This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T20:57:50+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'status\' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45334 www.secnews.physaphae.fr/article.php?IdArticle=8404803 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'type\' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45339 www.secnews.physaphae.fr/article.php?IdArticle=8404808 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'price\' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45324 www.secnews.physaphae.fr/article.php?IdArticle=8404793 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'name\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45327 www.secnews.physaphae.fr/article.php?IdArticle=8404796 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29047 www.secnews.physaphae.fr/article.php?IdArticle=8404786 False None None None CVE Liste - Common Vulnerability Exposure Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29044 www.secnews.physaphae.fr/article.php?IdArticle=8404783 False None None None CVE Liste - Common Vulnerability Exposure Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29043 www.secnews.physaphae.fr/article.php?IdArticle=8404782 False None None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'password\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45328 www.secnews.physaphae.fr/article.php?IdArticle=8404797 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42802 www.secnews.physaphae.fr/article.php?IdArticle=8404791 False None None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'address\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45325 www.secnews.physaphae.fr/article.php?IdArticle=8404794 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'name\' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45323 www.secnews.physaphae.fr/article.php?IdArticle=8404792 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29045 www.secnews.physaphae.fr/article.php?IdArticle=8404784 False None None None CVE Liste - Common Vulnerability Exposure Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'email\' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45326 www.secnews.physaphae.fr/article.php?IdArticle=8404795 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.]]> 2023-11-02T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29046 www.secnews.physaphae.fr/article.php?IdArticle=8404785 False None None None CVE Liste - Common Vulnerability Exposure Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.]]> 2023-11-02T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26456 www.secnews.physaphae.fr/article.php?IdArticle=8404781 False None None None CVE Liste - Common Vulnerability Exposure Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.]]> 2023-11-02T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26454 www.secnews.physaphae.fr/article.php?IdArticle=8404779 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.]]> 2023-11-02T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26452 www.secnews.physaphae.fr/article.php?IdArticle=8404777 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.]]> 2023-11-02T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26453 www.secnews.physaphae.fr/article.php?IdArticle=8404778 False Vulnerability None None CVE Liste - Common Vulnerability Exposure RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.]]> 2023-11-02T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26455 www.secnews.physaphae.fr/article.php?IdArticle=8404780 False None None None CVE Liste - Common Vulnerability Exposure A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.]]> 2023-11-02T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46475 www.secnews.physaphae.fr/article.php?IdArticle=8404731 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.]]> 2023-11-02T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43336 www.secnews.physaphae.fr/article.php?IdArticle=8404730 False None None None CVE Liste - Common Vulnerability Exposure Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.]]> 2023-11-02T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43193 www.secnews.physaphae.fr/article.php?IdArticle=8404729 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.]]> 2023-11-02T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5918 www.secnews.physaphae.fr/article.php?IdArticle=8404733 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site\'s server which may make remote code execution possible.]]> 2023-11-02T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5860 www.secnews.physaphae.fr/article.php?IdArticle=8404732 False None None None CVE Liste - Common Vulnerability Exposure A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.]]> 2023-11-02T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 www.secnews.physaphae.fr/article.php?IdArticle=8404728 False None None None CVE Liste - Common Vulnerability Exposure Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.]]> 2023-11-02T11:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43087 www.secnews.physaphae.fr/article.php?IdArticle=8404684 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.]]> 2023-11-02T11:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43076 www.secnews.physaphae.fr/article.php?IdArticle=8404683 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.]]> 2023-11-02T11:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5917 www.secnews.physaphae.fr/article.php?IdArticle=8404686 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.]]> 2023-11-02T11:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5916 www.secnews.physaphae.fr/article.php?IdArticle=8404685 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.]]> 2023-11-02T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5920 www.secnews.physaphae.fr/article.php?IdArticle=8404634 False None None None CVE Liste - Common Vulnerability Exposure Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.]]> 2023-11-02T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5876 www.secnews.physaphae.fr/article.php?IdArticle=8404633 False None None None CVE Liste - Common Vulnerability Exposure The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.]]> 2023-11-02T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5606 www.secnews.physaphae.fr/article.php?IdArticle=8404631 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server]]> 2023-11-02T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5875 www.secnews.physaphae.fr/article.php?IdArticle=8404632 False None None None CVE Liste - Common Vulnerability Exposure Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks.]]> 2023-11-02T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46595 www.secnews.physaphae.fr/article.php?IdArticle=8404628 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.]]> 2023-11-02T06:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46695 www.secnews.physaphae.fr/article.php?IdArticle=8404629 False None None None CVE Liste - Common Vulnerability Exposure Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.]]> 2023-11-02T06:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47204 www.secnews.physaphae.fr/article.php?IdArticle=8404630 False None None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'username\' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45018 www.secnews.physaphae.fr/article.php?IdArticle=8404522 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'category\' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45019 www.secnews.physaphae.fr/article.php?IdArticle=8404523 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.]]> 2023-11-02T03:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5408 www.secnews.physaphae.fr/article.php?IdArticle=8404529 False None Uber None CVE Liste - Common Vulnerability Exposure Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].]]> 2023-11-02T03:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46327 www.secnews.physaphae.fr/article.php?IdArticle=8404528 False None None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'destination\' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45017 www.secnews.physaphae.fr/article.php?IdArticle=8404521 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'source\' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45016 www.secnews.physaphae.fr/article.php?IdArticle=8404520 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'bus_id\' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45014 www.secnews.physaphae.fr/article.php?IdArticle=8404518 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'user_email\' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45012 www.secnews.physaphae.fr/article.php?IdArticle=8404516 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'user_query\' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45013 www.secnews.physaphae.fr/article.php?IdArticle=8404517 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'date\' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45015 www.secnews.physaphae.fr/article.php?IdArticle=8404519 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'feedback\' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45112 www.secnews.physaphae.fr/article.php?IdArticle=8404525 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'email\' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45111 www.secnews.physaphae.fr/article.php?IdArticle=8404524 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'name\' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45113 www.secnews.physaphae.fr/article.php?IdArticle=8404526 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'subject\' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-11-02T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45114 www.secnews.physaphae.fr/article.php?IdArticle=8404527 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input alert(1) leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-11-02T00:15:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5910 www.secnews.physaphae.fr/article.php?IdArticle=8404530 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The \'q\' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.]]> 2023-11-01T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45203 www.secnews.physaphae.fr/article.php?IdArticle=8404431 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.]]> 2023-11-01T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44954 www.secnews.physaphae.fr/article.php?IdArticle=8404428 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The \'q\' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.]]> 2023-11-01T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45202 www.secnews.physaphae.fr/article.php?IdArticle=8404430 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.]]> 2023-11-01T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39281 www.secnews.physaphae.fr/article.php?IdArticle=8404426 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.]]> 2023-11-01T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44025 www.secnews.physaphae.fr/article.php?IdArticle=8404427 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The \'q\' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.]]> 2023-11-01T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45201 www.secnews.physaphae.fr/article.php?IdArticle=8404429 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.]]> 2023-11-01T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46448 www.secnews.physaphae.fr/article.php?IdArticle=8404432 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file.]]> 2023-11-01T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46428 www.secnews.physaphae.fr/article.php?IdArticle=8404386 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\'s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.]]> 2023-11-01T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46724 www.secnews.physaphae.fr/article.php?IdArticle=8404387 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.]]> 2023-11-01T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1192 www.secnews.physaphae.fr/article.php?IdArticle=8404383 False None None None CVE Liste - Common Vulnerability Exposure A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.]]> 2023-11-01T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 www.secnews.physaphae.fr/article.php?IdArticle=8404385 False None None None CVE Liste - Common Vulnerability Exposure A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.]]> 2023-11-01T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1193 www.secnews.physaphae.fr/article.php?IdArticle=8404384 False None None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.]]> 2023-11-01T19:15:45+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46482 www.secnews.physaphae.fr/article.php?IdArticle=8404325 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5859 www.secnews.physaphae.fr/article.php?IdArticle=8404341 False None None None CVE Liste - Common Vulnerability Exposure Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5851 www.secnews.physaphae.fr/article.php?IdArticle=8404333 False None None None CVE Liste - Common Vulnerability Exposure Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5852 www.secnews.physaphae.fr/article.php?IdArticle=8404334 False Threat None None CVE Liste - Common Vulnerability Exposure Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5856 www.secnews.physaphae.fr/article.php?IdArticle=8404338 False Threat None None CVE Liste - Common Vulnerability Exposure Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5765 www.secnews.physaphae.fr/article.php?IdArticle=8404329 False None None None CVE Liste - Common Vulnerability Exposure Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5849 www.secnews.physaphae.fr/article.php?IdArticle=8404331 False Threat None None CVE Liste - Common Vulnerability Exposure Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5853 www.secnews.physaphae.fr/article.php?IdArticle=8404335 False None None None CVE Liste - Common Vulnerability Exposure Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5854 www.secnews.physaphae.fr/article.php?IdArticle=8404336 False Threat None None CVE Liste - Common Vulnerability Exposure A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5766 www.secnews.physaphae.fr/article.php?IdArticle=8404330 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5857 www.secnews.physaphae.fr/article.php?IdArticle=8404339 False None None None CVE Liste - Common Vulnerability Exposure Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5855 www.secnews.physaphae.fr/article.php?IdArticle=8404337 False Threat None None CVE Liste - Common Vulnerability Exposure Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5850 www.secnews.physaphae.fr/article.php?IdArticle=8404332 False None None None CVE Liste - Common Vulnerability Exposure Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)]]> 2023-11-01T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5858 www.secnews.physaphae.fr/article.php?IdArticle=8404340 False None None None CVE Liste - Common Vulnerability Exposure Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20071 www.secnews.physaphae.fr/article.php?IdArticle=8404312 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20267 www.secnews.physaphae.fr/article.php?IdArticle=8404324 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20264 www.secnews.physaphae.fr/article.php?IdArticle=8404323 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5358 www.secnews.physaphae.fr/article.php?IdArticle=8404326 False None None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20219 www.secnews.physaphae.fr/article.php?IdArticle=8404318 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5482 www.secnews.physaphae.fr/article.php?IdArticle=8404328 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20170 www.secnews.physaphae.fr/article.php?IdArticle=8404315 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20255 www.secnews.physaphae.fr/article.php?IdArticle=8404322 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20247 www.secnews.physaphae.fr/article.php?IdArticle=8404321 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20070 www.secnews.physaphae.fr/article.php?IdArticle=8404311 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20095 www.secnews.physaphae.fr/article.php?IdArticle=8404314 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5480 www.secnews.physaphae.fr/article.php?IdArticle=8404327 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20175 www.secnews.physaphae.fr/article.php?IdArticle=8404316 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20083 www.secnews.physaphae.fr/article.php?IdArticle=8404313 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20246 www.secnews.physaphae.fr/article.php?IdArticle=8404320 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20196 www.secnews.physaphae.fr/article.php?IdArticle=8404317 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device.]]> 2023-11-01T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20220 www.secnews.physaphae.fr/article.php?IdArticle=8404319 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.]]> 2023-11-01T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20048 www.secnews.physaphae.fr/article.php?IdArticle=8404309 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.]]> 2023-11-01T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20042 www.secnews.physaphae.fr/article.php?IdArticle=8404308 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.]]> 2023-11-01T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20031 www.secnews.physaphae.fr/article.php?IdArticle=8404307 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device.]]> 2023-11-01T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20063 www.secnews.physaphae.fr/article.php?IdArticle=8404310 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178 www.secnews.physaphae.fr/article.php?IdArticle=8404258 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20086 www.secnews.physaphae.fr/article.php?IdArticle=8404240 False Vulnerability,Threat None None