This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T16:11:52+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.]]> 2023-10-17T05:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34210 www.secnews.physaphae.fr/article.php?IdArticle=8396657 False None None None CVE Liste - Common Vulnerability Exposure Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.]]> 2023-10-17T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34208 www.secnews.physaphae.fr/article.php?IdArticle=8396577 False None None None CVE Liste - Common Vulnerability Exposure Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.]]> 2023-10-17T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34207 www.secnews.physaphae.fr/article.php?IdArticle=8396576 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.]]> 2023-10-17T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43891 www.secnews.physaphae.fr/article.php?IdArticle=8396573 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.]]> 2023-10-17T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43892 www.secnews.physaphae.fr/article.php?IdArticle=8396574 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43893 www.secnews.physaphae.fr/article.php?IdArticle=8396575 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240452.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43889 www.secnews.physaphae.fr/article.php?IdArticle=8396572 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22380 www.secnews.physaphae.fr/article.php?IdArticle=8396568 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38859 www.secnews.physaphae.fr/article.php?IdArticle=8396565 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22385 www.secnews.physaphae.fr/article.php?IdArticle=8396570 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22386 www.secnews.physaphae.fr/article.php?IdArticle=8396571 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.]]> 2023-10-17T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22375 www.secnews.physaphae.fr/article.php?IdArticle=8396566 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.]]> 2023-10-17T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29913 www.secnews.physaphae.fr/article.php?IdArticle=8396564 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.]]> 2023-10-17T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20581 www.secnews.physaphae.fr/article.php?IdArticle=8396563 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827.]]> 2023-10-17T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22377 www.secnews.physaphae.fr/article.php?IdArticle=8396567 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.]]> 2023-10-17T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22384 www.secnews.physaphae.fr/article.php?IdArticle=8396569 False None None None CVE Liste - Common Vulnerability Exposure Engelsystem is a shift planning system for chaos events. If a users\' password is compromised and an attacker gained access to a users\' account, i.e., logged in and obtained a session, an attackers\' session is not terminated if the users\' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.]]> 2023-10-17T00:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45659 www.secnews.physaphae.fr/article.php?IdArticle=8396583 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.]]> 2023-10-17T00:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45152 www.secnews.physaphae.fr/article.php?IdArticle=8396582 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.]]> 2023-10-17T00:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4215 www.secnews.physaphae.fr/article.php?IdArticle=8396581 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.]]> 2023-10-17T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40372 www.secnews.physaphae.fr/article.php?IdArticle=8396579 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability.]]> 2023-10-17T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-10016 www.secnews.physaphae.fr/article.php?IdArticle=8396562 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.]]> 2023-10-17T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38719 www.secnews.physaphae.fr/article.php?IdArticle=8396578 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.]]> 2023-10-17T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-10004 www.secnews.physaphae.fr/article.php?IdArticle=8396561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.]]> 2023-10-17T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40373 www.secnews.physaphae.fr/article.php?IdArticle=8396580 False None None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.]]> 2023-10-16T23:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30991 www.secnews.physaphae.fr/article.php?IdArticle=8396486 False None None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.]]> 2023-10-16T23:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40374 www.secnews.physaphae.fr/article.php?IdArticle=8396489 False None None None CVE Liste - Common Vulnerability Exposure Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45131 www.secnews.physaphae.fr/article.php?IdArticle=8396496 False None None None CVE Liste - Common Vulnerability Exposure Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44391 www.secnews.physaphae.fr/article.php?IdArticle=8396494 False None None None CVE Liste - Common Vulnerability Exposure Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44388 www.secnews.physaphae.fr/article.php?IdArticle=8396493 False None None None CVE Liste - Common Vulnerability Exposure An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45540 www.secnews.physaphae.fr/article.php?IdArticle=8396497 False None None None CVE Liste - Common Vulnerability Exposure Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43659 www.secnews.physaphae.fr/article.php?IdArticle=8396491 False None None None CVE Liste - Common Vulnerability Exposure MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects\' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`).]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44394 www.secnews.physaphae.fr/article.php?IdArticle=8396495 False None None None CVE Liste - Common Vulnerability Exposure Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43814 www.secnews.physaphae.fr/article.php?IdArticle=8396492 False None None None CVE Liste - Common Vulnerability Exposure OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45807 www.secnews.physaphae.fr/article.php?IdArticle=8396498 False None None None CVE Liste - Common Vulnerability Exposure dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the \'email preview\' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43658 www.secnews.physaphae.fr/article.php?IdArticle=8396490 False None None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.]]> 2023-10-16T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38740 www.secnews.physaphae.fr/article.php?IdArticle=8396488 False None None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.]]> 2023-10-16T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38728 www.secnews.physaphae.fr/article.php?IdArticle=8396487 False None None None CVE Liste - Common Vulnerability Exposure com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.]]> 2023-10-16T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45144 www.secnews.physaphae.fr/article.php?IdArticle=8396424 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user\'s behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.]]> 2023-10-16T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45141 www.secnews.physaphae.fr/article.php?IdArticle=8396423 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.]]> 2023-10-16T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45147 www.secnews.physaphae.fr/article.php?IdArticle=8396425 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability.]]> 2023-10-16T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45128 www.secnews.physaphae.fr/article.php?IdArticle=8396422 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.]]> 2023-10-16T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45542 www.secnews.physaphae.fr/article.php?IdArticle=8396428 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.]]> 2023-10-16T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40852 www.secnews.physaphae.fr/article.php?IdArticle=8396414 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.]]> 2023-10-16T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40851 www.secnews.physaphae.fr/article.php?IdArticle=8396413 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.]]> 2023-10-16T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30987 www.secnews.physaphae.fr/article.php?IdArticle=8396405 False None None None CVE Liste - Common Vulnerability Exposure Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-16T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42459 www.secnews.physaphae.fr/article.php?IdArticle=8396415 False None None None CVE Liste - Common Vulnerability Exposure IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.]]> 2023-10-16T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38720 www.secnews.physaphae.fr/article.php?IdArticle=8396412 False None None None CVE Liste - Common Vulnerability Exposure The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).]]> 2023-10-16T20:15:18+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5561 www.secnews.physaphae.fr/article.php?IdArticle=8396457 False None None None CVE Liste - Common Vulnerability Exposure The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5057 www.secnews.physaphae.fr/article.php?IdArticle=8396451 False None None None CVE Liste - Common Vulnerability Exposure The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5177 www.secnews.physaphae.fr/article.php?IdArticle=8396456 False None None None CVE Liste - Common Vulnerability Exposure The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4933 www.secnews.physaphae.fr/article.php?IdArticle=8396447 False None None None CVE Liste - Common Vulnerability Exposure This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5133 www.secnews.physaphae.fr/article.php?IdArticle=8396454 False None None None CVE Liste - Common Vulnerability Exposure The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4862 www.secnews.physaphae.fr/article.php?IdArticle=8396446 False None None None CVE Liste - Common Vulnerability Exposure The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5089 www.secnews.physaphae.fr/article.php?IdArticle=8396453 False None None None CVE Liste - Common Vulnerability Exposure The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4971 www.secnews.physaphae.fr/article.php?IdArticle=8396449 False None None None CVE Liste - Common Vulnerability Exposure The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5003 www.secnews.physaphae.fr/article.php?IdArticle=8396450 False None None None CVE Liste - Common Vulnerability Exposure The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4861 www.secnews.physaphae.fr/article.php?IdArticle=8396445 False None None None CVE Liste - Common Vulnerability Exposure The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5167 www.secnews.physaphae.fr/article.php?IdArticle=8396455 False None None None CVE Liste - Common Vulnerability Exposure The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4950 www.secnews.physaphae.fr/article.php?IdArticle=8396448 False None None None CVE Liste - Common Vulnerability Exposure The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn\'t prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post\'s header or footer code.]]> 2023-10-16T20:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5087 www.secnews.physaphae.fr/article.php?IdArticle=8396452 False None None None CVE Liste - Common Vulnerability Exposure The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn\'t prevent unauthenticated attackers from updating a post\'s header or footer code on scheduled posts.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4687 www.secnews.physaphae.fr/article.php?IdArticle=8396432 False None None None CVE Liste - Common Vulnerability Exposure The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4800 www.secnews.physaphae.fr/article.php?IdArticle=8396439 False None None None CVE Liste - Common Vulnerability Exposure The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4821 www.secnews.physaphae.fr/article.php?IdArticle=8396444 False None None None CVE Liste - Common Vulnerability Exposure The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4725 www.secnews.physaphae.fr/article.php?IdArticle=8396434 False None None None CVE Liste - Common Vulnerability Exposure The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4691 www.secnews.physaphae.fr/article.php?IdArticle=8396433 False None None None CVE Liste - Common Vulnerability Exposure The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4805 www.secnews.physaphae.fr/article.php?IdArticle=8396440 False None None None CVE Liste - Common Vulnerability Exposure The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4783 www.secnews.physaphae.fr/article.php?IdArticle=8396436 False None None None CVE Liste - Common Vulnerability Exposure The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4819 www.secnews.physaphae.fr/article.php?IdArticle=8396442 False None None None CVE Liste - Common Vulnerability Exposure The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4820 www.secnews.physaphae.fr/article.php?IdArticle=8396443 False None None None CVE Liste - Common Vulnerability Exposure The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4811 www.secnews.physaphae.fr/article.php?IdArticle=8396441 False None None None CVE Liste - Common Vulnerability Exposure The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4795 www.secnews.physaphae.fr/article.php?IdArticle=8396437 False None None None CVE Liste - Common Vulnerability Exposure The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4798 www.secnews.physaphae.fr/article.php?IdArticle=8396438 False None None None CVE Liste - Common Vulnerability Exposure The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.]]> 2023-10-16T20:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4776 www.secnews.physaphae.fr/article.php?IdArticle=8396435 False None None None CVE Liste - Common Vulnerability Exposure Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43118 www.secnews.physaphae.fr/article.php?IdArticle=8396418 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4289 www.secnews.physaphae.fr/article.php?IdArticle=8396416 False None None None CVE Liste - Common Vulnerability Exposure The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4290 www.secnews.physaphae.fr/article.php?IdArticle=8396417 False None None None CVE Liste - Common Vulnerability Exposure Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45150 www.secnews.physaphae.fr/article.php?IdArticle=8396427 False None None None CVE Liste - Common Vulnerability Exposure Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45149 www.secnews.physaphae.fr/article.php?IdArticle=8396426 False None None None CVE Liste - Common Vulnerability Exposure A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43121 www.secnews.physaphae.fr/article.php?IdArticle=8396420 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3746 www.secnews.physaphae.fr/article.php?IdArticle=8396411 False None None None CVE Liste - Common Vulnerability Exposure An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43119 www.secnews.physaphae.fr/article.php?IdArticle=8396419 False None None None CVE Liste - Common Vulnerability Exposure The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4646 www.secnews.physaphae.fr/article.php?IdArticle=8396430 False None None None CVE Liste - Common Vulnerability Exposure The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4388 www.secnews.physaphae.fr/article.php?IdArticle=8396421 False None None None CVE Liste - Common Vulnerability Exposure The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4643 www.secnews.physaphae.fr/article.php?IdArticle=8396429 False None None None CVE Liste - Common Vulnerability Exposure The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE]]> 2023-10-16T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4666 www.secnews.physaphae.fr/article.php?IdArticle=8396431 False None None None CVE Liste - Common Vulnerability Exposure The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue.]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3707 www.secnews.physaphae.fr/article.php?IdArticle=8396410 False None None None CVE Liste - Common Vulnerability Exposure The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3155 www.secnews.physaphae.fr/article.php?IdArticle=8396407 False None None None CVE Liste - Common Vulnerability Exposure The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3154 www.secnews.physaphae.fr/article.php?IdArticle=8396406 False None None None CVE Liste - Common Vulnerability Exposure In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29484 www.secnews.physaphae.fr/article.php?IdArticle=8396404 False None None None CVE Liste - Common Vulnerability Exposure The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3279 www.secnews.physaphae.fr/article.php?IdArticle=8396408 False None None None CVE Liste - Common Vulnerability Exposure The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector]]> 2023-10-16T20:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3706 www.secnews.physaphae.fr/article.php?IdArticle=8396409 False None None None CVE Liste - Common Vulnerability Exposure Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability.]]> 2023-10-16T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45660 www.secnews.physaphae.fr/article.php?IdArticle=8396371 False None None None CVE Liste - Common Vulnerability Exposure WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-16T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45669 www.secnews.physaphae.fr/article.php?IdArticle=8396372 False None None None CVE Liste - Common Vulnerability Exposure github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.]]> 2023-10-16T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45683 www.secnews.physaphae.fr/article.php?IdArticle=8396373 False None None None CVE Liste - Common Vulnerability Exposure silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-16T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40180 www.secnews.physaphae.fr/article.php?IdArticle=8396367 False None None None CVE Liste - Common Vulnerability Exposure Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.]]> 2023-10-16T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45148 www.secnews.physaphae.fr/article.php?IdArticle=8396369 False Cloud None None CVE Liste - Common Vulnerability Exposure An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.]]> 2023-10-16T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43120 www.secnews.physaphae.fr/article.php?IdArticle=8396368 False None None None CVE Liste - Common Vulnerability Exposure Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability.]]> 2023-10-16T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45151 www.secnews.physaphae.fr/article.php?IdArticle=8396370 False Cloud None None CVE Liste - Common Vulnerability Exposure TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.]]> 2023-10-16T18:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45984 www.secnews.physaphae.fr/article.php?IdArticle=8396374 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.]]> 2023-10-16T18:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45985 www.secnews.physaphae.fr/article.php?IdArticle=8396375 False Vulnerability None None