This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T14:31:41+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-18T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35663 www.secnews.physaphae.fr/article.php?IdArticle=8397457 False None None None CVE Liste - Common Vulnerability Exposure A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.]]> 2023-10-18T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26300 www.secnews.physaphae.fr/article.php?IdArticle=8397423 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.]]> 2023-10-18T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30911 www.secnews.physaphae.fr/article.php?IdArticle=8397424 False None None None CVE Liste - Common Vulnerability Exposure WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings.]]> 2023-10-18T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45912 www.secnews.physaphae.fr/article.php?IdArticle=8397426 False None None None CVE Liste - Common Vulnerability Exposure An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password.]]> 2023-10-18T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45911 www.secnews.physaphae.fr/article.php?IdArticle=8397425 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.]]> 2023-10-18T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20261 www.secnews.physaphae.fr/article.php?IdArticle=8397388 False Vulnerability None None CVE Liste - Common Vulnerability Exposure gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.]]> 2023-10-18T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46009 www.secnews.physaphae.fr/article.php?IdArticle=8397391 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.]]> 2023-10-18T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5642 www.secnews.physaphae.fr/article.php?IdArticle=8397392 False None None None CVE Liste - Common Vulnerability Exposure In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.]]> 2023-10-18T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45383 www.secnews.physaphae.fr/article.php?IdArticle=8397390 False None None None CVE Liste - Common Vulnerability Exposure XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.]]> 2023-10-18T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43250 www.secnews.physaphae.fr/article.php?IdArticle=8397389 False None None None CVE Liste - Common Vulnerability Exposure Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.]]> 2023-10-18T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5631 www.secnews.physaphae.fr/article.php?IdArticle=8397332 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45602 www.secnews.physaphae.fr/article.php?IdArticle=8397326 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45630 www.secnews.physaphae.fr/article.php?IdArticle=8397330 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45632 www.secnews.physaphae.fr/article.php?IdArticle=8397331 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45604 www.secnews.physaphae.fr/article.php?IdArticle=8397327 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30781 www.secnews.physaphae.fr/article.php?IdArticle=8397325 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45628 www.secnews.physaphae.fr/article.php?IdArticle=8397329 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45607 www.secnews.physaphae.fr/article.php?IdArticle=8397328 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45608 www.secnews.physaphae.fr/article.php?IdArticle=8397279 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.]]> 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46007 www.secnews.physaphae.fr/article.php?IdArticle=8397283 False None None None CVE Liste - Common Vulnerability Exposure Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.]]> 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46006 www.secnews.physaphae.fr/article.php?IdArticle=8397282 False None None None CVE Liste - Common Vulnerability Exposure Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.]]> 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46005 www.secnews.physaphae.fr/article.php?IdArticle=8397281 False None None None CVE Liste - Common Vulnerability Exposure Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.]]> 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46004 www.secnews.physaphae.fr/article.php?IdArticle=8397280 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45073 www.secnews.physaphae.fr/article.php?IdArticle=8397278 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45072 www.secnews.physaphae.fr/article.php?IdArticle=8397277 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45070 www.secnews.physaphae.fr/article.php?IdArticle=8397275 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45067 www.secnews.physaphae.fr/article.php?IdArticle=8397274 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45071 www.secnews.physaphae.fr/article.php?IdArticle=8397276 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31217 www.secnews.physaphae.fr/article.php?IdArticle=8397269 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45065 www.secnews.physaphae.fr/article.php?IdArticle=8397273 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description]]> 2023-10-18T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32089 www.secnews.physaphae.fr/article.php?IdArticle=8397272 False None None None CVE Liste - Common Vulnerability Exposure Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation]]> 2023-10-18T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32088 www.secnews.physaphae.fr/article.php?IdArticle=8397271 False None None None CVE Liste - Common Vulnerability Exposure Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation]]> 2023-10-18T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32087 www.secnews.physaphae.fr/article.php?IdArticle=8397270 False None None None CVE Liste - Common Vulnerability Exposure Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.]]> 2023-10-18T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45727 www.secnews.physaphae.fr/article.php?IdArticle=8397240 False None None None CVE Liste - Common Vulnerability Exposure In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6]]> 2023-10-18T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5632 www.secnews.physaphae.fr/article.php?IdArticle=8397193 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45059 www.secnews.physaphae.fr/article.php?IdArticle=8397187 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45057 www.secnews.physaphae.fr/article.php?IdArticle=8397186 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45064 www.secnews.physaphae.fr/article.php?IdArticle=8397189 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45062 www.secnews.physaphae.fr/article.php?IdArticle=8397188 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45056 www.secnews.physaphae.fr/article.php?IdArticle=8397185 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45054 www.secnews.physaphae.fr/article.php?IdArticle=8397184 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45051 www.secnews.physaphae.fr/article.php?IdArticle=8397183 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.]]> 2023-10-18T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4938 www.secnews.physaphae.fr/article.php?IdArticle=8397190 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-18T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45049 www.secnews.physaphae.fr/article.php?IdArticle=8397182 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-18T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5621 www.secnews.physaphae.fr/article.php?IdArticle=8397192 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-18T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25476 www.secnews.physaphae.fr/article.php?IdArticle=8397178 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-18T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45008 www.secnews.physaphae.fr/article.php?IdArticle=8397181 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor\'s position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.]]> 2023-10-18T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42319 www.secnews.physaphae.fr/article.php?IdArticle=8397180 False None None None CVE Liste - Common Vulnerability Exposure The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-18T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5538 www.secnews.physaphae.fr/article.php?IdArticle=8397191 False None None None CVE Liste - Common Vulnerability Exposure The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-18T05:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3254 www.secnews.physaphae.fr/article.php?IdArticle=8397179 False None None None CVE Liste - Common Vulnerability Exposure When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node\'s policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38552 www.secnews.physaphae.fr/article.php?IdArticle=8397080 False Vulnerability None None CVE Liste - Common Vulnerability Exposure This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38546 www.secnews.physaphae.fr/article.php?IdArticle=8397079 False None None None CVE Liste - Common Vulnerability Exposure Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35084 www.secnews.physaphae.fr/article.php?IdArticle=8397077 False None None None CVE Liste - Common Vulnerability Exposure Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Impacts: This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39332 www.secnews.physaphae.fr/article.php?IdArticle=8397082 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39331 www.secnews.physaphae.fr/article.php?IdArticle=8397081 False Vulnerability None None CVE Liste - Common Vulnerability Exposure This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.]]> 2023-10-18T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38545 www.secnews.physaphae.fr/article.php?IdArticle=8397078 False None None None CVE Liste - Common Vulnerability Exposure Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.]]> 2023-10-18T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35083 www.secnews.physaphae.fr/article.php?IdArticle=8397076 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.]]> 2023-10-18T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5626 www.secnews.physaphae.fr/article.php?IdArticle=8397084 False None None None CVE Liste - Common Vulnerability Exposure A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender�.]]> 2023-10-18T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5552 www.secnews.physaphae.fr/article.php?IdArticle=8397083 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45811 www.secnews.physaphae.fr/article.php?IdArticle=8397024 False Vulnerability None None CVE Liste - Common Vulnerability Exposure OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45810 www.secnews.physaphae.fr/article.php?IdArticle=8397023 False None None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41715 www.secnews.physaphae.fr/article.php?IdArticle=8397020 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41712 www.secnews.physaphae.fr/article.php?IdArticle=8397018 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41711 www.secnews.physaphae.fr/article.php?IdArticle=8397017 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42506 www.secnews.physaphae.fr/article.php?IdArticle=8397021 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42507 www.secnews.physaphae.fr/article.php?IdArticle=8397022 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS Use of Hard-coded Password vulnerability in the \'dynHandleBuyToolbar\' demo function.]]> 2023-10-17T23:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41713 www.secnews.physaphae.fr/article.php?IdArticle=8397019 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discovered to contain a buffer overflow via the component /shared/dlt_common.c.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36321 www.secnews.physaphae.fr/article.php?IdArticle=8397008 False None None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39279 www.secnews.physaphae.fr/article.php?IdArticle=8397012 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39276 www.secnews.physaphae.fr/article.php?IdArticle=8397009 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn\'t. The oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 .  To mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables. Specifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. Additionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs. Fix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3042 www.secnews.physaphae.fr/article.php?IdArticle=8397007 False None None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39277 www.secnews.physaphae.fr/article.php?IdArticle=8397010 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39278 www.secnews.physaphae.fr/article.php?IdArticle=8397011 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.]]> 2023-10-17T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39280 www.secnews.physaphae.fr/article.php?IdArticle=8397013 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.]]> 2023-10-17T22:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41629 www.secnews.physaphae.fr/article.php?IdArticle=8397014 False None None None CVE Liste - Common Vulnerability Exposure eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.]]> 2023-10-17T22:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41630 www.secnews.physaphae.fr/article.php?IdArticle=8397015 False Vulnerability None None CVE Liste - Common Vulnerability Exposure eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function.]]> 2023-10-17T22:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41631 www.secnews.physaphae.fr/article.php?IdArticle=8397016 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22121 www.secnews.physaphae.fr/article.php?IdArticle=8396997 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22119 www.secnews.physaphae.fr/article.php?IdArticle=8396996 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22130 www.secnews.physaphae.fr/article.php?IdArticle=8397006 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22128 www.secnews.physaphae.fr/article.php?IdArticle=8397004 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22127 www.secnews.physaphae.fr/article.php?IdArticle=8397003 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22125 www.secnews.physaphae.fr/article.php?IdArticle=8397001 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22124 www.secnews.physaphae.fr/article.php?IdArticle=8397000 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22115 www.secnews.physaphae.fr/article.php?IdArticle=8396993 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22117 www.secnews.physaphae.fr/article.php?IdArticle=8396994 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22123 www.secnews.physaphae.fr/article.php?IdArticle=8396999 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22122 www.secnews.physaphae.fr/article.php?IdArticle=8396998 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22118 www.secnews.physaphae.fr/article.php?IdArticle=8396995 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22126 www.secnews.physaphae.fr/article.php?IdArticle=8397002 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. Note: This vunlerability only affects SPARC Systems. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22129 www.secnews.physaphae.fr/article.php?IdArticle=8397005 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22103 www.secnews.physaphae.fr/article.php?IdArticle=8396981 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22105 www.secnews.physaphae.fr/article.php?IdArticle=8396983 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22114 www.secnews.physaphae.fr/article.php?IdArticle=8396992 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22101 www.secnews.physaphae.fr/article.php?IdArticle=8396979 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22111 www.secnews.physaphae.fr/article.php?IdArticle=8396989 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22108 www.secnews.physaphae.fr/article.php?IdArticle=8396986 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22104 www.secnews.physaphae.fr/article.php?IdArticle=8396982 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22102 www.secnews.physaphae.fr/article.php?IdArticle=8396980 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22112 www.secnews.physaphae.fr/article.php?IdArticle=8396990 False Vulnerability None None