This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T19:14:10+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22102 www.secnews.physaphae.fr/article.php?IdArticle=8396980 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22103 www.secnews.physaphae.fr/article.php?IdArticle=8396981 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22101 www.secnews.physaphae.fr/article.php?IdArticle=8396979 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22112 www.secnews.physaphae.fr/article.php?IdArticle=8396990 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22110 www.secnews.physaphae.fr/article.php?IdArticle=8396988 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22094 www.secnews.physaphae.fr/article.php?IdArticle=8396972 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22100 www.secnews.physaphae.fr/article.php?IdArticle=8396978 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22089 www.secnews.physaphae.fr/article.php?IdArticle=8396967 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22088 www.secnews.physaphae.fr/article.php?IdArticle=8396966 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22095 www.secnews.physaphae.fr/article.php?IdArticle=8396973 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22091 www.secnews.physaphae.fr/article.php?IdArticle=8396969 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22099 www.secnews.physaphae.fr/article.php?IdArticle=8396977 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecruitment accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22093 www.secnews.physaphae.fr/article.php?IdArticle=8396971 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22098 www.secnews.physaphae.fr/article.php?IdArticle=8396976 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22087 www.secnews.physaphae.fr/article.php?IdArticle=8396965 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22092 www.secnews.physaphae.fr/article.php?IdArticle=8396970 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22097 www.secnews.physaphae.fr/article.php?IdArticle=8396975 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22090 www.secnews.physaphae.fr/article.php?IdArticle=8396968 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).]]> 2023-10-17T22:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22096 www.secnews.physaphae.fr/article.php?IdArticle=8396974 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22083 www.secnews.physaphae.fr/article.php?IdArticle=8396961 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22084 www.secnews.physaphae.fr/article.php?IdArticle=8396962 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22076 www.secnews.physaphae.fr/article.php?IdArticle=8396954 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22078 www.secnews.physaphae.fr/article.php?IdArticle=8396956 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22079 www.secnews.physaphae.fr/article.php?IdArticle=8396957 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22082 www.secnews.physaphae.fr/article.php?IdArticle=8396960 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22077 www.secnews.physaphae.fr/article.php?IdArticle=8396955 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22081 www.secnews.physaphae.fr/article.php?IdArticle=8396959 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22085 www.secnews.physaphae.fr/article.php?IdArticle=8396963 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22075 www.secnews.physaphae.fr/article.php?IdArticle=8396953 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22074 www.secnews.physaphae.fr/article.php?IdArticle=8396952 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22086 www.secnews.physaphae.fr/article.php?IdArticle=8396964 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22080 www.secnews.physaphae.fr/article.php?IdArticle=8396958 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22073 www.secnews.physaphae.fr/article.php?IdArticle=8396951 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22067 www.secnews.physaphae.fr/article.php?IdArticle=8396945 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22070 www.secnews.physaphae.fr/article.php?IdArticle=8396948 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22065 www.secnews.physaphae.fr/article.php?IdArticle=8396943 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22032 www.secnews.physaphae.fr/article.php?IdArticle=8396940 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22069 www.secnews.physaphae.fr/article.php?IdArticle=8396947 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22064 www.secnews.physaphae.fr/article.php?IdArticle=8396942 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22066 www.secnews.physaphae.fr/article.php?IdArticle=8396944 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22029 www.secnews.physaphae.fr/article.php?IdArticle=8396939 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22028 www.secnews.physaphae.fr/article.php?IdArticle=8396938 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22059 www.secnews.physaphae.fr/article.php?IdArticle=8396941 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22072 www.secnews.physaphae.fr/article.php?IdArticle=8396950 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22068 www.secnews.physaphae.fr/article.php?IdArticle=8396946 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L).]]> 2023-10-17T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22071 www.secnews.physaphae.fr/article.php?IdArticle=8396949 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22026 www.secnews.physaphae.fr/article.php?IdArticle=8396937 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).]]> 2023-10-17T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22025 www.secnews.physaphae.fr/article.php?IdArticle=8396936 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).]]> 2023-10-17T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22019 www.secnews.physaphae.fr/article.php?IdArticle=8396935 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).]]> 2023-10-17T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22015 www.secnews.physaphae.fr/article.php?IdArticle=8396934 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database. This vulnerability has been addressed in version 0.111.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-141`.]]> 2023-10-17T21:15:46+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43794 www.secnews.physaphae.fr/article.php?IdArticle=8396904 False Vulnerability None None CVE Liste - Common Vulnerability Exposure lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.]]> 2023-10-17T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45951 www.secnews.physaphae.fr/article.php?IdArticle=8396906 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.]]> 2023-10-17T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45952 www.secnews.physaphae.fr/article.php?IdArticle=8396907 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.]]> 2023-10-17T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4896 www.secnews.physaphae.fr/article.php?IdArticle=8396908 False Vulnerability None None CVE Liste - Common Vulnerability Exposure urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\'t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\'t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\'t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\'t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.]]> 2023-10-17T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45803 www.secnews.physaphae.fr/article.php?IdArticle=8396905 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.]]> 2023-10-17T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27133 www.secnews.physaphae.fr/article.php?IdArticle=8396843 False None None None CVE Liste - Common Vulnerability Exposure TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.]]> 2023-10-17T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27132 www.secnews.physaphae.fr/article.php?IdArticle=8396842 False None None None CVE Liste - Common Vulnerability Exposure An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.]]> 2023-10-17T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37537 www.secnews.physaphae.fr/article.php?IdArticle=8396803 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45907 www.secnews.physaphae.fr/article.php?IdArticle=8396811 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45906 www.secnews.physaphae.fr/article.php?IdArticle=8396810 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45901 www.secnews.physaphae.fr/article.php?IdArticle=8396805 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45905 www.secnews.physaphae.fr/article.php?IdArticle=8396809 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45902 www.secnews.physaphae.fr/article.php?IdArticle=8396806 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45904 www.secnews.physaphae.fr/article.php?IdArticle=8396808 False None None None CVE Liste - Common Vulnerability Exposure Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.]]> 2023-10-17T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45903 www.secnews.physaphae.fr/article.php?IdArticle=8396807 False None None None CVE Liste - Common Vulnerability Exposure An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.]]> 2023-10-17T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43959 www.secnews.physaphae.fr/article.php?IdArticle=8396804 False None None None CVE Liste - Common Vulnerability Exposure An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.]]> 2023-10-17T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20598 www.secnews.physaphae.fr/article.php?IdArticle=8396802 False None None None CVE Liste - Common Vulnerability Exposure An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.]]> 2023-10-17T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44824 www.secnews.physaphae.fr/article.php?IdArticle=8396760 False None None None CVE Liste - Common Vulnerability Exposure Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).]]> 2023-10-17T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43776 www.secnews.physaphae.fr/article.php?IdArticle=8396758 False None None None CVE Liste - Common Vulnerability Exposure Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. ]]> 2023-10-17T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43777 www.secnews.physaphae.fr/article.php?IdArticle=8396759 False None None None CVE Liste - Common Vulnerability Exposure OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials]]> 2023-10-17T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3761 www.secnews.physaphae.fr/article.php?IdArticle=8396754 False None None None CVE Liste - Common Vulnerability Exposure Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.]]> 2023-10-17T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42627 www.secnews.physaphae.fr/article.php?IdArticle=8396756 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45007 www.secnews.physaphae.fr/article.php?IdArticle=8396763 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page\'s ‘Content’ text field.]]> 2023-10-17T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42628 www.secnews.physaphae.fr/article.php?IdArticle=8396757 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45006 www.secnews.physaphae.fr/article.php?IdArticle=8396762 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45004 www.secnews.physaphae.fr/article.php?IdArticle=8396761 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.]]> 2023-10-17T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39902 www.secnews.physaphae.fr/article.php?IdArticle=8396755 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45010 www.secnews.physaphae.fr/article.php?IdArticle=8396712 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45003 www.secnews.physaphae.fr/article.php?IdArticle=8396710 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44990 www.secnews.physaphae.fr/article.php?IdArticle=8396709 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. ]]> 2023-10-17T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5522 www.secnews.physaphae.fr/article.php?IdArticle=8396714 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-17T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45005 www.secnews.physaphae.fr/article.php?IdArticle=8396711 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. ]]> 2023-10-17T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5339 www.secnews.physaphae.fr/article.php?IdArticle=8396713 False None None None CVE Liste - Common Vulnerability Exposure Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module\'s OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.]]> 2023-10-17T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44311 www.secnews.physaphae.fr/article.php?IdArticle=8396708 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page\'s "Name" text field.]]> 2023-10-17T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44310 www.secnews.physaphae.fr/article.php?IdArticle=8396707 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.]]> 2023-10-17T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44309 www.secnews.physaphae.fr/article.php?IdArticle=8396664 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary\'s \'description\' text field.]]> 2023-10-17T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42629 www.secnews.physaphae.fr/article.php?IdArticle=8396662 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-17T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24385 www.secnews.physaphae.fr/article.php?IdArticle=8396655 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.]]> 2023-10-17T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4399 www.secnews.physaphae.fr/article.php?IdArticle=8396663 False None None None CVE Liste - Common Vulnerability Exposure Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.]]> 2023-10-17T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42497 www.secnews.physaphae.fr/article.php?IdArticle=8396661 False Vulnerability None None CVE Liste - Common Vulnerability Exposure On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.]]> 2023-10-17T07:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4089 www.secnews.physaphae.fr/article.php?IdArticle=8396659 False None None None CVE Liste - Common Vulnerability Exposure Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.]]> 2023-10-17T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41752 www.secnews.physaphae.fr/article.php?IdArticle=8396660 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.]]> 2023-10-17T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39456 www.secnews.physaphae.fr/article.php?IdArticle=8396658 False Vulnerability None None CVE Liste - Common Vulnerability Exposure D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.]]> 2023-10-17T06:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44693 www.secnews.physaphae.fr/article.php?IdArticle=8396665 False None None None CVE Liste - Common Vulnerability Exposure D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.]]> 2023-10-17T06:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44694 www.secnews.physaphae.fr/article.php?IdArticle=8396666 False None None None CVE Liste - Common Vulnerability Exposure Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.]]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45357 www.secnews.physaphae.fr/article.php?IdArticle=8396667 False None None None CVE Liste - Common Vulnerability Exposure In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().\']]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45386 www.secnews.physaphae.fr/article.php?IdArticle=8396670 False None None None CVE Liste - Common Vulnerability Exposure SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.]]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34210 www.secnews.physaphae.fr/article.php?IdArticle=8396657 False None None None CVE Liste - Common Vulnerability Exposure In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`]]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45375 www.secnews.physaphae.fr/article.php?IdArticle=8396669 False None None None CVE Liste - Common Vulnerability Exposure Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.]]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34209 www.secnews.physaphae.fr/article.php?IdArticle=8396656 False None None None