This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-05T17:58:35+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Information Disclosure Vulnerability]]> 2023-11-07T00:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36409 www.secnews.physaphae.fr/article.php?IdArticle=8406962 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Microsoft OneNote Spoofing Vulnerability]]> 2023-11-06T23:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36769 www.secnews.physaphae.fr/article.php?IdArticle=8406963 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.]]> 2023-11-06T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47004 www.secnews.physaphae.fr/article.php?IdArticle=8406879 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.]]> 2023-11-06T22:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45556 www.secnews.physaphae.fr/article.php?IdArticle=8406878 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue]]> 2023-11-06T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5530 www.secnews.physaphae.fr/article.php?IdArticle=8406890 False None None None CVE Liste - Common Vulnerability Exposure The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.]]> 2023-11-06T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5601 www.secnews.physaphae.fr/article.php?IdArticle=8406891 False None None None CVE Liste - Common Vulnerability Exposure The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-11-06T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5605 www.secnews.physaphae.fr/article.php?IdArticle=8406892 False None None None CVE Liste - Common Vulnerability Exposure Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.]]> 2023-11-06T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5771 www.secnews.physaphae.fr/article.php?IdArticle=8406893 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4930 www.secnews.physaphae.fr/article.php?IdArticle=8406882 False None None None CVE Liste - Common Vulnerability Exposure The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5454 www.secnews.physaphae.fr/article.php?IdArticle=8406889 False None None None CVE Liste - Common Vulnerability Exposure The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5355 www.secnews.physaphae.fr/article.php?IdArticle=8406888 False None None None CVE Liste - Common Vulnerability Exposure The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5354 www.secnews.physaphae.fr/article.php?IdArticle=8406887 False None None None CVE Liste - Common Vulnerability Exposure The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5352 www.secnews.physaphae.fr/article.php?IdArticle=8406886 False None None None CVE Liste - Common Vulnerability Exposure The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5082 www.secnews.physaphae.fr/article.php?IdArticle=8406883 False None None None CVE Liste - Common Vulnerability Exposure The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5228 www.secnews.physaphae.fr/article.php?IdArticle=8406885 False None None None CVE Liste - Common Vulnerability Exposure The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-11-06T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5181 www.secnews.physaphae.fr/article.php?IdArticle=8406884 False None None None CVE Liste - Common Vulnerability Exposure The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).]]> 2023-11-06T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4858 www.secnews.physaphae.fr/article.php?IdArticle=8406881 False None None None CVE Liste - Common Vulnerability Exposure The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-11-06T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4810 www.secnews.physaphae.fr/article.php?IdArticle=8406880 False None None None CVE Liste - Common Vulnerability Exposure Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.]]> 2023-11-06T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5777 www.secnews.physaphae.fr/article.php?IdArticle=8406853 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48193 www.secnews.physaphae.fr/article.php?IdArticle=8406847 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48192 www.secnews.physaphae.fr/article.php?IdArticle=8406846 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719 www.secnews.physaphae.fr/article.php?IdArticle=8406852 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46732 www.secnews.physaphae.fr/article.php?IdArticle=8406851 False Vulnerability None None CVE Liste - Common Vulnerability Exposure strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39345 www.secnews.physaphae.fr/article.php?IdArticle=8406848 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn\'t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46731 www.secnews.physaphae.fr/article.php?IdArticle=8406850 False Vulnerability None None CVE Liste - Common Vulnerability Exposure capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn\'t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254 www.secnews.physaphae.fr/article.php?IdArticle=8406849 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn\'t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): - _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46251 www.secnews.physaphae.fr/article.php?IdArticle=8406787 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45827 www.secnews.physaphae.fr/article.php?IdArticle=8406786 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4700 www.secnews.physaphae.fr/article.php?IdArticle=8406789 False None None None CVE Liste - Common Vulnerability Exposure Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid\'s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46728 www.secnews.physaphae.fr/article.php?IdArticle=8406788 False None None None CVE Liste - Common Vulnerability Exposure Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44398 www.secnews.physaphae.fr/article.php?IdArticle=8406784 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system\'s security.]]> 2023-11-06T17:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535 www.secnews.physaphae.fr/article.php?IdArticle=8406785 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user\'s awareness.]]> 2023-11-06T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40660 www.secnews.physaphae.fr/article.php?IdArticle=8406782 False None None None CVE Liste - Common Vulnerability Exposure Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.]]> 2023-11-06T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40661 www.secnews.physaphae.fr/article.php?IdArticle=8406783 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.]]> 2023-11-06T16:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5969 www.secnews.physaphae.fr/article.php?IdArticle=8406740 False None None None CVE Liste - Common Vulnerability Exposure Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\'t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\'t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.]]> 2023-11-06T16:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678 www.secnews.physaphae.fr/article.php?IdArticle=8406736 False None None None CVE Liste - Common Vulnerability Exposure In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.]]> 2023-11-06T16:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41378 www.secnews.physaphae.fr/article.php?IdArticle=8406735 False None None None CVE Liste - Common Vulnerability Exposure Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin]]> 2023-11-06T16:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5967 www.secnews.physaphae.fr/article.php?IdArticle=8406738 False None None None CVE Liste - Common Vulnerability Exposure Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. ]]> 2023-11-06T16:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5968 www.secnews.physaphae.fr/article.php?IdArticle=8406739 False None None None CVE Liste - Common Vulnerability Exposure Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user\'s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).]]> 2023-11-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950 www.secnews.physaphae.fr/article.php?IdArticle=8406737 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.]]> 2023-11-06T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4910 www.secnews.physaphae.fr/article.php?IdArticle=8406688 False None None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.]]> 2023-11-06T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5963 www.secnews.physaphae.fr/article.php?IdArticle=8406689 False None None None CVE Liste - Common Vulnerability Exposure The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%� from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%� with a version of 7.1 or above.]]> 2023-11-06T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5964 www.secnews.physaphae.fr/article.php?IdArticle=8406690 False None None None CVE Liste - Common Vulnerability Exposure The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI]]> 2023-11-06T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45161 www.secnews.physaphae.fr/article.php?IdArticle=8406686 False None None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.]]> 2023-11-06T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3246 www.secnews.physaphae.fr/article.php?IdArticle=8406683 False None None None CVE Liste - Common Vulnerability Exposure The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI]]> 2023-11-06T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45163 www.secnews.physaphae.fr/article.php?IdArticle=8406687 False None None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.]]> 2023-11-06T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3909 www.secnews.physaphae.fr/article.php?IdArticle=8406685 False None None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.]]> 2023-11-06T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3399 www.secnews.physaphae.fr/article.php?IdArticle=8406684 False None None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46780 www.secnews.physaphae.fr/article.php?IdArticle=8406641 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46781 www.secnews.physaphae.fr/article.php?IdArticle=8406642 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46776 www.secnews.physaphae.fr/article.php?IdArticle=8406637 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46777 www.secnews.physaphae.fr/article.php?IdArticle=8406638 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5823 www.secnews.physaphae.fr/article.php?IdArticle=8406647 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46778 www.secnews.physaphae.fr/article.php?IdArticle=8406639 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46779 www.secnews.physaphae.fr/article.php?IdArticle=8406640 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47186 www.secnews.physaphae.fr/article.php?IdArticle=8406644 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.]]> 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5825 www.secnews.physaphae.fr/article.php?IdArticle=8406648 False None None None CVE Liste - Common Vulnerability Exposure Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. ]]> 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4996 www.secnews.physaphae.fr/article.php?IdArticle=8406645 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.]]> 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5831 www.secnews.physaphae.fr/article.php?IdArticle=8406649 False None None None CVE Liste - Common Vulnerability Exposure 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47185 www.secnews.physaphae.fr/article.php?IdArticle=8406643 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46775 www.secnews.physaphae.fr/article.php?IdArticle=8406636 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.]]> 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5090 www.secnews.physaphae.fr/article.php?IdArticle=8406646 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.]]> 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46821 www.secnews.physaphae.fr/article.php?IdArticle=8406580 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824 www.secnews.physaphae.fr/article.php?IdArticle=8406583 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47184 www.secnews.physaphae.fr/article.php?IdArticle=8406587 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783 www.secnews.physaphae.fr/article.php?IdArticle=8406578 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47182 www.secnews.physaphae.fr/article.php?IdArticle=8406586 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822 www.secnews.physaphae.fr/article.php?IdArticle=8406581 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47177 www.secnews.physaphae.fr/article.php?IdArticle=8406585 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.]]> 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46823 www.secnews.physaphae.fr/article.php?IdArticle=8406582 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702 www.secnews.physaphae.fr/article.php?IdArticle=8406545 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782 www.secnews.physaphae.fr/article.php?IdArticle=8406577 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.]]> 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46084 www.secnews.physaphae.fr/article.php?IdArticle=8406575 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45001 www.secnews.physaphae.fr/article.php?IdArticle=8406568 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45046 www.secnews.physaphae.fr/article.php?IdArticle=8406569 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45055 www.secnews.physaphae.fr/article.php?IdArticle=8406570 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45069 www.secnews.physaphae.fr/article.php?IdArticle=8406571 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40609 www.secnews.physaphae.fr/article.php?IdArticle=8406565 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40207 www.secnews.physaphae.fr/article.php?IdArticle=8406564 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45830 www.secnews.physaphae.fr/article.php?IdArticle=8406574 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45657 www.secnews.physaphae.fr/article.php?IdArticle=8406573 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45074 www.secnews.physaphae.fr/article.php?IdArticle=8406572 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41685 www.secnews.physaphae.fr/article.php?IdArticle=8406566 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38382 www.secnews.physaphae.fr/article.php?IdArticle=8406561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27605 www.secnews.physaphae.fr/article.php?IdArticle=8406546 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35911 www.secnews.physaphae.fr/article.php?IdArticle=8406560 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28748 www.secnews.physaphae.fr/article.php?IdArticle=8406547 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33924 www.secnews.physaphae.fr/article.php?IdArticle=8406559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-11-06T08:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28794 www.secnews.physaphae.fr/article.php?IdArticle=8406548 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47430 www.secnews.physaphae.fr/article.php?IdArticle=8406542 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47428 www.secnews.physaphae.fr/article.php?IdArticle=8406541 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46860 www.secnews.physaphae.fr/article.php?IdArticle=8406539 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47432 www.secnews.physaphae.fr/article.php?IdArticle=8406543 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46849 www.secnews.physaphae.fr/article.php?IdArticle=8406538 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45373 www.secnews.physaphae.fr/article.php?IdArticle=8406537 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4430 www.secnews.physaphae.fr/article.php?IdArticle=8406536 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47420 www.secnews.physaphae.fr/article.php?IdArticle=8406540 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Samba\'s "rpcecho" development server, a non-Windows RPC server used to test Samba\'s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.]]> 2023-11-06T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42669 www.secnews.physaphae.fr/article.php?IdArticle=8406567 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.]]> 2023-11-06T06:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4699 www.secnews.physaphae.fr/article.php?IdArticle=8406584 False Vulnerability None None CVE Liste - Common Vulnerability Exposure bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.]]> 2023-11-06T06:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38407 www.secnews.physaphae.fr/article.php?IdArticle=8406563 False None None None