This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-18T17:53:18+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138]]> 2023-10-14T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30994 www.secnews.physaphae.fr/article.php?IdArticle=8395584 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.]]> 2023-10-14T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43740 www.secnews.physaphae.fr/article.php?IdArticle=8395582 False None None None CVE Liste - Common Vulnerability Exposure IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.]]> 2023-10-14T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35024 www.secnews.physaphae.fr/article.php?IdArticle=8395585 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.]]> 2023-10-14T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43868 www.secnews.physaphae.fr/article.php?IdArticle=8395583 False None None None CVE Liste - Common Vulnerability Exposure IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.]]> 2023-10-14T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45176 www.secnews.physaphae.fr/article.php?IdArticle=8395587 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.]]> 2023-10-14T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33165 www.secnews.physaphae.fr/article.php?IdArticle=8395556 False None None None CVE Liste - Common Vulnerability Exposure IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.]]> 2023-10-14T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33161 www.secnews.physaphae.fr/article.php?IdArticle=8395555 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.]]> 2023-10-14T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32755 www.secnews.physaphae.fr/article.php?IdArticle=8395554 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.]]> 2023-10-14T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5582 www.secnews.physaphae.fr/article.php?IdArticle=8395557 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability.]]> 2023-10-14T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5581 www.secnews.physaphae.fr/article.php?IdArticle=8395529 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability.]]> 2023-10-14T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5580 www.secnews.physaphae.fr/article.php?IdArticle=8395528 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144.]]> 2023-10-14T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5579 www.secnews.physaphae.fr/article.php?IdArticle=8395527 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-14T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1259 www.secnews.physaphae.fr/article.php?IdArticle=8395526 False None None None CVE Liste - Common Vulnerability Exposure alerte (document.cookie) mène au script du site croisé. L'attaque peut être lancée à distance. L'exploit a été divulgué au publicet peut être utilisé. L'identifiant associé de cette vulnérabilité est VDB-242143. Remarque: Le fournisseur a été contacté tôt à propos de cette divulgation mais n'a pas répondu de quelque manière que ce soit.

---

A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");\'> alert(document.cookie) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-14T11:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5578 www.secnews.physaphae.fr/article.php?IdArticle=8395501 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn\'t. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.]]> 2023-10-14T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42792 www.secnews.physaphae.fr/article.php?IdArticle=8395499 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.]]> 2023-10-14T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45348 www.secnews.physaphae.fr/article.php?IdArticle=8395500 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.]]> 2023-10-14T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42780 www.secnews.physaphae.fr/article.php?IdArticle=8395498 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.]]> 2023-10-14T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42663 www.secnews.physaphae.fr/article.php?IdArticle=8395497 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.]]> 2023-10-14T05:15:55+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44037 www.secnews.physaphae.fr/article.php?IdArticle=8395469 False None None None CVE Liste - Common Vulnerability Exposure All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.]]> 2023-10-14T05:15:55+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26155 www.secnews.physaphae.fr/article.php?IdArticle=8395468 False None None None CVE Liste - Common Vulnerability Exposure qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.]]> 2023-10-14T05:15:55+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45856 www.secnews.physaphae.fr/article.php?IdArticle=8395471 False None None None CVE Liste - Common Vulnerability Exposure qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.]]> 2023-10-14T05:15:55+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45855 www.secnews.physaphae.fr/article.php?IdArticle=8395470 False None None None CVE Liste - Common Vulnerability Exposure Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the \'id_product\' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.]]> 2023-10-14T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30154 www.secnews.physaphae.fr/article.php?IdArticle=8395407 False None None None CVE Liste - Common Vulnerability Exposure Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.]]> 2023-10-14T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30148 www.secnews.physaphae.fr/article.php?IdArticle=8395406 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.]]> 2023-10-14T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45852 www.secnews.physaphae.fr/article.php?IdArticle=8395409 False None None None CVE Liste - Common Vulnerability Exposure MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.]]> 2023-10-14T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45853 www.secnews.physaphae.fr/article.php?IdArticle=8395410 False None None None CVE Liste - Common Vulnerability Exposure Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot\'s web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.]]> 2023-10-14T00:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45674 www.secnews.physaphae.fr/article.php?IdArticle=8395408 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.]]> 2023-10-13T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4257 www.secnews.physaphae.fr/article.php?IdArticle=8395341 False None None None CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Spoofing Vulnerability]]> 2023-10-13T21:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36559 www.secnews.physaphae.fr/article.php?IdArticle=8395314 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver]]> 2023-10-13T21:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4263 www.secnews.physaphae.fr/article.php?IdArticle=8395315 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later]]> 2023-10-13T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34975 www.secnews.physaphae.fr/article.php?IdArticle=8395311 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later]]> 2023-10-13T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34976 www.secnews.physaphae.fr/article.php?IdArticle=8395312 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later]]> 2023-10-13T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34977 www.secnews.physaphae.fr/article.php?IdArticle=8395313 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later]]> 2023-10-13T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32976 www.secnews.physaphae.fr/article.php?IdArticle=8395310 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later]]> 2023-10-13T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32974 www.secnews.physaphae.fr/article.php?IdArticle=8395309 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later]]> 2023-10-13T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32970 www.secnews.physaphae.fr/article.php?IdArticle=8395307 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later]]> 2023-10-13T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32973 www.secnews.physaphae.fr/article.php?IdArticle=8395308 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.]]> 2023-10-13T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4499 www.secnews.physaphae.fr/article.php?IdArticle=8395240 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.]]> 2023-10-13T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5449 www.secnews.physaphae.fr/article.php?IdArticle=8395245 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.]]> 2023-10-13T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5409 www.secnews.physaphae.fr/article.php?IdArticle=8395244 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T16:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45276 www.secnews.physaphae.fr/article.php?IdArticle=8395243 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T16:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45269 www.secnews.physaphae.fr/article.php?IdArticle=8395241 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T16:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45270 www.secnews.physaphae.fr/article.php?IdArticle=8395242 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.]]> 2023-10-13T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40682 www.secnews.physaphae.fr/article.php?IdArticle=8395239 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A improper limitation of a pathname to a restricted directory (\'path traversal\') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.]]> 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41682 www.secnews.physaphae.fr/article.php?IdArticle=8395203 False None None None CVE Liste - Common Vulnerability Exposure A improper neutralization of input during web page generation (\'cross-site scripting\') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.]]> 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41680 www.secnews.physaphae.fr/article.php?IdArticle=8395201 False None None None CVE Liste - Common Vulnerability Exposure An improper neutralization of input during web page generation (\'cross-site scripting\') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.]]> 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41836 www.secnews.physaphae.fr/article.php?IdArticle=8395204 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45268 www.secnews.physaphae.fr/article.php?IdArticle=8395208 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45267 www.secnews.physaphae.fr/article.php?IdArticle=8395207 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A improper neutralization of input during web page generation (\'cross-site scripting\') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.]]> 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41843 www.secnews.physaphae.fr/article.php?IdArticle=8395205 False None None None CVE Liste - Common Vulnerability Exposure A improper neutralization of input during web page generation (\'cross-site scripting\') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.]]> 2023-10-13T15:15:44+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41681 www.secnews.physaphae.fr/article.php?IdArticle=8395202 False None None None CVE Liste - Common Vulnerability Exposure A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request]]> 2023-10-13T15:15:43+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33303 www.secnews.physaphae.fr/article.php?IdArticle=8395200 False None None None CVE Liste - Common Vulnerability Exposure An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.]]> 2023-10-13T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45393 www.secnews.physaphae.fr/article.php?IdArticle=8395210 False None None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.]]> 2023-10-13T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45391 www.secnews.physaphae.fr/article.php?IdArticle=8395209 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45109 www.secnews.physaphae.fr/article.php?IdArticle=8395206 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4517 www.secnews.physaphae.fr/article.php?IdArticle=8395164 False None None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45464 www.secnews.physaphae.fr/article.php?IdArticle=8395166 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45467 www.secnews.physaphae.fr/article.php?IdArticle=8395169 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5240 www.secnews.physaphae.fr/article.php?IdArticle=8395173 False None None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45466 www.secnews.physaphae.fr/article.php?IdArticle=8395168 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4829 www.secnews.physaphae.fr/article.php?IdArticle=8395171 False None None None CVE Liste - Common Vulnerability Exposure The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'calendly\' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4995 www.secnews.physaphae.fr/article.php?IdArticle=8395172 False None None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45465 www.secnews.physaphae.fr/article.php?IdArticle=8395167 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-13T13:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45468 www.secnews.physaphae.fr/article.php?IdArticle=8395170 False Vulnerability None None CVE Liste - Common Vulnerability Exposure FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.]]> 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29464 www.secnews.physaphae.fr/article.php?IdArticle=8395156 False Threat,Industrial None None CVE Liste - Common Vulnerability Exposure Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.]]> 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39960 www.secnews.physaphae.fr/article.php?IdArticle=8395157 False Cloud None None CVE Liste - Common Vulnerability Exposure 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45108 www.secnews.physaphae.fr/article.php?IdArticle=8395161 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45107 www.secnews.physaphae.fr/article.php?IdArticle=8395160 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.]]> 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45463 www.secnews.physaphae.fr/article.php?IdArticle=8395165 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23173 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this]]> 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45162 www.secnews.physaphae.fr/article.php?IdArticle=8395163 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure Frontier is Substrate\'s Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier\'s maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain\'s limit. This is especially an issue for XCM transactions, because they can\'t be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it\'s recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It\'s recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.]]> 2023-10-13T13:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45130 www.secnews.physaphae.fr/article.php?IdArticle=8395162 False None None None CVE Liste - Common Vulnerability Exposure Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.]]> 2023-10-13T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43079 www.secnews.physaphae.fr/article.php?IdArticle=8395159 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.]]> 2023-10-13T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39999 www.secnews.physaphae.fr/article.php?IdArticle=8395158 False None None None CVE Liste - Common Vulnerability Exposure Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.]]> 2023-10-13T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5573 www.secnews.physaphae.fr/article.php?IdArticle=8395126 False None None None CVE Liste - Common Vulnerability Exposure Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.]]> 2023-10-13T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5571 www.secnews.physaphae.fr/article.php?IdArticle=8395124 False None None None CVE Liste - Common Vulnerability Exposure Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.]]> 2023-10-13T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5572 www.secnews.physaphae.fr/article.php?IdArticle=8395125 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-13T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38000 www.secnews.physaphae.fr/article.php?IdArticle=8395123 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.]]> 2023-10-13T07:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38250 www.secnews.physaphae.fr/article.php?IdArticle=8395092 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.]]> 2023-10-13T07:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38251 www.secnews.physaphae.fr/article.php?IdArticle=8395093 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.]]> 2023-10-13T07:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38249 www.secnews.physaphae.fr/article.php?IdArticle=8395091 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.]]> 2023-10-13T07:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38221 www.secnews.physaphae.fr/article.php?IdArticle=8395090 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.]]> 2023-10-13T07:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38219 www.secnews.physaphae.fr/article.php?IdArticle=8395088 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.]]> 2023-10-13T07:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38218 www.secnews.physaphae.fr/article.php?IdArticle=8395087 False None None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.]]> 2023-10-13T07:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38220 www.secnews.physaphae.fr/article.php?IdArticle=8395089 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.]]> 2023-10-13T07:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26367 www.secnews.physaphae.fr/article.php?IdArticle=8395086 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application\'s path boundary.]]> 2023-10-13T07:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26366 www.secnews.physaphae.fr/article.php?IdArticle=8395085 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.]]> 2023-10-13T02:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5557 www.secnews.physaphae.fr/article.php?IdArticle=8395019 False None None None CVE Liste - Common Vulnerability Exposure Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.]]> 2023-10-13T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4562 www.secnews.physaphae.fr/article.php?IdArticle=8395018 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.]]> 2023-10-13T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42752 www.secnews.physaphae.fr/article.php?IdArticle=8394997 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.]]> 2023-10-13T01:15:56+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5564 www.secnews.physaphae.fr/article.php?IdArticle=8395021 False None None None CVE Liste - Common Vulnerability Exposure The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.]]> 2023-10-13T00:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5563 www.secnews.physaphae.fr/article.php?IdArticle=8395020 False None None None CVE Liste - Common Vulnerability Exposure An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;]]> 2023-10-13T00:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44204 www.secnews.physaphae.fr/article.php?IdArticle=8395017 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44185 www.secnews.physaphae.fr/article.php?IdArticle=8395005 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44201 www.secnews.physaphae.fr/article.php?IdArticle=8395015 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44199 www.secnews.physaphae.fr/article.php?IdArticle=8395014 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn\'t not affected Junos OS Evolved versions prior to 21.3R1-EVO.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44195 www.secnews.physaphae.fr/article.php?IdArticle=8395010 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44192 www.secnews.physaphae.fr/article.php?IdArticle=8395007 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44203 www.secnews.physaphae.fr/article.php?IdArticle=8395016 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn\'t not affected releases prior to 20.4R1.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44198 www.secnews.physaphae.fr/article.php?IdArticle=8395013 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.]]> 2023-10-13T00:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44197 www.secnews.physaphae.fr/article.php?IdArticle=8395012 False Vulnerability None None