This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T21:45:39+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5730 www.secnews.physaphae.fr/article.php?IdArticle=8400534 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5753 www.secnews.physaphae.fr/article.php?IdArticle=8400542 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5728 www.secnews.physaphae.fr/article.php?IdArticle=8400532 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5729 www.secnews.physaphae.fr/article.php?IdArticle=8400533 False Vulnerability None None CVE Liste - Common Vulnerability Exposure When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren\'t installing from Mercurial.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5752 www.secnews.physaphae.fr/article.php?IdArticle=8400541 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'text-blocks\' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5745 www.secnews.physaphae.fr/article.php?IdArticle=8400539 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5731 www.secnews.physaphae.fr/article.php?IdArticle=8400535 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5722 www.secnews.physaphae.fr/article.php?IdArticle=8400526 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5725 www.secnews.physaphae.fr/article.php?IdArticle=8400529 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5746 www.secnews.physaphae.fr/article.php?IdArticle=8400540 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5732 www.secnews.physaphae.fr/article.php?IdArticle=8400536 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5723 www.secnews.physaphae.fr/article.php?IdArticle=8400527 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'vsgmap\' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5744 www.secnews.physaphae.fr/article.php?IdArticle=8400538 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5726 www.secnews.physaphae.fr/article.php?IdArticle=8400530 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site\'s root directory or /wp-content and /wp-includes folders and achieve remote code execution.]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5311 www.secnews.physaphae.fr/article.php?IdArticle=8400519 False None None None CVE Liste - Common Vulnerability Exposure Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5472 www.secnews.physaphae.fr/article.php?IdArticle=8400521 False Threat None None CVE Liste - Common Vulnerability Exposure HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5671 www.secnews.physaphae.fr/article.php?IdArticle=8400523 False None None None CVE Liste - Common Vulnerability Exposure A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5568 www.secnews.physaphae.fr/article.php?IdArticle=8400522 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\'s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spott]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5363 www.secnews.physaphae.fr/article.php?IdArticle=8400520 False None None None CVE Liste - Common Vulnerability Exposure A heap out-of-bounds write vulnerability in the Linux kernel\'s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event\'s sibling_list is smaller than its child\'s sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.]]> 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5717 www.secnews.physaphae.fr/article.php?IdArticle=8400524 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5721 www.secnews.physaphae.fr/article.php?IdArticle=8400525 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on \'icon\' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5127 www.secnews.physaphae.fr/article.php?IdArticle=8400518 False None None None CVE Liste - Common Vulnerability Exposure The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'plugin_delete_me\' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.]]> 2023-10-25T18:17:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5126 www.secnews.physaphae.fr/article.php?IdArticle=8400517 False None None None CVE Liste - Common Vulnerability Exposure The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'bsk-pdfm-category-dropdown\' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5110 www.secnews.physaphae.fr/article.php?IdArticle=8400516 False None None None CVE Liste - Common Vulnerability Exposure The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'advMenu\' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-25T18:17:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5085 www.secnews.physaphae.fr/article.php?IdArticle=8400515 False None None None CVE Liste - Common Vulnerability Exposure An out-of-bounds write flaw was found in grub2\'s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub\'s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.]]> 2023-10-25T18:17:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 www.secnews.physaphae.fr/article.php?IdArticle=8400513 False None None None CVE Liste - Common Vulnerability Exposure An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.]]> 2023-10-25T18:17:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4606 www.secnews.physaphae.fr/article.php?IdArticle=8400425 False None None None CVE Liste - Common Vulnerability Exposure An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.]]> 2023-10-25T18:17:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4608 www.secnews.physaphae.fr/article.php?IdArticle=8400431 False None None None CVE Liste - Common Vulnerability Exposure An out-of-bounds read flaw was found on grub2\'s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.]]> 2023-10-25T18:17:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 www.secnews.physaphae.fr/article.php?IdArticle=8400514 False None None None CVE Liste - Common Vulnerability Exposure An authenticated XCC user can change permissions for any user through a crafted API command.]]> 2023-10-25T18:17:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4607 www.secnews.physaphae.fr/article.php?IdArticle=8400428 False None None None CVE Liste - Common Vulnerability Exposure Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46660 www.secnews.physaphae.fr/article.php?IdArticle=8400512 False None None None CVE Liste - Common Vulnerability Exposure Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46653 www.secnews.physaphae.fr/article.php?IdArticle=8400505 False None None None CVE Liste - Common Vulnerability Exposure Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46656 www.secnews.physaphae.fr/article.php?IdArticle=8400508 False None None None CVE Liste - Common Vulnerability Exposure Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the \'CloudBees CD - Publish Artifact\' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46655 www.secnews.physaphae.fr/article.php?IdArticle=8400507 False None None None CVE Liste - Common Vulnerability Exposure A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46652 www.secnews.physaphae.fr/article.php?IdArticle=8400504 False None None None CVE Liste - Common Vulnerability Exposure Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the \'CloudBees CD - Publish Artifact\' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46654 www.secnews.physaphae.fr/article.php?IdArticle=8400506 False None None None CVE Liste - Common Vulnerability Exposure Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46658 www.secnews.physaphae.fr/article.php?IdArticle=8400510 False None None None CVE Liste - Common Vulnerability Exposure Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46657 www.secnews.physaphae.fr/article.php?IdArticle=8400509 False None None None CVE Liste - Common Vulnerability Exposure Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.]]> 2023-10-25T18:17:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46659 www.secnews.physaphae.fr/article.php?IdArticle=8400511 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46558 www.secnews.physaphae.fr/article.php?IdArticle=8400495 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46560 www.secnews.physaphae.fr/article.php?IdArticle=8400497 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46563 www.secnews.physaphae.fr/article.php?IdArticle=8400499 False None None None CVE Liste - Common Vulnerability Exposure Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46650 www.secnews.physaphae.fr/article.php?IdArticle=8400502 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46554 www.secnews.physaphae.fr/article.php?IdArticle=8400491 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46553 www.secnews.physaphae.fr/article.php?IdArticle=8400490 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46557 www.secnews.physaphae.fr/article.php?IdArticle=8400494 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46552 www.secnews.physaphae.fr/article.php?IdArticle=8400489 False None None None CVE Liste - Common Vulnerability Exposure An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46574 www.secnews.physaphae.fr/article.php?IdArticle=8400501 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46559 www.secnews.physaphae.fr/article.php?IdArticle=8400496 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46556 www.secnews.physaphae.fr/article.php?IdArticle=8400493 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46550 www.secnews.physaphae.fr/article.php?IdArticle=8400487 False None None None CVE Liste - Common Vulnerability Exposure Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46651 www.secnews.physaphae.fr/article.php?IdArticle=8400503 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46562 www.secnews.physaphae.fr/article.php?IdArticle=8400498 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46564 www.secnews.physaphae.fr/article.php?IdArticle=8400500 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46549 www.secnews.physaphae.fr/article.php?IdArticle=8400486 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46555 www.secnews.physaphae.fr/article.php?IdArticle=8400492 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46548 www.secnews.physaphae.fr/article.php?IdArticle=8400485 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.]]> 2023-10-25T18:17:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46551 www.secnews.physaphae.fr/article.php?IdArticle=8400488 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46520 www.secnews.physaphae.fr/article.php?IdArticle=8400464 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46538 www.secnews.physaphae.fr/article.php?IdArticle=8400475 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46539 www.secnews.physaphae.fr/article.php?IdArticle=8400476 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46536 www.secnews.physaphae.fr/article.php?IdArticle=8400473 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46543 www.secnews.physaphae.fr/article.php?IdArticle=8400480 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46537 www.secnews.physaphae.fr/article.php?IdArticle=8400474 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46547 www.secnews.physaphae.fr/article.php?IdArticle=8400484 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46526 www.secnews.physaphae.fr/article.php?IdArticle=8400469 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46545 www.secnews.physaphae.fr/article.php?IdArticle=8400482 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46521 www.secnews.physaphae.fr/article.php?IdArticle=8400465 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46540 www.secnews.physaphae.fr/article.php?IdArticle=8400477 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46535 www.secnews.physaphae.fr/article.php?IdArticle=8400472 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46523 www.secnews.physaphae.fr/article.php?IdArticle=8400467 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46542 www.secnews.physaphae.fr/article.php?IdArticle=8400479 False None None None CVE Liste - Common Vulnerability Exposure Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46518 www.secnews.physaphae.fr/article.php?IdArticle=8400463 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46541 www.secnews.physaphae.fr/article.php?IdArticle=8400478 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46527 www.secnews.physaphae.fr/article.php?IdArticle=8400470 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46534 www.secnews.physaphae.fr/article.php?IdArticle=8400471 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46546 www.secnews.physaphae.fr/article.php?IdArticle=8400483 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46544 www.secnews.physaphae.fr/article.php?IdArticle=8400481 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46525 www.secnews.physaphae.fr/article.php?IdArticle=8400468 False None None None CVE Liste - Common Vulnerability Exposure TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.]]> 2023-10-25T18:17:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46522 www.secnews.physaphae.fr/article.php?IdArticle=8400466 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46189 www.secnews.physaphae.fr/article.php?IdArticle=8400447 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46346 www.secnews.physaphae.fr/article.php?IdArticle=8400455 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46198 www.secnews.physaphae.fr/article.php?IdArticle=8400451 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46191 www.secnews.physaphae.fr/article.php?IdArticle=8400449 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46190 www.secnews.physaphae.fr/article.php?IdArticle=8400448 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46396 www.secnews.physaphae.fr/article.php?IdArticle=8400462 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46202 www.secnews.physaphae.fr/article.php?IdArticle=8400452 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46204 www.secnews.physaphae.fr/article.php?IdArticle=8400453 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46347 www.secnews.physaphae.fr/article.php?IdArticle=8400456 False None None None CVE Liste - Common Vulnerability Exposure Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46369 www.secnews.physaphae.fr/article.php?IdArticle=8400458 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46158 www.secnews.physaphae.fr/article.php?IdArticle=8400446 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46193 www.secnews.physaphae.fr/article.php?IdArticle=8400450 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46316 www.secnews.physaphae.fr/article.php?IdArticle=8400454 False None None None CVE Liste - Common Vulnerability Exposure Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46370 www.secnews.physaphae.fr/article.php?IdArticle=8400459 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46371 www.secnews.physaphae.fr/article.php?IdArticle=8400460 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46373 www.secnews.physaphae.fr/article.php?IdArticle=8400461 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.]]> 2023-10-25T18:17:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46358 www.secnews.physaphae.fr/article.php?IdArticle=8400457 False None None None CVE Liste - Common Vulnerability Exposure rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.]]> 2023-10-25T18:17:36+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46135 www.secnews.physaphae.fr/article.php?IdArticle=8400441 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.]]> 2023-10-25T18:17:36+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46119 www.secnews.physaphae.fr/article.php?IdArticle=8400434 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`.]]> 2023-10-25T18:17:36+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46125 www.secnews.physaphae.fr/article.php?IdArticle=8400438 False Vulnerability None None