This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T19:13:43+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20177 www.secnews.physaphae.fr/article.php?IdArticle=8404243 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46911 www.secnews.physaphae.fr/article.php?IdArticle=8404257 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20155 www.secnews.physaphae.fr/article.php?IdArticle=8404242 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20206 www.secnews.physaphae.fr/article.php?IdArticle=8404245 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20213 www.secnews.physaphae.fr/article.php?IdArticle=8404246 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20195 www.secnews.physaphae.fr/article.php?IdArticle=8404244 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178 www.secnews.physaphae.fr/article.php?IdArticle=8404258 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20245 www.secnews.physaphae.fr/article.php?IdArticle=8404248 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20114 www.secnews.physaphae.fr/article.php?IdArticle=8404241 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20256 www.secnews.physaphae.fr/article.php?IdArticle=8404249 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.]]> 2023-11-01T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20270 www.secnews.physaphae.fr/article.php?IdArticle=8404250 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.]]> 2023-11-01T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20074 www.secnews.physaphae.fr/article.php?IdArticle=8404239 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.]]> 2023-11-01T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20005 www.secnews.physaphae.fr/article.php?IdArticle=8404237 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.]]> 2023-11-01T17:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20041 www.secnews.physaphae.fr/article.php?IdArticle=8404238 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40062 www.secnews.physaphae.fr/article.php?IdArticle=8404256 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33228 www.secnews.physaphae.fr/article.php?IdArticle=8404253 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5627 www.secnews.physaphae.fr/article.php?IdArticle=8404259 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3972 www.secnews.physaphae.fr/article.php?IdArticle=8404254 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33226 www.secnews.physaphae.fr/article.php?IdArticle=8404251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33227 www.secnews.physaphae.fr/article.php?IdArticle=8404252 False Vulnerability None None CVE Liste - Common Vulnerability Exposure  Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40061 www.secnews.physaphae.fr/article.php?IdArticle=8404255 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.]]> 2023-11-01T16:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5847 www.secnews.physaphae.fr/article.php?IdArticle=8404260 False None None None CVE Liste - Common Vulnerability Exposure GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.]]> 2023-11-01T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46927 www.secnews.physaphae.fr/article.php?IdArticle=8404183 False None None None CVE Liste - Common Vulnerability Exposure GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.]]> 2023-11-01T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46928 www.secnews.physaphae.fr/article.php?IdArticle=8404184 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.]]> 2023-11-01T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4452 www.secnews.physaphae.fr/article.php?IdArticle=8404182 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.]]> 2023-11-01T14:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46930 www.secnews.physaphae.fr/article.php?IdArticle=8404185 False None None None CVE Liste - Common Vulnerability Exposure GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.]]> 2023-11-01T14:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46931 www.secnews.physaphae.fr/article.php?IdArticle=8404186 False None None None CVE Liste - Common Vulnerability Exposure A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.]]> 2023-11-01T14:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5625 www.secnews.physaphae.fr/article.php?IdArticle=8404187 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42643 www.secnews.physaphae.fr/article.php?IdArticle=8404077 False None None None CVE Liste - Common Vulnerability Exposure In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42646 www.secnews.physaphae.fr/article.php?IdArticle=8404080 False None None None CVE Liste - Common Vulnerability Exposure In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42652 www.secnews.physaphae.fr/article.php?IdArticle=8404086 False None None None CVE Liste - Common Vulnerability Exposure In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42644 www.secnews.physaphae.fr/article.php?IdArticle=8404078 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42642 www.secnews.physaphae.fr/article.php?IdArticle=8404076 False None None None CVE Liste - Common Vulnerability Exposure In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42647 www.secnews.physaphae.fr/article.php?IdArticle=8404081 False None None None CVE Liste - Common Vulnerability Exposure In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42648 www.secnews.physaphae.fr/article.php?IdArticle=8404082 False None None None CVE Liste - Common Vulnerability Exposure In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42655 www.secnews.physaphae.fr/article.php?IdArticle=8404089 False None None None CVE Liste - Common Vulnerability Exposure In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42649 www.secnews.physaphae.fr/article.php?IdArticle=8404083 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42641 www.secnews.physaphae.fr/article.php?IdArticle=8404075 False None None None CVE Liste - Common Vulnerability Exposure In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42650 www.secnews.physaphae.fr/article.php?IdArticle=8404084 False None None None CVE Liste - Common Vulnerability Exposure In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42654 www.secnews.physaphae.fr/article.php?IdArticle=8404088 False None None None CVE Liste - Common Vulnerability Exposure In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42651 www.secnews.physaphae.fr/article.php?IdArticle=8404085 False None None None CVE Liste - Common Vulnerability Exposure In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42750 www.secnews.physaphae.fr/article.php?IdArticle=8404090 False None None None CVE Liste - Common Vulnerability Exposure In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42653 www.secnews.physaphae.fr/article.php?IdArticle=8404087 False None None None CVE Liste - Common Vulnerability Exposure In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42645 www.secnews.physaphae.fr/article.php?IdArticle=8404079 False None None None CVE Liste - Common Vulnerability Exposure Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim\'s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1719 www.secnews.physaphae.fr/article.php?IdArticle=8404063 False None None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim\'s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1716 www.secnews.physaphae.fr/article.php?IdArticle=8404060 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1718 www.secnews.physaphae.fr/article.php?IdArticle=8404062 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42637 www.secnews.physaphae.fr/article.php?IdArticle=8404071 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42631 www.secnews.physaphae.fr/article.php?IdArticle=8404065 False None None None CVE Liste - Common Vulnerability Exposure Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1717 www.secnews.physaphae.fr/article.php?IdArticle=8404061 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42634 www.secnews.physaphae.fr/article.php?IdArticle=8404068 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42639 www.secnews.physaphae.fr/article.php?IdArticle=8404073 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42633 www.secnews.physaphae.fr/article.php?IdArticle=8404067 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42640 www.secnews.physaphae.fr/article.php?IdArticle=8404074 False None None None CVE Liste - Common Vulnerability Exposure Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1714 www.secnews.physaphae.fr/article.php?IdArticle=8404058 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42632 www.secnews.physaphae.fr/article.php?IdArticle=8404066 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42635 www.secnews.physaphae.fr/article.php?IdArticle=8404069 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42638 www.secnews.physaphae.fr/article.php?IdArticle=8404072 False None None None CVE Liste - Common Vulnerability Exposure A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1715 www.secnews.physaphae.fr/article.php?IdArticle=8404059 False None None None CVE Liste - Common Vulnerability Exposure In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42636 www.secnews.physaphae.fr/article.php?IdArticle=8404070 False None None None CVE Liste - Common Vulnerability Exposure Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim\'s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.]]> 2023-11-01T10:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1720 www.secnews.physaphae.fr/article.php?IdArticle=8404064 False None None None CVE Liste - Common Vulnerability Exposure In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48461 www.secnews.physaphae.fr/article.php?IdArticle=8404056 False None None None CVE Liste - Common Vulnerability Exposure In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48460 www.secnews.physaphae.fr/article.php?IdArticle=8404055 False None None None CVE Liste - Common Vulnerability Exposure In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48456 www.secnews.physaphae.fr/article.php?IdArticle=8404051 False None None None CVE Liste - Common Vulnerability Exposure In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48458 www.secnews.physaphae.fr/article.php?IdArticle=8404053 False None None None CVE Liste - Common Vulnerability Exposure In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48457 www.secnews.physaphae.fr/article.php?IdArticle=8404052 False None None None CVE Liste - Common Vulnerability Exposure In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48459 www.secnews.physaphae.fr/article.php?IdArticle=8404054 False None None None CVE Liste - Common Vulnerability Exposure Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1713 www.secnews.physaphae.fr/article.php?IdArticle=8404057 False None None None CVE Liste - Common Vulnerability Exposure In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48454 www.secnews.physaphae.fr/article.php?IdArticle=8404049 False None None None CVE Liste - Common Vulnerability Exposure In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed]]> 2023-11-01T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48455 www.secnews.physaphae.fr/article.php?IdArticle=8404050 False None None None CVE Liste - Common Vulnerability Exposure 2023-11-01T09:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4198 www.secnews.physaphae.fr/article.php?IdArticle=8404005 False None None None CVE Liste - Common Vulnerability Exposure 2023-11-01T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4197 www.secnews.physaphae.fr/article.php?IdArticle=8404004 False None None None CVE Liste - Common Vulnerability Exposure Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.]]> 2023-11-01T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5516 www.secnews.physaphae.fr/article.php?IdArticle=8403906 False None None None CVE Liste - Common Vulnerability Exposure The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.]]> 2023-11-01T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5514 www.secnews.physaphae.fr/article.php?IdArticle=8403904 False None None None CVE Liste - Common Vulnerability Exposure The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.]]> 2023-11-01T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5515 www.secnews.physaphae.fr/article.php?IdArticle=8403905 False None None None CVE Liste - Common Vulnerability Exposure The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint.]]> 2023-11-01T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2621 www.secnews.physaphae.fr/article.php?IdArticle=8403895 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.]]> 2023-11-01T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2622 www.secnews.physaphae.fr/article.php?IdArticle=8403896 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5899 www.secnews.physaphae.fr/article.php?IdArticle=8403917 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5898 www.secnews.physaphae.fr/article.php?IdArticle=8403916 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5894 www.secnews.physaphae.fr/article.php?IdArticle=8403912 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5890 www.secnews.physaphae.fr/article.php?IdArticle=8403908 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5895 www.secnews.physaphae.fr/article.php?IdArticle=8403913 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5897 www.secnews.physaphae.fr/article.php?IdArticle=8403915 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5891 www.secnews.physaphae.fr/article.php?IdArticle=8403909 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5892 www.secnews.physaphae.fr/article.php?IdArticle=8403910 False None None None CVE Liste - Common Vulnerability Exposure Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5893 www.secnews.physaphae.fr/article.php?IdArticle=8403911 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5896 www.secnews.physaphae.fr/article.php?IdArticle=8403914 False None None None CVE Liste - Common Vulnerability Exposure Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.]]> 2023-11-01T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5889 www.secnews.physaphae.fr/article.php?IdArticle=8403907 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47098 www.secnews.physaphae.fr/article.php?IdArticle=8403902 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47099 www.secnews.physaphae.fr/article.php?IdArticle=8403903 False None None None CVE Liste - Common Vulnerability Exposure Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46278 www.secnews.physaphae.fr/article.php?IdArticle=8403897 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47095 www.secnews.physaphae.fr/article.php?IdArticle=8403899 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47097 www.secnews.physaphae.fr/article.php?IdArticle=8403901 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47094 www.secnews.physaphae.fr/article.php?IdArticle=8403898 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.]]> 2023-11-01T00:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47096 www.secnews.physaphae.fr/article.php?IdArticle=8403900 False None None None CVE Liste - Common Vulnerability Exposure Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.]]> 2023-10-31T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37833 www.secnews.physaphae.fr/article.php?IdArticle=8403804 False None None None CVE Liste - Common Vulnerability Exposure Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.]]> 2023-10-31T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46378 www.secnews.physaphae.fr/article.php?IdArticle=8403809 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.]]> 2023-10-31T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39695 www.secnews.physaphae.fr/article.php?IdArticle=8403805 False None None None CVE Liste - Common Vulnerability Exposure Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The \'address\' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.]]> 2023-10-31T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44486 www.secnews.physaphae.fr/article.php?IdArticle=8403808 False None None None CVE Liste - Common Vulnerability Exposure Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The \'firstName\' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.]]> 2023-10-31T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44484 www.secnews.physaphae.fr/article.php?IdArticle=8403806 False None None None