This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T23:14:28+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."]]> 2023-11-06T06:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38406 www.secnews.physaphae.fr/article.php?IdArticle=8406562 False None None None CVE Liste - Common Vulnerability Exposure Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.]]> 2023-11-06T06:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47253 www.secnews.physaphae.fr/article.php?IdArticle=8406588 False None None None CVE Liste - Common Vulnerability Exposure Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.]]> 2023-11-06T05:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4625 www.secnews.physaphae.fr/article.php?IdArticle=8406576 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.]]> 2023-11-06T04:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32839 www.secnews.physaphae.fr/article.php?IdArticle=8406557 False None None None CVE Liste - Common Vulnerability Exposure In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).]]> 2023-11-06T04:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32840 www.secnews.physaphae.fr/article.php?IdArticle=8406558 False None None None CVE Liste - Common Vulnerability Exposure In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.]]> 2023-11-06T04:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32838 www.secnews.physaphae.fr/article.php?IdArticle=8406556 False None None None CVE Liste - Common Vulnerability Exposure In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32837 www.secnews.physaphae.fr/article.php?IdArticle=8406555 False None None None CVE Liste - Common Vulnerability Exposure In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32818 www.secnews.physaphae.fr/article.php?IdArticle=8406549 False None None None CVE Liste - Common Vulnerability Exposure In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20702 www.secnews.physaphae.fr/article.php?IdArticle=8406544 False None None None CVE Liste - Common Vulnerability Exposure In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32835 www.secnews.physaphae.fr/article.php?IdArticle=8406553 False None None None CVE Liste - Common Vulnerability Exposure In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32832 www.secnews.physaphae.fr/article.php?IdArticle=8406551 False None None None CVE Liste - Common Vulnerability Exposure In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32834 www.secnews.physaphae.fr/article.php?IdArticle=8406552 False None None None CVE Liste - Common Vulnerability Exposure In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32825 www.secnews.physaphae.fr/article.php?IdArticle=8406550 False None None None CVE Liste - Common Vulnerability Exposure In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725.]]> 2023-11-06T04:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32836 www.secnews.physaphae.fr/article.php?IdArticle=8406554 False None None None CVE Liste - Common Vulnerability Exposure e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.]]> 2023-11-06T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802 www.secnews.physaphae.fr/article.php?IdArticle=8406579 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.]]> 2023-11-06T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25093 www.secnews.physaphae.fr/article.php?IdArticle=8406535 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).]]> 2023-11-06T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47272 www.secnews.physaphae.fr/article.php?IdArticle=8406446 False None None None CVE Liste - Common Vulnerability Exposure PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.]]> 2023-11-06T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47271 www.secnews.physaphae.fr/article.php?IdArticle=8406445 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.]]> 2023-11-05T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25092 www.secnews.physaphae.fr/article.php?IdArticle=8406428 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.]]> 2023-11-05T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20187 www.secnews.physaphae.fr/article.php?IdArticle=8406427 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.]]> 2023-11-05T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47259 www.secnews.physaphae.fr/article.php?IdArticle=8406141 False None None None CVE Liste - Common Vulnerability Exposure Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.]]> 2023-11-05T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47260 www.secnews.physaphae.fr/article.php?IdArticle=8406142 False None None None CVE Liste - Common Vulnerability Exposure Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.]]> 2023-11-05T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47258 www.secnews.physaphae.fr/article.php?IdArticle=8406140 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.]]> 2023-11-05T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46964 www.secnews.physaphae.fr/article.php?IdArticle=8406137 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.]]> 2023-11-05T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47249 www.secnews.physaphae.fr/article.php?IdArticle=8406139 False None None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.]]> 2023-11-05T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46981 www.secnews.physaphae.fr/article.php?IdArticle=8406138 False Vulnerability None None CVE Liste - Common Vulnerability Exposure LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.]]> 2023-11-04T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46382 www.secnews.physaphae.fr/article.php?IdArticle=8406023 False None None None CVE Liste - Common Vulnerability Exposure An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.]]> 2023-11-04T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46963 www.secnews.physaphae.fr/article.php?IdArticle=8406024 False None None None CVE Liste - Common Vulnerability Exposure kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().]]> 2023-11-04T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40922 www.secnews.physaphae.fr/article.php?IdArticle=8406020 False Vulnerability None None CVE Liste - Common Vulnerability Exposure LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.]]> 2023-11-04T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46380 www.secnews.physaphae.fr/article.php?IdArticle=8406021 False None None None CVE Liste - Common Vulnerability Exposure LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.]]> 2023-11-04T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46381 www.secnews.physaphae.fr/article.php?IdArticle=8406022 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40215 www.secnews.physaphae.fr/article.php?IdArticle=8405693 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38391 www.secnews.physaphae.fr/article.php?IdArticle=8405692 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35910 www.secnews.physaphae.fr/article.php?IdArticle=8405691 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32741 www.secnews.physaphae.fr/article.php?IdArticle=8405690 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.]]> 2023-11-03T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36677 www.secnews.physaphae.fr/article.php?IdArticle=8405603 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.]]> 2023-11-03T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45189 www.secnews.physaphae.fr/article.php?IdArticle=8405604 False Vulnerability,Threat,Cloud None None CVE Liste - Common Vulnerability Exposure An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.]]> 2023-11-03T21:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47235 www.secnews.physaphae.fr/article.php?IdArticle=8405565 False None None None CVE Liste - Common Vulnerability Exposure The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.]]> 2023-11-03T21:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47233 www.secnews.physaphae.fr/article.php?IdArticle=8405563 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).]]> 2023-11-03T21:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47234 www.secnews.physaphae.fr/article.php?IdArticle=8405564 False None None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41725 www.secnews.physaphae.fr/article.php?IdArticle=8405561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41726 www.secnews.physaphae.fr/article.php?IdArticle=8405562 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43554 www.secnews.physaphae.fr/article.php?IdArticle=8405558 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43555 www.secnews.physaphae.fr/article.php?IdArticle=8405559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client\'s API server credentials to third parties.]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3172 www.secnews.physaphae.fr/article.php?IdArticle=8405557 False None None None CVE Liste - Common Vulnerability Exposure A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44569 www.secnews.physaphae.fr/article.php?IdArticle=8405560 False None None None CVE Liste - Common Vulnerability Exposure A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.]]> 2023-11-03T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3893 www.secnews.physaphae.fr/article.php?IdArticle=8405517 False None Uber None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36529 www.secnews.physaphae.fr/article.php?IdArticle=8405471 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25990 www.secnews.physaphae.fr/article.php?IdArticle=8405467 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23368 www.secnews.physaphae.fr/article.php?IdArticle=8405463 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25800 www.secnews.physaphae.fr/article.php?IdArticle=8405466 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34179 www.secnews.physaphae.fr/article.php?IdArticle=8405470 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25700 www.secnews.physaphae.fr/article.php?IdArticle=8405465 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121 www.secnews.physaphae.fr/article.php?IdArticle=8405468 False Spam,Vulnerability None None CVE Liste - Common Vulnerability Exposure A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39301 www.secnews.physaphae.fr/article.php?IdArticle=8405473 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23369 www.secnews.physaphae.fr/article.php?IdArticle=8405464 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39299 www.secnews.physaphae.fr/article.php?IdArticle=8405472 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32508 www.secnews.physaphae.fr/article.php?IdArticle=8405469 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-03T16:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46404 www.secnews.physaphae.fr/article.php?IdArticle=8405474 False None None None CVE Liste - Common Vulnerability Exposure An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.]]> 2023-11-03T16:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46980 www.secnews.physaphae.fr/article.php?IdArticle=8405475 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.]]> 2023-11-03T16:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46818 www.secnews.physaphae.fr/article.php?IdArticle=8405462 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \'current_group_id\' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.]]> 2023-11-03T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5946 www.secnews.physaphae.fr/article.php?IdArticle=8405419 False None None None CVE Liste - Common Vulnerability Exposure A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM\'s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.]]> 2023-11-03T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 www.secnews.physaphae.fr/article.php?IdArticle=8405418 False None None None CVE Liste - Common Vulnerability Exposure The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'slider\' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5707 www.secnews.physaphae.fr/article.php?IdArticle=8405371 False None None None CVE Liste - Common Vulnerability Exposure The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5945 www.secnews.physaphae.fr/article.php?IdArticle=8405372 False None None None CVE Liste - Common Vulnerability Exposure A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3961 www.secnews.physaphae.fr/article.php?IdArticle=8405366 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46808 www.secnews.physaphae.fr/article.php?IdArticle=8405357 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Subrion 4.2.1 has a remote command execution vulnerability in the backend.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46947 www.secnews.physaphae.fr/article.php?IdArticle=8405370 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46859 www.secnews.physaphae.fr/article.php?IdArticle=8405358 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47426 www.secnews.physaphae.fr/article.php?IdArticle=8405359 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45805 www.secnews.physaphae.fr/article.php?IdArticle=8405356 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25960 www.secnews.physaphae.fr/article.php?IdArticle=8405362 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47445 www.secnews.physaphae.fr/article.php?IdArticle=8405360 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26015 www.secnews.physaphae.fr/article.php?IdArticle=8405363 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41652 www.secnews.physaphae.fr/article.php?IdArticle=8405367 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user\'s email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin\'s team 30 days ago.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3277 www.secnews.physaphae.fr/article.php?IdArticle=8405364 False None None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34383 www.secnews.physaphae.fr/article.php?IdArticle=8405365 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4592 www.secnews.physaphae.fr/article.php?IdArticle=8405369 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47588 www.secnews.physaphae.fr/article.php?IdArticle=8405361 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.]]> 2023-11-03T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4591 www.secnews.physaphae.fr/article.php?IdArticle=8405368 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.]]> 2023-11-03T11:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4768 www.secnews.physaphae.fr/article.php?IdArticle=8405304 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.]]> 2023-11-03T11:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4767 www.secnews.physaphae.fr/article.php?IdArticle=8405303 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.]]> 2023-11-03T11:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4769 www.secnews.physaphae.fr/article.php?IdArticle=8405305 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.]]> 2023-11-03T09:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4043 www.secnews.physaphae.fr/article.php?IdArticle=8405218 False Threat None None CVE Liste - Common Vulnerability Exposure A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.]]> 2023-11-03T09:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1476 www.secnews.physaphae.fr/article.php?IdArticle=8405216 False None None None CVE Liste - Common Vulnerability Exposure Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.]]> 2023-11-03T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5824 www.secnews.physaphae.fr/article.php?IdArticle=8405251 False None None None CVE Liste - Common Vulnerability Exposure Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.]]> 2023-11-03T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46847 www.secnews.physaphae.fr/article.php?IdArticle=8405248 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba\'s permissions.]]> 2023-11-03T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4091 www.secnews.physaphae.fr/article.php?IdArticle=8405219 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.]]> 2023-11-03T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46848 www.secnews.physaphae.fr/article.php?IdArticle=8405249 False None None None CVE Liste - Common Vulnerability Exposure SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.]]> 2023-11-03T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46846 www.secnews.physaphae.fr/article.php?IdArticle=8405247 False None None None CVE Liste - Common Vulnerability Exposure A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba\'s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.]]> 2023-11-03T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42670 www.secnews.physaphae.fr/article.php?IdArticle=8405238 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.]]> 2023-11-03T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1194 www.secnews.physaphae.fr/article.php?IdArticle=8405215 False None None None CVE Liste - Common Vulnerability Exposure Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.]]> 2023-11-03T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41357 www.secnews.physaphae.fr/article.php?IdArticle=8405236 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure NCSIST ManageEngine Mobile Device Manager(MDM) APP\'s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.]]> 2023-11-03T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41344 www.secnews.physaphae.fr/article.php?IdArticle=8405224 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-11-03T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5763 www.secnews.physaphae.fr/article.php?IdArticle=8405250 False None None None CVE Liste - Common Vulnerability Exposure Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.]]> 2023-11-03T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5948 www.secnews.physaphae.fr/article.php?IdArticle=8405252 False None None None CVE Liste - Common Vulnerability Exposure NCSIST ManageEngine Mobile Device Manager(MDM) APP\'s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.]]> 2023-11-03T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41356 www.secnews.physaphae.fr/article.php?IdArticle=8405235 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.]]> 2023-11-03T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41353 www.secnews.physaphae.fr/article.php?IdArticle=8405232 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.]]> 2023-11-03T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41355 www.secnews.physaphae.fr/article.php?IdArticle=8405234 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.]]> 2023-11-03T06:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41354 www.secnews.physaphae.fr/article.php?IdArticle=8405233 False Vulnerability,Threat None None