Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2023-3188 - Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3188
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3187 - A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3187
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29753 - An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29753
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29751 - An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29751
Partager : LinkedIn / Twitter / Facebook

CVE-2023-26465 - Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-26465
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3141 - A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3141
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34856 - A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34856
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32312 - UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32312
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29767 - An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29767
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29766 - An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29766
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29761 - An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29761
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29759 - An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29759
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29758 - An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29758
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29757 - An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29757
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29756 - An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29756
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29755 - An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29755
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29752 - An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29752
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29749 - An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29749
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2455 - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2455
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2454 - schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2454
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29714 - Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29714
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29713 - Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29713
Partager : LinkedIn / Twitter / Facebook

CVE-2023-27706 - Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-27706
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34245 - @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34245
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34100 - Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34100
Partager : LinkedIn / Twitter / Facebook

CVE-2023-33557 - Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-33557
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30262 - An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30262
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29712 - Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29712
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16283 - A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2019-16283
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2121 - Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2121
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3183 - A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3183
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2286 - The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2286
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2285 - The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2285
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2284 - The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2284
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2261 - The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2261
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32732 - gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32732
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32731 - When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32731
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1428 - There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1428
Partager : LinkedIn / Twitter / Facebook

CVE-2023-0342 - MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-0342
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34364 - A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34364
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34363 - An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34363
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2897 - The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2897
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2896 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2896
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2895 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2895
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2894 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2894
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2893 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2893
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2892 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2892
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3177 - A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3177
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3176 - A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3176
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2891 - The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2891
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2767 - The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2767
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2764 - The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2764
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2688 - The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2688
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2607 - The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2607
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2604 - The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term' parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2604
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2599 - The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2599
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2584 - The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2584
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2558 - The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2558
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2557 - The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2557
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2556 - The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2556
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2555 - The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2555
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2526 - The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2526
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2484 - The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2484
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2452 - The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2452
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2450 - The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2450
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2414 - The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2414
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2402 - The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2402
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2305 - The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2305
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2289 - The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term' parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2289
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2280 - The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2280
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2275 - The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2275
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2249 - The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2249
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2237 - The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2237
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2189 - The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2189
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2184 - The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2184
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2159 - The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2159
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2087 - The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2087
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2086 - The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2086
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2085 - The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2085
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2084 - The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2084
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2083 - The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2083
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2067 - The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site's user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2067
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2066 - The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2066
Partager : LinkedIn / Twitter / Facebook

CVE-2023-2031 - The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-2031
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1978 - The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1978
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1917 - The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1917
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1910 - The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1910
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1895 - The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1895
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1889 - The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1889
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1888 - The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1888
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1843 - The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1843
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1807 - The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1807
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1615 - The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1615
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1430 - The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1430
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1404 - The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1404
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1403 - The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1403
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1375 - The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1375
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1169 - The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1169
Partager : LinkedIn / Twitter / Facebook

CVE-2023-1016 - The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-1016
Partager : LinkedIn / Twitter / Facebook

CVE-2023-0993 - The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-0993
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2023-3184 - A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-3184
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21670 - Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21670
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21669 - Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21669
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21661 - Transient DOS while parsing WLAN beacon or probe-response frame.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21661
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21660 - Transient DOS in WLAN Firmware while parsing FT Information Elements.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21660
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21659 - Transient DOS in WLAN Firmware while processing frames with missing header fields.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21659
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21658 - Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21658
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21657 - Memoru corruption in Audio when ADSP sends input during record use case.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21657
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21656 - Memory corruption in WLAN HOST while receiving an WMI event from firmware.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21656
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21632 - Memory corruption in Automotive GPU while querying a gsl memory node.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21632
Partager : LinkedIn / Twitter / Facebook

CVE-2023-21628 - Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-21628
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40538 - Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40538
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40536 - Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40536
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40533 - Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40533
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40529 - Memory corruption due to improper access control in kernel while processing a mapping request from root process.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40529
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40525 - Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40525
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40523 - Information disclosure in Kernel due to indirect branch misprediction.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40523
Partager : LinkedIn / Twitter / Facebook

CVE-2022-40522 - Memory corruption in Linux Networking due to double free while handling a hyp-assign.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-40522
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30915 - In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30915
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30914 - In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30914
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30866 - In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30866
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30865 - In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30865
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30864 - In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30864
Partager : LinkedIn / Twitter / Facebook

CVE-2023-30863 - In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-30863
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48448 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48448
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48447 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48447
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48446 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48446
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48445 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48445
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48444 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48444
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48443 - In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48443
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48442 - In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48442
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48441 - In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48441
Partager : LinkedIn / Twitter / Facebook

CVE-2022-48440 - In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2022-48440
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32334 - IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.
10/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32334
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34243 - TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34243
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34233 - The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user's local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34233
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34232 - snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user's local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34232
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34230 - snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user's local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34230
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32751 - Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32751
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32750 - Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32750
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29405 - The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29405
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29404 - The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29404
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29403 - On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29403
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29402 - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29402
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29401 - The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-29401
Partager : LinkedIn / Twitter / Facebook

CVE-2023-24535 - Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-24535
Partager : LinkedIn / Twitter / Facebook

CVE-2023-0954 - A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-0954
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34231 - gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user's local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34231
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32749 - Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-32749
Partager : LinkedIn / Twitter / Facebook

CVE-2023-34962 - Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
09/06/2023 | https://nvd.nist.gov/vuln/detail/CVE-2023-34962
Partager : LinkedIn / Twitter / Facebook