :
Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.

CVE ID : CVE-2023-46886
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN | source : cve@mitre.org


Vulnerability ID : CVE-2023-46887

First published on : 29-11-2023 05:15:07
Last modified on : 29-11-2023 14:18:11

Description :
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.

CVE ID : CVE-2023-46887
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47462

First published on : 29-11-2023 05:15:08
Last modified on : 29-11-2023 14:18:11

Description :
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.

CVE ID : CVE-2023-47462
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary%20File%20Read%20through%20file%20share.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45479

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:11

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.

CVE ID : CVE-2023-45479
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_49E098_code.png | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/sub_49E098.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45480

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:11

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.

CVE ID : CVE-2023-45480
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_47d878_code.png | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/sub_47D878.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45481

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:05

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.

CVE ID : CVE-2023-45481
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/assets/setFirewallCfg_code.png | source : cve@mitre.org


Vulnerability ID : CVE-2023-45482

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:05

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.

CVE ID : CVE-2023-45482
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/assets/get_parentControl_list_Info_code.png | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/get_parentControl_list_Info.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45483

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:05

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.

CVE ID : CVE-2023-45483
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/assets/compare_parentcontrol_time_code.png | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/compare_parentcontrol_time.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45484

First published on : 29-11-2023 06:15:46
Last modified on : 29-11-2023 14:18:05

Description :
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.

CVE ID : CVE-2023-45484
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/l3m0nade/IOTvul/blob/master/assets/fromSetWifiGuestBasic_code.png | source : cve@mitre.org
https://github.com/l3m0nade/IOTvul/blob/master/fromSetWifiGusetBasic.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48880

First published on : 29-11-2023 16:15:07
Last modified on : 29-11-2023 20:53:05

Description :
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

CVE ID : CVE-2023-48880
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weng-xianhu/eyoucms/issues/52 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48881

First published on : 29-11-2023 16:15:07
Last modified on : 29-11-2023 20:53:05

Description :
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

CVE ID : CVE-2023-48881
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weng-xianhu/eyoucms/issues/53 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48882

First published on : 29-11-2023 16:15:07
Last modified on : 29-11-2023 20:53:05

Description :
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

CVE ID : CVE-2023-48882
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weng-xianhu/eyoucms/issues/54 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48945

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE ID : CVE-2023-48945
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1172 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48946

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48946
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1178 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48947

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48947
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1179 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48948

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48948
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48949

First published on : 29-11-2023 20:15:07
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48949
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1173 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48950

First published on : 29-11-2023 20:15:08
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48950
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1174 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48951

First published on : 29-11-2023 20:15:08
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48951
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1177 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48952

First published on : 29-11-2023 20:15:08
Last modified on : 29-11-2023 20:53:05

Description :
An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE ID : CVE-2023-48952
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openlink/virtuoso-opensource/issues/1175 | source : cve@mitre.org


Source : google.com

Vulnerability ID : CVE-2023-6345

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVE ID : CVE-2023-6345
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1505053 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6346

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-6346
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1500856 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6347

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-6347
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1494461 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6348

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2023-6348
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1491459 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6350

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

CVE ID : CVE-2023-6350
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1501766 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2023-6351

First published on : 29-11-2023 12:15:07
Last modified on : 29-11-2023 14:18:05

Description :
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

CVE ID : CVE-2023-6351
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html | source : chrome-cve-admin@google.com
https://crbug.com/1501770 | source : chrome-cve-admin@google.com


Source : joomla.org

Vulnerability ID : CVE-2023-40626

First published on : 29-11-2023 13:15:07
Last modified on : 29-11-2023 14:18:05

Description :
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

CVE ID : CVE-2023-40626
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html | source : security@joomla.org


Source : googlegroups.com

Vulnerability ID : CVE-2023-49652

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.

CVE ID : CVE-2023-49652
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-2835 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49653

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

CVE ID : CVE-2023-49653
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3225 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49654

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.

CVE ID : CVE-2023-49654
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49655

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.

CVE ID : CVE-2023-49655
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49656

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE ID : CVE-2023-49656
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49673

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

CVE ID : CVE-2023-49673
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2023-49674

First published on : 29-11-2023 14:15:07
Last modified on : 29-11-2023 15:15:09

Description :
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

CVE ID : CVE-2023-49674
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/11/29/1 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256 | source : jenkinsci-cert@googlegroups.com


Source : android.com

Vulnerability ID : CVE-2022-42536

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Remote code execution

CVE ID : CVE-2022-42536
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


Vulnerability ID : CVE-2022-42537

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Remote code execution

CVE ID : CVE-2022-42537
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


Vulnerability ID : CVE-2022-42538

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Elevation of privilege

CVE ID : CVE-2022-42538
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


Vulnerability ID : CVE-2022-42539

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Information disclosure

CVE ID : CVE-2022-42539
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


Vulnerability ID : CVE-2022-42540

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Elevation of privilege

CVE ID : CVE-2022-42540
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


Vulnerability ID : CVE-2022-42541

First published on : 29-11-2023 22:15:07
Last modified on : 29-11-2023 22:15:07

Description :
Remote code execution

CVE ID : CVE-2022-42541
Source : security@android.com
CVSS Score : /

References :
https://source.android.com/docs/security/bulletin/chromecast/2023-07-01 | source : security@android.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.