This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-18T11:47:36+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.]]> 2023-10-04T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44075 www.secnews.physaphae.fr/article.php?IdArticle=8391647 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue. Some post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set allowedClasses)` constructor to restrict the allowed classes for deserialization.]]> 2023-10-04T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42809 www.secnews.physaphae.fr/article.php?IdArticle=8391642 False None None None CVE Liste - Common Vulnerability Exposure Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.]]> 2023-10-04T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44210 www.secnews.physaphae.fr/article.php?IdArticle=8391649 False None None None CVE Liste - Common Vulnerability Exposure Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.]]> 2023-10-04T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44209 www.secnews.physaphae.fr/article.php?IdArticle=8391648 False None None None CVE Liste - Common Vulnerability Exposure A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.]]> 2023-10-04T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38537 www.secnews.physaphae.fr/article.php?IdArticle=8391637 False None None None CVE Liste - Common Vulnerability Exposure A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27121 www.secnews.physaphae.fr/article.php?IdArticle=8391594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42824 www.secnews.physaphae.fr/article.php?IdArticle=8391600 False None None None CVE Liste - Common Vulnerability Exposure An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39191 www.secnews.physaphae.fr/article.php?IdArticle=8391598 False None None None CVE Liste - Common Vulnerability Exposure A memory leak flaw was found in Libtiff\'s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3576 www.secnews.physaphae.fr/article.php?IdArticle=8391596 False None None None CVE Liste - Common Vulnerability Exposure Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user\'s try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38701 www.secnews.physaphae.fr/article.php?IdArticle=8391597 False None None None CVE Liste - Common Vulnerability Exposure Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42448 www.secnews.physaphae.fr/article.php?IdArticle=8391599 False None None None CVE Liste - Common Vulnerability Exposure A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. ]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5391 www.secnews.physaphae.fr/article.php?IdArticle=8391601 False None None None CVE Liste - Common Vulnerability Exposure A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3428 www.secnews.physaphae.fr/article.php?IdArticle=8391595 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A?CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\')?vulnerability exists?that could cause?a path traversal issue?when?using the File Command. ]]> 2023-10-04T19:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5399 www.secnews.physaphae.fr/article.php?IdArticle=8391602 False None None None CVE Liste - Common Vulnerability Exposure A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used.]]> 2023-10-04T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5402 www.secnews.physaphae.fr/article.php?IdArticle=8391603 False Vulnerability None None CVE Liste - Common Vulnerability Exposure RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file]]> 2023-10-04T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5371 www.secnews.physaphae.fr/article.php?IdArticle=8391564 False None None None CVE Liste - Common Vulnerability Exposure urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn\'t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\'t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.]]> 2023-10-04T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43804 www.secnews.physaphae.fr/article.php?IdArticle=8391562 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20101 www.secnews.physaphae.fr/article.php?IdArticle=8391559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20259 www.secnews.physaphae.fr/article.php?IdArticle=8391561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.]]> 2023-10-04T17:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20235 www.secnews.physaphae.fr/article.php?IdArticle=8391560 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile\'s avatar.]]> 2023-10-04T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43838 www.secnews.physaphae.fr/article.php?IdArticle=8391563 False Vulnerability None None CVE Liste - Common Vulnerability Exposure TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the \'SqlWhere\' parameter inside the function \'BuscarESM\'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.]]> 2023-10-04T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36276 www.secnews.physaphae.fr/article.php?IdArticle=8391557 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The \'sReferencia\', \'sDescripcion\', \'txtCodigo\' and \'txtDescripcion\' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.]]> 2023-10-04T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36277 www.secnews.physaphae.fr/article.php?IdArticle=8391558 False None None None CVE Liste - Common Vulnerability Exposure Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the \'Garuda settings manager\', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.]]> 2023-10-04T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3784 www.secnews.physaphae.fr/article.php?IdArticle=8391556 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\'s confidentiality, integrity, and availability.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4237 www.secnews.physaphae.fr/article.php?IdArticle=8391519 False None None None CVE Liste - Common Vulnerability Exposure A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4380 www.secnews.physaphae.fr/article.php?IdArticle=8391520 False None None None CVE Liste - Common Vulnerability Exposure A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3665 www.secnews.physaphae.fr/article.php?IdArticle=8391513 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3971 www.secnews.physaphae.fr/article.php?IdArticle=8391514 False None None None CVE Liste - Common Vulnerability Exposure Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.]]> 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5113 www.secnews.physaphae.fr/article.php?IdArticle=8391522 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-04T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40559 www.secnews.physaphae.fr/article.php?IdArticle=8391516 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ** REJECT ** Issue has been found to be non-reproducible, therefore not a viable flaw.]]> 2023-10-04T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4567 www.secnews.physaphae.fr/article.php?IdArticle=8391521 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.]]> 2023-10-04T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5374 www.secnews.physaphae.fr/article.php?IdArticle=8391523 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40561 www.secnews.physaphae.fr/article.php?IdArticle=8391517 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40684 www.secnews.physaphae.fr/article.php?IdArticle=8391518 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43906 www.secnews.physaphae.fr/article.php?IdArticle=8391508 False None None None CVE Liste - Common Vulnerability Exposure IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40376 www.secnews.physaphae.fr/article.php?IdArticle=8391515 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27433 www.secnews.physaphae.fr/article.php?IdArticle=8391512 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1832 www.secnews.physaphae.fr/article.php?IdArticle=8391509 False None None None CVE Liste - Common Vulnerability Exposure Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.]]> 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22515 www.secnews.physaphae.fr/article.php?IdArticle=8391510 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure 2023-10-04T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25025 www.secnews.physaphae.fr/article.php?IdArticle=8391511 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4494 www.secnews.physaphae.fr/article.php?IdArticle=8391468 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5373 www.secnews.physaphae.fr/article.php?IdArticle=8391472 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4496 www.secnews.physaphae.fr/article.php?IdArticle=8391470 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4497 www.secnews.physaphae.fr/article.php?IdArticle=8391471 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.]]> 2023-10-04T13:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4495 www.secnews.physaphae.fr/article.php?IdArticle=8391469 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4492 www.secnews.physaphae.fr/article.php?IdArticle=8391466 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4493 www.secnews.physaphae.fr/article.php?IdArticle=8391467 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.]]> 2023-10-04T13:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4491 www.secnews.physaphae.fr/article.php?IdArticle=8391465 False Vulnerability None None CVE Liste - Common Vulnerability Exposure If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22618 www.secnews.physaphae.fr/article.php?IdArticle=8391456 False None None None CVE Liste - Common Vulnerability Exposure Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44208 www.secnews.physaphae.fr/article.php?IdArticle=8391464 False None None None CVE Liste - Common Vulnerability Exposure Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3037 www.secnews.physaphae.fr/article.php?IdArticle=8391457 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3153 www.secnews.physaphae.fr/article.php?IdArticle=8391459 False None None None CVE Liste - Common Vulnerability Exposure A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4132 www.secnews.physaphae.fr/article.php?IdArticle=8391455 False None None None CVE Liste - Common Vulnerability Exposure An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43261 www.secnews.physaphae.fr/article.php?IdArticle=8391463 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4090 www.secnews.physaphae.fr/article.php?IdArticle=8391462 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3361 www.secnews.physaphae.fr/article.php?IdArticle=8391460 False None Uber None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3038 www.secnews.physaphae.fr/article.php?IdArticle=8391458 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.]]> 2023-10-04T12:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4037 www.secnews.physaphae.fr/article.php?IdArticle=8391461 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4586 www.secnews.physaphae.fr/article.php?IdArticle=8391419 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2809 www.secnews.physaphae.fr/article.php?IdArticle=8391415 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4997 www.secnews.physaphae.fr/article.php?IdArticle=8391420 False None None None CVE Liste - Common Vulnerability Exposure Relative path traversal vulnerability in Setelsa Security\'s ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3512 www.secnews.physaphae.fr/article.php?IdArticle=8391416 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3701 www.secnews.physaphae.fr/article.php?IdArticle=8391417 False Cloud None None CVE Liste - Common Vulnerability Exposure 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37995 www.secnews.physaphae.fr/article.php?IdArticle=8391418 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25980 www.secnews.physaphae.fr/article.php?IdArticle=8391414 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.]]> 2023-10-04T11:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2422 www.secnews.physaphae.fr/article.php?IdArticle=8391411 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-04T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25489 www.secnews.physaphae.fr/article.php?IdArticle=8391412 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.]]> 2023-10-04T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1584 www.secnews.physaphae.fr/article.php?IdArticle=8391410 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-04T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25788 www.secnews.physaphae.fr/article.php?IdArticle=8391413 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.]]> 2023-10-04T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5377 www.secnews.physaphae.fr/article.php?IdArticle=8391421 False None None None CVE Liste - Common Vulnerability Exposure A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.]]> 2023-10-04T09:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44272 www.secnews.physaphae.fr/article.php?IdArticle=8391369 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.]]> 2023-10-04T09:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5375 www.secnews.physaphae.fr/article.php?IdArticle=8391370 False None None None CVE Liste - Common Vulnerability Exposure On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.]]> 2023-10-04T04:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5370 www.secnews.physaphae.fr/article.php?IdArticle=8391288 False None None None CVE Liste - Common Vulnerability Exposure On an msdosfs filesystem, the \'truncate\' or \'ftruncate\' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).]]> 2023-10-04T04:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5368 www.secnews.physaphae.fr/article.php?IdArticle=8391286 False None None None CVE Liste - Common Vulnerability Exposure Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.]]> 2023-10-04T04:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5369 www.secnews.physaphae.fr/article.php?IdArticle=8391287 False None None None CVE Liste - Common Vulnerability Exposure Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30734 www.secnews.physaphae.fr/article.php?IdArticle=8391276 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30733 www.secnews.physaphae.fr/article.php?IdArticle=8391275 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30735 www.secnews.physaphae.fr/article.php?IdArticle=8391277 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30738 www.secnews.physaphae.fr/article.php?IdArticle=8391280 False None None None CVE Liste - Common Vulnerability Exposure Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30736 www.secnews.physaphae.fr/article.php?IdArticle=8391278 False None None None CVE Liste - Common Vulnerability Exposure Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.]]> 2023-10-04T04:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30737 www.secnews.physaphae.fr/article.php?IdArticle=8391279 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.]]> 2023-10-04T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30732 www.secnews.physaphae.fr/article.php?IdArticle=8391274 False None None None CVE Liste - Common Vulnerability Exposure Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.]]> 2023-10-04T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30727 www.secnews.physaphae.fr/article.php?IdArticle=8391272 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.]]> 2023-10-04T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30692 www.secnews.physaphae.fr/article.php?IdArticle=8391271 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.]]> 2023-10-04T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30731 www.secnews.physaphae.fr/article.php?IdArticle=8391273 False None None None CVE Liste - Common Vulnerability Exposure Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.]]> 2023-10-04T04:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30690 www.secnews.physaphae.fr/article.php?IdArticle=8391270 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-04T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5357 www.secnews.physaphae.fr/article.php?IdArticle=8391285 False None None None CVE Liste - Common Vulnerability Exposure The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'AWL-BlogFilter\' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-04T02:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5291 www.secnews.physaphae.fr/article.php?IdArticle=8391284 False None None None CVE Liste - Common Vulnerability Exposure IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.]]> 2023-10-04T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37404 www.secnews.physaphae.fr/article.php?IdArticle=8391283 False None None None CVE Liste - Common Vulnerability Exposure The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.]]> 2023-10-04T02:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3213 www.secnews.physaphae.fr/article.php?IdArticle=8391281 False None None None CVE Liste - Common Vulnerability Exposure IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.]]> 2023-10-04T01:15:50+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35905 www.secnews.physaphae.fr/article.php?IdArticle=8391282 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.]]> 2023-10-04T00:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22447 www.secnews.physaphae.fr/article.php?IdArticle=8391269 False None None None CVE Liste - Common Vulnerability Exposure Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product� (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.]]> 2023-10-03T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39647 www.secnews.physaphae.fr/article.php?IdArticle=8391209 False None None None CVE Liste - Common Vulnerability Exposure Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial� (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.]]> 2023-10-03T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39648 www.secnews.physaphae.fr/article.php?IdArticle=8391210 False None None None CVE Liste - Common Vulnerability Exposure Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.]]> 2023-10-03T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39646 www.secnews.physaphae.fr/article.php?IdArticle=8391208 False None None None CVE Liste - Common Vulnerability Exposure Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider� (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.]]> 2023-10-03T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39649 www.secnews.physaphae.fr/article.php?IdArticle=8391211 False None None None CVE Liste - Common Vulnerability Exposure Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList� (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.]]> 2023-10-03T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39651 www.secnews.physaphae.fr/article.php?IdArticle=8391212 False None None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.]]> 2023-10-03T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44973 www.secnews.physaphae.fr/article.php?IdArticle=8391181 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.]]> 2023-10-03T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43951 www.secnews.physaphae.fr/article.php?IdArticle=8391178 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).]]> 2023-10-03T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33269 www.secnews.physaphae.fr/article.php?IdArticle=8391168 False None None None