This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T03:07:18+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure A session fixation vulnerability in South River Technologies\' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server\'s authentication if they can trick an administrator into authorizating a session id of their choosing]]> 2023-10-16T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45687 www.secnews.physaphae.fr/article.php?IdArticle=8396336 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Default file permissions on South River Technologies\' Titan MFT and Titan SFTP servers on Linux allows a user that\'s authentication to the OS to read sensitive files on the filesystem]]> 2023-10-16T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45690 www.secnews.physaphae.fr/article.php?IdArticle=8396339 False None None None CVE Liste - Common Vulnerability Exposure Lack of sufficient path validation in South River Technologies\' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal]]> 2023-10-16T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45689 www.secnews.physaphae.fr/article.php?IdArticle=8396338 False None None None CVE Liste - Common Vulnerability Exposure Lack of sufficient path validation in South River Technologies\' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command]]> 2023-10-16T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45688 www.secnews.physaphae.fr/article.php?IdArticle=8396337 False None None None CVE Liste - Common Vulnerability Exposure Insufficient path validation when writing a file via WebDAV in South River Technologies\' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal]]> 2023-10-16T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45686 www.secnews.physaphae.fr/article.php?IdArticle=8396335 False None None None CVE Liste - Common Vulnerability Exposure Insufficient path validation when extracting a zip archive in South River Technologies\' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal]]> 2023-10-16T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45685 www.secnews.physaphae.fr/article.php?IdArticle=8396334 False None None None CVE Liste - Common Vulnerability Exposure Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory  Cisco will provide updates on the status of this investigation and when a software patch is available.]]> 2023-10-16T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20198 www.secnews.physaphae.fr/article.php?IdArticle=8396333 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T15:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46087 www.secnews.physaphae.fr/article.php?IdArticle=8396301 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.]]> 2023-10-16T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5575 www.secnews.physaphae.fr/article.php?IdArticle=8396302 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44987 www.secnews.physaphae.fr/article.php?IdArticle=8396259 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46066 www.secnews.physaphae.fr/article.php?IdArticle=8396260 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45836 www.secnews.physaphae.fr/article.php?IdArticle=8396218 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45763 www.secnews.physaphae.fr/article.php?IdArticle=8396216 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45831 www.secnews.physaphae.fr/article.php?IdArticle=8396217 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45753 www.secnews.physaphae.fr/article.php?IdArticle=8396215 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44984 www.secnews.physaphae.fr/article.php?IdArticle=8396203 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45752 www.secnews.physaphae.fr/article.php?IdArticle=8396214 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44986 www.secnews.physaphae.fr/article.php?IdArticle=8396205 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45748 www.secnews.physaphae.fr/article.php?IdArticle=8396212 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44985 www.secnews.physaphae.fr/article.php?IdArticle=8396204 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45749 www.secnews.physaphae.fr/article.php?IdArticle=8396213 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T11:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44229 www.secnews.physaphae.fr/article.php?IdArticle=8396201 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.]]> 2023-10-16T10:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4457 www.secnews.physaphae.fr/article.php?IdArticle=8396202 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.]]> 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3991 www.secnews.physaphae.fr/article.php?IdArticle=8396200 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45643 www.secnews.physaphae.fr/article.php?IdArticle=8396209 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45641 www.secnews.physaphae.fr/article.php?IdArticle=8396207 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45647 www.secnews.physaphae.fr/article.php?IdArticle=8396211 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45645 www.secnews.physaphae.fr/article.php?IdArticle=8396210 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45639 www.secnews.physaphae.fr/article.php?IdArticle=8396206 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T10:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45642 www.secnews.physaphae.fr/article.php?IdArticle=8396208 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.]]> 2023-10-16T09:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5422 www.secnews.physaphae.fr/article.php?IdArticle=8396161 False None None None CVE Liste - Common Vulnerability Exposure Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.]]> 2023-10-16T09:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5595 www.secnews.physaphae.fr/article.php?IdArticle=8396162 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45653 www.secnews.physaphae.fr/article.php?IdArticle=8396151 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4620 www.secnews.physaphae.fr/article.php?IdArticle=8396156 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45656 www.secnews.physaphae.fr/article.php?IdArticle=8396154 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45651 www.secnews.physaphae.fr/article.php?IdArticle=8396150 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45655 www.secnews.physaphae.fr/article.php?IdArticle=8396153 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4834 www.secnews.physaphae.fr/article.php?IdArticle=8396159 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45654 www.secnews.physaphae.fr/article.php?IdArticle=8396152 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45638 www.secnews.physaphae.fr/article.php?IdArticle=8396148 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45650 www.secnews.physaphae.fr/article.php?IdArticle=8396149 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4822 www.secnews.physaphae.fr/article.php?IdArticle=8396157 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5421 www.secnews.physaphae.fr/article.php?IdArticle=8396160 False None None None CVE Liste - Common Vulnerability Exposure The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4827 www.secnews.physaphae.fr/article.php?IdArticle=8396158 False None None None CVE Liste - Common Vulnerability Exposure Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2411 3. disable rpcz feature]]> 2023-10-16T09:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45757 www.secnews.physaphae.fr/article.php?IdArticle=8396155 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45273 www.secnews.physaphae.fr/article.php?IdArticle=8396134 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... .   Users are advised to upgrade to Apache InLong\'s 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8604]]> 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43668 www.secnews.physaphae.fr/article.php?IdArticle=8396130 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45274 www.secnews.physaphae.fr/article.php?IdArticle=8396135 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong\'s 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628]]> 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43667 www.secnews.physaphae.fr/article.php?IdArticle=8396129 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong\'s 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8623]]> 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43666 www.secnews.physaphae.fr/article.php?IdArticle=8396128 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.]]> 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3392 www.secnews.physaphae.fr/article.php?IdArticle=8396119 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45606 www.secnews.physaphae.fr/article.php?IdArticle=8396146 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45629 www.secnews.physaphae.fr/article.php?IdArticle=8396147 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.]]> 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38059 www.secnews.physaphae.fr/article.php?IdArticle=8396127 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-16T09:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45605 www.secnews.physaphae.fr/article.php?IdArticle=8396145 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.]]> 2023-10-16T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45158 www.secnews.physaphae.fr/article.php?IdArticle=8396133 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function.]]> 2023-10-16T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45579 www.secnews.physaphae.fr/article.php?IdArticle=8396143 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.]]> 2023-10-16T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45580 www.secnews.physaphae.fr/article.php?IdArticle=8396144 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45576 www.secnews.physaphae.fr/article.php?IdArticle=8396140 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21413 www.secnews.physaphae.fr/article.php?IdArticle=8396116 False None None None CVE Liste - Common Vulnerability Exposure NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21414 www.secnews.physaphae.fr/article.php?IdArticle=8396117 False None None None CVE Liste - Common Vulnerability Exposure Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21415 www.secnews.physaphae.fr/article.php?IdArticle=8396118 False None None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45578 www.secnews.physaphae.fr/article.php?IdArticle=8396142 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.]]> 2023-10-16T07:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45577 www.secnews.physaphae.fr/article.php?IdArticle=8396141 False None None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function.]]> 2023-10-16T06:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45573 www.secnews.physaphae.fr/article.php?IdArticle=8396137 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.]]> 2023-10-16T06:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45575 www.secnews.physaphae.fr/article.php?IdArticle=8396139 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.]]> 2023-10-16T06:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45574 www.secnews.physaphae.fr/article.php?IdArticle=8396138 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function.]]> 2023-10-16T06:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45572 www.secnews.physaphae.fr/article.php?IdArticle=8396136 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-16T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36955 www.secnews.physaphae.fr/article.php?IdArticle=8396126 False None None None CVE Liste - Common Vulnerability Exposure D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.]]> 2023-10-16T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44809 www.secnews.physaphae.fr/article.php?IdArticle=8396132 False None None None CVE Liste - Common Vulnerability Exposure D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.]]> 2023-10-16T06:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44808 www.secnews.physaphae.fr/article.php?IdArticle=8396131 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.]]> 2023-10-16T06:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36950 www.secnews.physaphae.fr/article.php?IdArticle=8396122 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.]]> 2023-10-16T06:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36953 www.secnews.physaphae.fr/article.php?IdArticle=8396124 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.]]> 2023-10-16T06:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36954 www.secnews.physaphae.fr/article.php?IdArticle=8396125 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.]]> 2023-10-16T05:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36952 www.secnews.physaphae.fr/article.php?IdArticle=8396123 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.]]> 2023-10-16T05:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36947 www.secnews.physaphae.fr/article.php?IdArticle=8396121 False None None None CVE Liste - Common Vulnerability Exposure TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.]]> 2023-10-16T05:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36340 www.secnews.physaphae.fr/article.php?IdArticle=8396120 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-16T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40790 www.secnews.physaphae.fr/article.php?IdArticle=8396038 False None None None CVE Liste - Common Vulnerability Exposure extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.]]> 2023-10-16T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40791 www.secnews.physaphae.fr/article.php?IdArticle=8396039 False None None None CVE Liste - Common Vulnerability Exposure The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.]]> 2023-10-16T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45898 www.secnews.physaphae.fr/article.php?IdArticle=8396040 False None None None CVE Liste - Common Vulnerability Exposure IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740.]]> 2023-10-16T02:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38280 www.secnews.physaphae.fr/article.php?IdArticle=8396036 False None None None CVE Liste - Common Vulnerability Exposure SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.]]> 2023-10-16T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5591 www.secnews.physaphae.fr/article.php?IdArticle=8396041 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.]]> 2023-10-16T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33836 www.secnews.physaphae.fr/article.php?IdArticle=8396033 False None None None CVE Liste - Common Vulnerability Exposure Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.]]> 2023-10-16T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40377 www.secnews.physaphae.fr/article.php?IdArticle=8396037 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.]]> 2023-10-16T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35018 www.secnews.physaphae.fr/article.php?IdArticle=8396035 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.]]> 2023-10-16T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35013 www.secnews.physaphae.fr/article.php?IdArticle=8396034 False None None None CVE Liste - Common Vulnerability Exposure A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.]]> 2023-10-16T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48612 www.secnews.physaphae.fr/article.php?IdArticle=8396032 False Vulnerability None None CVE Liste - Common Vulnerability Exposure NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.]]> 2023-10-15T23:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5590 www.secnews.physaphae.fr/article.php?IdArticle=8395969 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.]]> 2023-10-15T23:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5589 www.secnews.physaphae.fr/article.php?IdArticle=8395968 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.]]> 2023-10-15T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5588 www.secnews.physaphae.fr/article.php?IdArticle=8395967 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.]]> 2023-10-15T22:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5587 www.secnews.physaphae.fr/article.php?IdArticle=8395966 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.]]> 2023-10-15T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38312 www.secnews.physaphae.fr/article.php?IdArticle=8395914 False Vulnerability None None CVE Liste - Common Vulnerability Exposure urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).]]> 2023-10-15T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25091 www.secnews.physaphae.fr/article.php?IdArticle=8395913 False None None None CVE Liste - Common Vulnerability Exposure IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.]]> 2023-10-15T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40378 www.secnews.physaphae.fr/article.php?IdArticle=8395723 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.]]> 2023-10-15T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45871 www.secnews.physaphae.fr/article.php?IdArticle=8395724 False None None None CVE Liste - Common Vulnerability Exposure NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.]]> 2023-10-15T01:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5586 www.secnews.physaphae.fr/article.php?IdArticle=8395726 False None None None CVE Liste - Common Vulnerability Exposure confirm (document.cookie) conduit à des scripts croisés du site. L'attaque peut être initiée à distance. L'exploit a été divulgué au public et peut être utilisé.VDB-242170 est l'identifiant attribué à cette vulnérabilité.

---

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input ">confirm (document.cookie) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.]]> 2023-10-15T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5585 www.secnews.physaphae.fr/article.php?IdArticle=8395725 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.]]> 2023-10-14T21:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45862 www.secnews.physaphae.fr/article.php?IdArticle=8395637 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.]]> 2023-10-14T21:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45863 www.secnews.physaphae.fr/article.php?IdArticle=8395638 False None None None CVE Liste - Common Vulnerability Exposure IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.]]> 2023-10-14T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40367 www.secnews.physaphae.fr/article.php?IdArticle=8395586 False Vulnerability None None