This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T16:11:10+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2023-10-26T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30492 www.secnews.physaphae.fr/article.php?IdArticle=8400894 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5802 www.secnews.physaphae.fr/article.php?IdArticle=8400906 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46072 www.secnews.physaphae.fr/article.php?IdArticle=8400896 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-26T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46074 www.secnews.physaphae.fr/article.php?IdArticle=8400897 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks]]> 2023-10-26T10:15:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5798 www.secnews.physaphae.fr/article.php?IdArticle=8400817 False None None None CVE Liste - Common Vulnerability Exposure The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.]]> 2023-10-26T05:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46754 www.secnews.physaphae.fr/article.php?IdArticle=8400778 False None None None CVE Liste - Common Vulnerability Exposure Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver]]> 2023-10-26T05:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5139 www.secnews.physaphae.fr/article.php?IdArticle=8400779 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.]]> 2023-10-26T05:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46752 www.secnews.physaphae.fr/article.php?IdArticle=8400776 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.]]> 2023-10-26T05:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46753 www.secnews.physaphae.fr/article.php?IdArticle=8400777 False None None None CVE Liste - Common Vulnerability Exposure It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\'s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.]]> 2023-10-26T04:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31421 www.secnews.physaphae.fr/article.php?IdArticle=8400700 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.]]> 2023-10-26T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31422 www.secnews.physaphae.fr/article.php?IdArticle=8400701 False None None None CVE Liste - Common Vulnerability Exposure = V8.10.0 et = v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.]]> 2023-10-26T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46667 www.secnews.physaphae.fr/article.php?IdArticle=8400705 False Threat None None CVE Liste - Common Vulnerability Exposure If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.]]> 2023-10-26T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46668 www.secnews.physaphae.fr/article.php?IdArticle=8400706 False None None None CVE Liste - Common Vulnerability Exposure Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.]]> 2023-10-26T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43906 www.secnews.physaphae.fr/article.php?IdArticle=8400703 False None None None CVE Liste - Common Vulnerability Exposure Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.]]> 2023-10-26T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46345 www.secnews.physaphae.fr/article.php?IdArticle=8400704 False None None None CVE Liste - Common Vulnerability Exposure Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.]]> 2023-10-26T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43905 www.secnews.physaphae.fr/article.php?IdArticle=8400702 False None None None CVE Liste - Common Vulnerability Exposure The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.]]> 2023-10-26T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30969 www.secnews.physaphae.fr/article.php?IdArticle=8400699 False None None None CVE Liste - Common Vulnerability Exposure Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.]]> 2023-10-26T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30967 www.secnews.physaphae.fr/article.php?IdArticle=8400698 False None None None CVE Liste - Common Vulnerability Exposure An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38848 www.secnews.physaphae.fr/article.php?IdArticle=8400627 False None None None CVE Liste - Common Vulnerability Exposure SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46584 www.secnews.physaphae.fr/article.php?IdArticle=8400631 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38849 www.secnews.physaphae.fr/article.php?IdArticle=8400628 False None None None CVE Liste - Common Vulnerability Exposure An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38845 www.secnews.physaphae.fr/article.php?IdArticle=8400624 False None None None CVE Liste - Common Vulnerability Exposure era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word’s index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and redeploying affected contracts is the only way of working around the issue.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46232 www.secnews.physaphae.fr/article.php?IdArticle=8400629 False None None None CVE Liste - Common Vulnerability Exposure An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38846 www.secnews.physaphae.fr/article.php?IdArticle=8400625 False None None None CVE Liste - Common Vulnerability Exposure An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38847 www.secnews.physaphae.fr/article.php?IdArticle=8400626 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.]]> 2023-10-25T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46583 www.secnews.physaphae.fr/article.php?IdArticle=8400630 False Vulnerability None None CVE Liste - Common Vulnerability Exposure CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a \'strength\' or \'difficulty\' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.]]> 2023-10-25T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46133 www.secnews.physaphae.fr/article.php?IdArticle=8400572 False None None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki\'s WAR and can be patched by manually applying the changes from the fix.]]> 2023-10-25T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45137 www.secnews.physaphae.fr/article.php?IdArticle=8400571 False None None None CVE Liste - Common Vulnerability Exposure Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.]]> 2023-10-25T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46137 www.secnews.physaphae.fr/article.php?IdArticle=8400574 False None None None CVE Liste - Common Vulnerability Exposure crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a \'strength\' or \'difficulty\' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.]]> 2023-10-25T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46233 www.secnews.physaphae.fr/article.php?IdArticle=8400575 False None None None CVE Liste - Common Vulnerability Exposure D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.]]> 2023-10-25T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46134 www.secnews.physaphae.fr/article.php?IdArticle=8400573 False None None None CVE Liste - Common Vulnerability Exposure A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.]]> 2023-10-25T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5367 www.secnews.physaphae.fr/article.php?IdArticle=8400595 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.]]> 2023-10-25T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5380 www.secnews.physaphae.fr/article.php?IdArticle=8400596 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.]]> 2023-10-25T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 www.secnews.physaphae.fr/article.php?IdArticle=8400597 False None None None CVE Liste - Common Vulnerability Exposure Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.]]> 2023-10-25T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5044 www.secnews.physaphae.fr/article.php?IdArticle=8400594 False None Uber None CVE Liste - Common Vulnerability Exposure Ingress nginx annotation injection causes arbitrary command execution.]]> 2023-10-25T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5043 www.secnews.physaphae.fr/article.php?IdArticle=8400593 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46408 www.secnews.physaphae.fr/article.php?IdArticle=8400576 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46415 www.secnews.physaphae.fr/article.php?IdArticle=8400583 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46414 www.secnews.physaphae.fr/article.php?IdArticle=8400582 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46410 www.secnews.physaphae.fr/article.php?IdArticle=8400578 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46420 www.secnews.physaphae.fr/article.php?IdArticle=8400588 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46424 www.secnews.physaphae.fr/article.php?IdArticle=8400592 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46412 www.secnews.physaphae.fr/article.php?IdArticle=8400580 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46409 www.secnews.physaphae.fr/article.php?IdArticle=8400577 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki\'s WAR and can be patched by manually applying the changes from the fix.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45136 www.secnews.physaphae.fr/article.php?IdArticle=8400570 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46416 www.secnews.physaphae.fr/article.php?IdArticle=8400584 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46411 www.secnews.physaphae.fr/article.php?IdArticle=8400579 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46422 www.secnews.physaphae.fr/article.php?IdArticle=8400590 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46413 www.secnews.physaphae.fr/article.php?IdArticle=8400581 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46417 www.secnews.physaphae.fr/article.php?IdArticle=8400585 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46419 www.secnews.physaphae.fr/article.php?IdArticle=8400587 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46423 www.secnews.physaphae.fr/article.php?IdArticle=8400591 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46418 www.secnews.physaphae.fr/article.php?IdArticle=8400586 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.]]> 2023-10-25T20:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46421 www.secnews.physaphae.fr/article.php?IdArticle=8400589 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn\'t displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right. For the attack to work, the attacker needs to convince the victim to visit a link like `/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn\'t exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.]]> 2023-10-25T20:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45135 www.secnews.physaphae.fr/article.php?IdArticle=8400569 False None None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker\'s user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki\'s WAR and can be patched by manually applying the changes from the fix.]]> 2023-10-25T20:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45134 www.secnews.physaphae.fr/article.php?IdArticle=8400568 False None None None CVE Liste - Common Vulnerability Exposure Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.]]> 2023-10-25T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4886 www.secnews.physaphae.fr/article.php?IdArticle=8400567 False None None None CVE Liste - Common Vulnerability Exposure A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user\'s credentials can unlock another standard user\'s locked screen on the same Mac.]]> 2023-10-25T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42861 www.secnews.physaphae.fr/article.php?IdArticle=8400378 False None None None CVE Liste - Common Vulnerability Exposure A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42852 www.secnews.physaphae.fr/article.php?IdArticle=8400374 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42854 www.secnews.physaphae.fr/article.php?IdArticle=8400375 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42849 www.secnews.physaphae.fr/article.php?IdArticle=8400372 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42850 www.secnews.physaphae.fr/article.php?IdArticle=8400373 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41997 www.secnews.physaphae.fr/article.php?IdArticle=8400356 False None None None CVE Liste - Common Vulnerability Exposure An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42845 www.secnews.physaphae.fr/article.php?IdArticle=8400369 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41977 www.secnews.physaphae.fr/article.php?IdArticle=8400351 False None None None CVE Liste - Common Vulnerability Exposure A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42847 www.secnews.physaphae.fr/article.php?IdArticle=8400371 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42842 www.secnews.physaphae.fr/article.php?IdArticle=8400367 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42841 www.secnews.physaphae.fr/article.php?IdArticle=8400366 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41988 www.secnews.physaphae.fr/article.php?IdArticle=8400354 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41982 www.secnews.physaphae.fr/article.php?IdArticle=8400352 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42856 www.secnews.physaphae.fr/article.php?IdArticle=8400376 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42844 www.secnews.physaphae.fr/article.php?IdArticle=8400368 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41989 www.secnews.physaphae.fr/article.php?IdArticle=8400355 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42846 www.secnews.physaphae.fr/article.php?IdArticle=8400370 False None None None CVE Liste - Common Vulnerability Exposure An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42438 www.secnews.physaphae.fr/article.php?IdArticle=8400358 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41983 www.secnews.physaphae.fr/article.php?IdArticle=8400353 False None None None CVE Liste - Common Vulnerability Exposure A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42857 www.secnews.physaphae.fr/article.php?IdArticle=8400377 False None None None CVE Liste - Common Vulnerability Exposure A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41072 www.secnews.physaphae.fr/article.php?IdArticle=8400341 False None None None CVE Liste - Common Vulnerability Exposure A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40421 www.secnews.physaphae.fr/article.php?IdArticle=8400334 False None None None CVE Liste - Common Vulnerability Exposure A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40405 www.secnews.physaphae.fr/article.php?IdArticle=8400330 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40413 www.secnews.physaphae.fr/article.php?IdArticle=8400332 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40416 www.secnews.physaphae.fr/article.php?IdArticle=8400333 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41975 www.secnews.physaphae.fr/article.php?IdArticle=8400349 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41077 www.secnews.physaphae.fr/article.php?IdArticle=8400342 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41976 www.secnews.physaphae.fr/article.php?IdArticle=8400350 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40401 www.secnews.physaphae.fr/article.php?IdArticle=8400328 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40423 www.secnews.physaphae.fr/article.php?IdArticle=8400335 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40449 www.secnews.physaphae.fr/article.php?IdArticle=8400340 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40445 www.secnews.physaphae.fr/article.php?IdArticle=8400338 False None None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40447 www.secnews.physaphae.fr/article.php?IdArticle=8400339 False None None None CVE Liste - Common Vulnerability Exposure A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40444 www.secnews.physaphae.fr/article.php?IdArticle=8400337 False None None None CVE Liste - Common Vulnerability Exposure An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40408 www.secnews.physaphae.fr/article.php?IdArticle=8400331 False None None None CVE Liste - Common Vulnerability Exposure This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user\'s password may be read aloud by VoiceOver.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32359 www.secnews.physaphae.fr/article.php?IdArticle=8400296 False None None None CVE Liste - Common Vulnerability Exposure A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41254 www.secnews.physaphae.fr/article.php?IdArticle=8400343 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40404 www.secnews.physaphae.fr/article.php?IdArticle=8400329 False None None None CVE Liste - Common Vulnerability Exposure A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.]]> 2023-10-25T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40425 www.secnews.physaphae.fr/article.php?IdArticle=8400336 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5758 www.secnews.physaphae.fr/article.php?IdArticle=8400543 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'vsgmap\' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5744 www.secnews.physaphae.fr/article.php?IdArticle=8400538 False None None None CVE Liste - Common Vulnerability Exposure When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren\'t installing from Mercurial.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5752 www.secnews.physaphae.fr/article.php?IdArticle=8400541 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'messenger\' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5740 www.secnews.physaphae.fr/article.php?IdArticle=8400537 False None None None