This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T22:53:24+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39219 www.secnews.physaphae.fr/article.php?IdArticle=8400311 False None None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37911 www.secnews.physaphae.fr/article.php?IdArticle=8400307 False Vulnerability None None CVE Liste - Common Vulnerability Exposure When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34085 www.secnews.physaphae.fr/article.php?IdArticle=8400299 False None None None CVE Liste - Common Vulnerability Exposure Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37283 www.secnews.physaphae.fr/article.php?IdArticle=8400303 False None None None CVE Liste - Common Vulnerability Exposure The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36085 www.secnews.physaphae.fr/article.php?IdArticle=8400302 False Malware,Vulnerability None None CVE Liste - Common Vulnerability Exposure Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29973 www.secnews.physaphae.fr/article.php?IdArticle=8400289 False None None None CVE Liste - Common Vulnerability Exposure Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31581 www.secnews.physaphae.fr/article.php?IdArticle=8400294 False None None None CVE Liste - Common Vulnerability Exposure vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34048 www.secnews.physaphae.fr/article.php?IdArticle=8400297 False Vulnerability None None CVE Liste - Common Vulnerability Exposure light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31580 www.secnews.physaphae.fr/article.php?IdArticle=8400293 False None None None CVE Liste - Common Vulnerability Exposure jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31582 www.secnews.physaphae.fr/article.php?IdArticle=8400295 False None None None CVE Liste - Common Vulnerability Exposure A remote code execution issue exists in HPE OneView.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30912 www.secnews.physaphae.fr/article.php?IdArticle=8400291 False None None None CVE Liste - Common Vulnerability Exposure vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34056 www.secnews.physaphae.fr/article.php?IdArticle=8400298 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27256 www.secnews.physaphae.fr/article.php?IdArticle=8400279 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27262 www.secnews.physaphae.fr/article.php?IdArticle=8400285 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27259 www.secnews.physaphae.fr/article.php?IdArticle=8400282 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26584 www.secnews.physaphae.fr/article.php?IdArticle=8400276 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27257 www.secnews.physaphae.fr/article.php?IdArticle=8400280 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27254 www.secnews.physaphae.fr/article.php?IdArticle=8400277 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26583 www.secnews.physaphae.fr/article.php?IdArticle=8400275 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27376 www.secnews.physaphae.fr/article.php?IdArticle=8400287 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27375 www.secnews.physaphae.fr/article.php?IdArticle=8400286 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27261 www.secnews.physaphae.fr/article.php?IdArticle=8400284 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27377 www.secnews.physaphae.fr/article.php?IdArticle=8400288 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26581 www.secnews.physaphae.fr/article.php?IdArticle=8400273 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27255 www.secnews.physaphae.fr/article.php?IdArticle=8400278 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27260 www.secnews.physaphae.fr/article.php?IdArticle=8400283 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27258 www.secnews.physaphae.fr/article.php?IdArticle=8400281 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26582 www.secnews.physaphae.fr/article.php?IdArticle=8400274 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26572 www.secnews.physaphae.fr/article.php?IdArticle=8400264 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26580 www.secnews.physaphae.fr/article.php?IdArticle=8400272 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26573 www.secnews.physaphae.fr/article.php?IdArticle=8400265 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26575 www.secnews.physaphae.fr/article.php?IdArticle=8400267 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26579 www.secnews.physaphae.fr/article.php?IdArticle=8400271 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26571 www.secnews.physaphae.fr/article.php?IdArticle=8400263 False None None None CVE Liste - Common Vulnerability Exposure Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26577 www.secnews.physaphae.fr/article.php?IdArticle=8400269 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26574 www.secnews.physaphae.fr/article.php?IdArticle=8400266 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26569 www.secnews.physaphae.fr/article.php?IdArticle=8400261 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26570 www.secnews.physaphae.fr/article.php?IdArticle=8400262 False None None None CVE Liste - Common Vulnerability Exposure Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26568 www.secnews.physaphae.fr/article.php?IdArticle=8400260 False None None None CVE Liste - Common Vulnerability Exposure Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26576 www.secnews.physaphae.fr/article.php?IdArticle=8400268 False None None None CVE Liste - Common Vulnerability Exposure Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26578 www.secnews.physaphae.fr/article.php?IdArticle=8400270 False None None None CVE Liste - Common Vulnerability Exposure The Hawk Console and Hawk Agent components of TIBCO Software Inc.\'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26219 www.secnews.physaphae.fr/article.php?IdArticle=8400259 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:24+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25032 www.secnews.physaphae.fr/article.php?IdArticle=8400258 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.]]> 2023-10-25T18:17:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20273 www.secnews.physaphae.fr/article.php?IdArticle=8400256 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.]]> 2023-10-25T18:17:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23767 www.secnews.physaphae.fr/article.php?IdArticle=8400257 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.]]> 2023-10-25T18:17:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1356 www.secnews.physaphae.fr/article.php?IdArticle=8400255 False None None None CVE Liste - Common Vulnerability Exposure A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.]]> 2023-10-25T18:17:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3698 www.secnews.physaphae.fr/article.php?IdArticle=8400251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.]]> 2023-10-25T18:17:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3699 www.secnews.physaphae.fr/article.php?IdArticle=8400252 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.]]> 2023-10-25T18:17:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38484 www.secnews.physaphae.fr/article.php?IdArticle=8400253 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.]]> 2023-10-25T18:17:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38485 www.secnews.physaphae.fr/article.php?IdArticle=8400254 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.]]> 2023-10-25T18:16:54+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0353 www.secnews.physaphae.fr/article.php?IdArticle=8400250 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.]]> 2023-10-24T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46058 www.secnews.physaphae.fr/article.php?IdArticle=8399594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.]]> 2023-10-24T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46059 www.secnews.physaphae.fr/article.php?IdArticle=8399595 False Vulnerability None None CVE Liste - Common Vulnerability Exposure carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).]]> 2023-10-23T23:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33517 www.secnews.physaphae.fr/article.php?IdArticle=8399523 False None None None CVE Liste - Common Vulnerability Exposure The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5633 www.secnews.physaphae.fr/article.php?IdArticle=8399527 False None None None CVE Liste - Common Vulnerability Exposure Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44760 www.secnews.physaphae.fr/article.php?IdArticle=8399525 False Vulnerability None None CVE Liste - Common Vulnerability Exposure kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45998 www.secnews.physaphae.fr/article.php?IdArticle=8399526 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43358 www.secnews.physaphae.fr/article.php?IdArticle=8399524 False Vulnerability None None CVE Liste - Common Vulnerability Exposure UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.]]> 2023-10-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37635 www.secnews.physaphae.fr/article.php?IdArticle=8399492 False None None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.]]> 2023-10-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37636 www.secnews.physaphae.fr/article.php?IdArticle=8399493 False Vulnerability None None CVE Liste - Common Vulnerability Exposure umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.]]> 2023-10-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45966 www.secnews.physaphae.fr/article.php?IdArticle=8399494 False None None None CVE Liste - Common Vulnerability Exposure DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.]]> 2023-10-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27152 www.secnews.physaphae.fr/article.php?IdArticle=8399488 False None None None CVE Liste - Common Vulnerability Exposure In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.]]> 2023-10-23T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46602 www.secnews.physaphae.fr/article.php?IdArticle=8399495 False None None None CVE Liste - Common Vulnerability Exposure In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.]]> 2023-10-23T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46603 www.secnews.physaphae.fr/article.php?IdArticle=8399496 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.]]> 2023-10-23T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33840 www.secnews.physaphae.fr/article.php?IdArticle=8399491 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33837 www.secnews.physaphae.fr/article.php?IdArticle=8399489 False None None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27148 www.secnews.physaphae.fr/article.php?IdArticle=8399486 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22466 www.secnews.physaphae.fr/article.php?IdArticle=8399485 False None None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27149 www.secnews.physaphae.fr/article.php?IdArticle=8399487 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33839 www.secnews.physaphae.fr/article.php?IdArticle=8399490 False None None None CVE Liste - Common Vulnerability Exposure Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.]]> 2023-10-23T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46288 www.secnews.physaphae.fr/article.php?IdArticle=8399454 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.]]> 2023-10-23T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43045 www.secnews.physaphae.fr/article.php?IdArticle=8399453 False None None None CVE Liste - Common Vulnerability Exposure IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.]]> 2023-10-23T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38722 www.secnews.physaphae.fr/article.php?IdArticle=8399452 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.]]> 2023-10-23T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37532 www.secnews.physaphae.fr/article.php?IdArticle=8399410 False None None None CVE Liste - Common Vulnerability Exposure WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.]]> 2023-10-23T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46331 www.secnews.physaphae.fr/article.php?IdArticle=8399414 False None None None CVE Liste - Common Vulnerability Exposure sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt\'s main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46122 www.secnews.physaphae.fr/article.php?IdArticle=8399413 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43067 www.secnews.physaphae.fr/article.php?IdArticle=8399412 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43066 www.secnews.physaphae.fr/article.php?IdArticle=8399411 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46332 www.secnews.physaphae.fr/article.php?IdArticle=8399415 False None None None CVE Liste - Common Vulnerability Exposure Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43074 www.secnews.physaphae.fr/article.php?IdArticle=8399368 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46127 www.secnews.physaphae.fr/article.php?IdArticle=8399369 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5718 www.secnews.physaphae.fr/article.php?IdArticle=8399370 False None None None CVE Liste - Common Vulnerability Exposure Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43065 www.secnews.physaphae.fr/article.php?IdArticle=8399367 False Threat None None CVE Liste - Common Vulnerability Exposure An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42295 www.secnews.physaphae.fr/article.php?IdArticle=8399366 False None None None CVE Liste - Common Vulnerability Exposure Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28797 www.secnews.physaphae.fr/article.php?IdArticle=8399362 False None None None CVE Liste - Common Vulnerability Exposure An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28803 www.secnews.physaphae.fr/article.php?IdArticle=8399363 False None None None CVE Liste - Common Vulnerability Exposure The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26737 www.secnews.physaphae.fr/article.php?IdArticle=8399357 False None None None CVE Liste - Common Vulnerability Exposure An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28804 www.secnews.physaphae.fr/article.php?IdArticle=8399364 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26738 www.secnews.physaphae.fr/article.php?IdArticle=8399358 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28805 www.secnews.physaphae.fr/article.php?IdArticle=8399365 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28793 www.secnews.physaphae.fr/article.php?IdArticle=8399359 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28795 www.secnews.physaphae.fr/article.php?IdArticle=8399360 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26736 www.secnews.physaphae.fr/article.php?IdArticle=8399356 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26735 www.secnews.physaphae.fr/article.php?IdArticle=8399355 False None None None CVE Liste - Common Vulnerability Exposure Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28796 www.secnews.physaphae.fr/article.php?IdArticle=8399361 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.]]> 2023-10-23T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26734 www.secnews.physaphae.fr/article.php?IdArticle=8399354 False None None None CVE Liste - Common Vulnerability Exposure Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availabilty, integrity and confidentaility of the gateways via an authentication bypass by capture-replay.]]> 2023-10-23T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5246 www.secnews.physaphae.fr/article.php?IdArticle=8399326 False None None None CVE Liste - Common Vulnerability Exposure An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.]]> 2023-10-23T07:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43622 www.secnews.physaphae.fr/article.php?IdArticle=8399252 False None None None CVE Liste - Common Vulnerability Exposure Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.]]> 2023-10-23T07:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31122 www.secnews.physaphae.fr/article.php?IdArticle=8399251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request\'s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.]]> 2023-10-23T07:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45802 www.secnews.physaphae.fr/article.php?IdArticle=8399254 False None None None