This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-24T11:50:59+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub\'s code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45823 www.secnews.physaphae.fr/article.php?IdArticle=8397934 False None None None CVE Liste - Common Vulnerability Exposure An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27793 www.secnews.physaphae.fr/article.php?IdArticle=8397923 False None None None CVE Liste - Common Vulnerability Exposure An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30132 www.secnews.physaphae.fr/article.php?IdArticle=8397926 False None None None CVE Liste - Common Vulnerability Exposure Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub\'s code base a security researcher identified a bug in which the `registryIsDockerHub` function was only checking that the registry domain had the `docker.io` suffix. Artifact Hub allows providing some Docker credentials that are used to increase the rate limit applied when interacting with the Docker Hub registry API to read publicly available content. Due to the incorrect check described above, it\'d be possible to hijack those credentials by purchasing a domain which ends with `docker.io` and deploying a fake OCI registry on it. uses some credentials that only have permissions to read public content available in the Docker Hub. However, even though credentials for private repositories (disabled on `artifacthub.io`) are handled in a different way, other Artifact Hub deployments could have been using them for a different purpose. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45821 www.secnews.physaphae.fr/article.php?IdArticle=8397932 False None None None CVE Liste - Common Vulnerability Exposure Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub\'s code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45822 www.secnews.physaphae.fr/article.php?IdArticle=8397933 False None None None CVE Liste - Common Vulnerability Exposure An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27792 www.secnews.physaphae.fr/article.php?IdArticle=8397922 False None None None CVE Liste - Common Vulnerability Exposure An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30131 www.secnews.physaphae.fr/article.php?IdArticle=8397925 False None None None CVE Liste - Common Vulnerability Exposure An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.]]> 2023-10-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27795 www.secnews.physaphae.fr/article.php?IdArticle=8397924 False None None None CVE Liste - Common Vulnerability Exposure In Weintek\'s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.]]> 2023-10-19T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43492 www.secnews.physaphae.fr/article.php?IdArticle=8397930 False None None None CVE Liste - Common Vulnerability Exposure In Weintek\'s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.]]> 2023-10-19T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38584 www.secnews.physaphae.fr/article.php?IdArticle=8397928 False None None None CVE Liste - Common Vulnerability Exposure In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().`]]> 2023-10-19T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45376 www.secnews.physaphae.fr/article.php?IdArticle=8397931 False None None None CVE Liste - Common Vulnerability Exposure In Weintek\'s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.]]> 2023-10-19T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40145 www.secnews.physaphae.fr/article.php?IdArticle=8397929 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim\'s device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices).]]> 2023-10-19T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30633 www.secnews.physaphae.fr/article.php?IdArticle=8397927 False Malware None None CVE Liste - Common Vulnerability Exposure TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.]]> 2023-10-19T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42150 www.secnews.physaphae.fr/article.php?IdArticle=8397920 False None None None CVE Liste - Common Vulnerability Exposure An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.]]> 2023-10-19T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27791 www.secnews.physaphae.fr/article.php?IdArticle=8397921 False None None None CVE Liste - Common Vulnerability Exposure Leantime is an open source project management system. A \'userId\' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45826 www.secnews.physaphae.fr/article.php?IdArticle=8397880 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal.]]> 2023-10-19T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45992 www.secnews.physaphae.fr/article.php?IdArticle=8397881 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using `fmt.Errorf("something went wrong (credentials: %q)", credentials)` during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read sensitive information (i.e. credentials) information and use it to get access to the database. ydb-go-sdk contains this problem in versions from v3.48.6 to v3.53.2. The fix for this problem has been released in version v3.53.3. Users are advised to upgrade. Users unable to upgrade should implement the `fmt.Stringer` interface in your custom credentials type with explicit stringify of object state.]]> 2023-10-19T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45825 www.secnews.physaphae.fr/article.php?IdArticle=8397879 False None None None CVE Liste - Common Vulnerability Exposure The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41089 www.secnews.physaphae.fr/article.php?IdArticle=8397872 False None None None CVE Liste - Common Vulnerability Exposure The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41088 www.secnews.physaphae.fr/article.php?IdArticle=8397871 False None None None CVE Liste - Common Vulnerability Exposure The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42666 www.secnews.physaphae.fr/article.php?IdArticle=8397874 False None None None CVE Liste - Common Vulnerability Exposure Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45820 www.secnews.physaphae.fr/article.php?IdArticle=8397878 False None None None CVE Liste - Common Vulnerability Exposure The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the \'hostname\' parameter of the vulnerable software.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40153 www.secnews.physaphae.fr/article.php?IdArticle=8397870 False None None None CVE Liste - Common Vulnerability Exposure DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43986 www.secnews.physaphae.fr/article.php?IdArticle=8397875 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45809 www.secnews.physaphae.fr/article.php?IdArticle=8397877 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42435 www.secnews.physaphae.fr/article.php?IdArticle=8397873 False None None None CVE Liste - Common Vulnerability Exposure In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`]]> 2023-10-19T19:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45381 www.secnews.physaphae.fr/article.php?IdArticle=8397876 False None None None CVE Liste - Common Vulnerability Exposure Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.]]> 2023-10-19T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39431 www.secnews.physaphae.fr/article.php?IdArticle=8397869 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.]]> 2023-10-19T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38128 www.secnews.physaphae.fr/article.php?IdArticle=8397868 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.]]> 2023-10-19T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35986 www.secnews.physaphae.fr/article.php?IdArticle=8397866 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.]]> 2023-10-19T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38127 www.secnews.physaphae.fr/article.php?IdArticle=8397867 False None None None CVE Liste - Common Vulnerability Exposure Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.]]> 2023-10-19T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5059 www.secnews.physaphae.fr/article.php?IdArticle=8397882 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.]]> 2023-10-19T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34366 www.secnews.physaphae.fr/article.php?IdArticle=8397865 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.]]> 2023-10-19T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45277 www.secnews.physaphae.fr/article.php?IdArticle=8397832 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.]]> 2023-10-19T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35126 www.secnews.physaphae.fr/article.php?IdArticle=8397831 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.]]> 2023-10-19T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45281 www.secnews.physaphae.fr/article.php?IdArticle=8397834 False None None None CVE Liste - Common Vulnerability Exposure Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.]]> 2023-10-19T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45278 www.secnews.physaphae.fr/article.php?IdArticle=8397833 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ** REJECT ** This CVE is a duplicate of another CVE.]]> 2023-10-19T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45665 www.secnews.physaphae.fr/article.php?IdArticle=8397835 False None None None CVE Liste - Common Vulnerability Exposure ** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.]]> 2023-10-19T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46033 www.secnews.physaphae.fr/article.php?IdArticle=8397836 False None None None CVE Liste - Common Vulnerability Exposure Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.]]> 2023-10-19T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47583 www.secnews.physaphae.fr/article.php?IdArticle=8397830 False None None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35186 www.secnews.physaphae.fr/article.php?IdArticle=8397795 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35187 www.secnews.physaphae.fr/article.php?IdArticle=8397796 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46042 www.secnews.physaphae.fr/article.php?IdArticle=8397798 False None None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35182 www.secnews.physaphae.fr/article.php?IdArticle=8397791 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43251 www.secnews.physaphae.fr/article.php?IdArticle=8397797 False None None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35185 www.secnews.physaphae.fr/article.php?IdArticle=8397794 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35184 www.secnews.physaphae.fr/article.php?IdArticle=8397793 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35183 www.secnews.physaphae.fr/article.php?IdArticle=8397792 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The React Developer Tools extension registers a message listener with window.addEventListener(\'message\', ) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim\'s browser.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5654 www.secnews.physaphae.fr/article.php?IdArticle=8397799 False Tool None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.]]> 2023-10-19T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35180 www.secnews.physaphae.fr/article.php?IdArticle=8397789 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.]]> 2023-10-19T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35181 www.secnews.physaphae.fr/article.php?IdArticle=8397790 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server\'s filesystem.]]> 2023-10-19T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31046 www.secnews.physaphae.fr/article.php?IdArticle=8397788 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.]]> 2023-10-19T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45883 www.secnews.physaphae.fr/article.php?IdArticle=8397745 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.]]> 2023-10-19T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43252 www.secnews.physaphae.fr/article.php?IdArticle=8397742 False None None None CVE Liste - Common Vulnerability Exposure 5.0.7 et 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php]]> 2023-10-19T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45384 www.secnews.physaphae.fr/article.php?IdArticle=8397744 False None None None CVE Liste - Common Vulnerability Exposure In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.]]> 2023-10-19T13:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45379 www.secnews.physaphae.fr/article.php?IdArticle=8397743 False None None None CVE Liste - Common Vulnerability Exposure Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).]]> 2023-10-19T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37830 www.secnews.physaphae.fr/article.php?IdArticle=8397741 False None None None CVE Liste - Common Vulnerability Exposure Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong\'s 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814]]> 2023-10-19T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46227 www.secnews.physaphae.fr/article.php?IdArticle=8397703 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.]]> 2023-10-19T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27813 www.secnews.physaphae.fr/article.php?IdArticle=8397702 False None None None CVE Liste - Common Vulnerability Exposure The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25334 www.secnews.physaphae.fr/article.php?IdArticle=8397698 False None None None CVE Liste - Common Vulnerability Exposure Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24404 www.secnews.physaphae.fr/article.php?IdArticle=8397695 False None None None CVE Liste - Common Vulnerability Exposure The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26943 www.secnews.physaphae.fr/article.php?IdArticle=8397701 False Prediction None None CVE Liste - Common Vulnerability Exposure Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24401 www.secnews.physaphae.fr/article.php?IdArticle=8397693 False None None None CVE Liste - Common Vulnerability Exposure The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25332 www.secnews.physaphae.fr/article.php?IdArticle=8397696 False None None None CVE Liste - Common Vulnerability Exposure The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25333 www.secnews.physaphae.fr/article.php?IdArticle=8397697 False None None None CVE Liste - Common Vulnerability Exposure The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26942 www.secnews.physaphae.fr/article.php?IdArticle=8397700 False None None None CVE Liste - Common Vulnerability Exposure A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26941 www.secnews.physaphae.fr/article.php?IdArticle=8397699 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.]]> 2023-10-19T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24402 www.secnews.physaphae.fr/article.php?IdArticle=8397694 False None None None CVE Liste - Common Vulnerability Exposure A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.]]> 2023-10-19T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24400 www.secnews.physaphae.fr/article.php?IdArticle=8397692 False Prediction None None CVE Liste - Common Vulnerability Exposure There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .]]> 2023-10-19T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25753 www.secnews.physaphae.fr/article.php?IdArticle=8397644 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content]]> 2023-10-19T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34050 www.secnews.physaphae.fr/article.php?IdArticle=8397645 False None None None CVE Liste - Common Vulnerability Exposure The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.]]> 2023-10-19T06:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5254 www.secnews.physaphae.fr/article.php?IdArticle=8397651 False None None None CVE Liste - Common Vulnerability Exposure The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account.]]> 2023-10-19T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5212 www.secnews.physaphae.fr/article.php?IdArticle=8397649 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-19T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5241 www.secnews.physaphae.fr/article.php?IdArticle=8397650 False None None None CVE Liste - Common Vulnerability Exposure The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-19T06:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5204 www.secnews.physaphae.fr/article.php?IdArticle=8397648 False None None None CVE Liste - Common Vulnerability Exposure zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c.]]> 2023-10-19T05:15:58+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46228 www.secnews.physaphae.fr/article.php?IdArticle=8397646 False None None None CVE Liste - Common Vulnerability Exposure LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.]]> 2023-10-19T05:15:58+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46229 www.secnews.physaphae.fr/article.php?IdArticle=8397647 False None None None CVE Liste - Common Vulnerability Exposure HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.]]> 2023-10-19T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37503 www.secnews.physaphae.fr/article.php?IdArticle=8397553 False None None None CVE Liste - Common Vulnerability Exposure The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'tmfshortcode\' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-19T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5639 www.secnews.physaphae.fr/article.php?IdArticle=8397558 False None None None CVE Liste - Common Vulnerability Exposure The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'wcj_image\' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-19T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5638 www.secnews.physaphae.fr/article.php?IdArticle=8397557 False None None None CVE Liste - Common Vulnerability Exposure The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-19T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5336 www.secnews.physaphae.fr/article.php?IdArticle=8397556 False None None None CVE Liste - Common Vulnerability Exposure The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.]]> 2023-10-19T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4645 www.secnews.physaphae.fr/article.php?IdArticle=8397555 False None None None CVE Liste - Common Vulnerability Exposure HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.]]> 2023-10-19T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37504 www.secnews.physaphae.fr/article.php?IdArticle=8397554 False None None None CVE Liste - Common Vulnerability Exposure Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.]]> 2023-10-19T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34441 www.secnews.physaphae.fr/article.php?IdArticle=8397551 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.]]> 2023-10-19T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36857 www.secnews.physaphae.fr/article.php?IdArticle=8397552 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.]]> 2023-10-19T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34437 www.secnews.physaphae.fr/article.php?IdArticle=8397550 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active code that can be executed by the server or by a user\'s web browser.]]> 2023-10-18T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37502 www.secnews.physaphae.fr/article.php?IdArticle=8397491 False None None None CVE Liste - Common Vulnerability Exposure zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.]]> 2023-10-18T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45909 www.secnews.physaphae.fr/article.php?IdArticle=8397497 False None None None CVE Liste - Common Vulnerability Exposure The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi-part response is sent. When users send queries to the router that uses the `@defer` or Subscriptions, the Router will panic. To be vulnerable, users of Router must have a coprocessor with `coprocessor.supergraph.response` configured in their `router.yaml` and also to support either `@defer` or Subscriptions. Apollo Router version 1.33.0 has a fix for this vulnerability which was introduced in PR #4014. Users are advised to upgrade. Users unable to upgrade should avoid using the coprocessor supergraph response or disable defer and subscriptions support and continue to use the coprocessor supergraph response.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45812 www.secnews.physaphae.fr/article.php?IdArticle=8397495 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45146 www.secnews.physaphae.fr/article.php?IdArticle=8397494 False None None None CVE Liste - Common Vulnerability Exposure Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45958 www.secnews.physaphae.fr/article.php?IdArticle=8397498 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43800 www.secnews.physaphae.fr/article.php?IdArticle=8397492 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP DELETE request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43801 www.secnews.physaphae.fr/article.php?IdArticle=8397493 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum\'s `AuthenticationService` only supported injecting `IUser`s. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting `IToken`s into endpoints was added. All was well until 4.0. Bunkum 4.0 then changed to enforce relations between `IToken`s and `IUser`s. This wasn\'t implemented in a very good way in the `AuthenticationService`, and ended up breaking caching in such a way that cached tokens would persist after the lifetime of the request - since we tried to cache both tokens and users. From that point until now, from what I understand, Bunkum was attempting to use that cached token at the start of the next request once cached. Naturally, when that token expired, downstream projects like Refresh would remove the object from Realm - and cause the object in the cache to be in a detached state, causing an exception from invalid use of `IToken.User`. So in other words, a use-after-free since Realm can\'t manage the lifetime of the cached token. Security-wise, the scope is fairly limited, can only be pulled off on a couple endpoints given a few conditions, and you can\'t guarantee which token you\'re going to get. Also, the token *would* get invalidated properly if the endpoint had either a `IToken` usage or a `IUser` usage. The fix is to just wipe the token cache after the request was handled, which is now in `4.2.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-18T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45814 www.secnews.physaphae.fr/article.php?IdArticle=8397496 False None None None CVE Liste - Common Vulnerability Exposure Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-18T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45813 www.secnews.physaphae.fr/article.php?IdArticle=8397461 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-18T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43803 www.secnews.physaphae.fr/article.php?IdArticle=8397459 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-18T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43802 www.secnews.physaphae.fr/article.php?IdArticle=8397458 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.]]> 2023-10-18T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45145 www.secnews.physaphae.fr/article.php?IdArticle=8397460 False None None None CVE Liste - Common Vulnerability Exposure A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.]]> 2023-10-18T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4601 www.secnews.physaphae.fr/article.php?IdArticle=8397462 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-18T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35663 www.secnews.physaphae.fr/article.php?IdArticle=8397457 False None None None