This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T17:12:30+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21326 www.secnews.physaphae.fr/article.php?IdArticle=8403007 False None None None CVE Liste - Common Vulnerability Exposure In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21327 www.secnews.physaphae.fr/article.php?IdArticle=8403008 False None None None CVE Liste - Common Vulnerability Exposure In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21331 www.secnews.physaphae.fr/article.php?IdArticle=8403012 False None None None CVE Liste - Common Vulnerability Exposure In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21334 www.secnews.physaphae.fr/article.php?IdArticle=8403015 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21335 www.secnews.physaphae.fr/article.php?IdArticle=8403016 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21325 www.secnews.physaphae.fr/article.php?IdArticle=8403006 False None None None CVE Liste - Common Vulnerability Exposure In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21328 www.secnews.physaphae.fr/article.php?IdArticle=8403009 False None None None CVE Liste - Common Vulnerability Exposure In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21330 www.secnews.physaphae.fr/article.php?IdArticle=8403011 False None None None CVE Liste - Common Vulnerability Exposure In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21339 www.secnews.physaphae.fr/article.php?IdArticle=8403020 False None None None CVE Liste - Common Vulnerability Exposure In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21337 www.secnews.physaphae.fr/article.php?IdArticle=8403018 False None None None CVE Liste - Common Vulnerability Exposure In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21341 www.secnews.physaphae.fr/article.php?IdArticle=8403022 False None None None CVE Liste - Common Vulnerability Exposure In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21333 www.secnews.physaphae.fr/article.php?IdArticle=8403014 False None None None CVE Liste - Common Vulnerability Exposure In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21336 www.secnews.physaphae.fr/article.php?IdArticle=8403017 False None None None CVE Liste - Common Vulnerability Exposure In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21332 www.secnews.physaphae.fr/article.php?IdArticle=8403013 False None None None CVE Liste - Common Vulnerability Exposure In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:49+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21329 www.secnews.physaphae.fr/article.php?IdArticle=8403010 False None None None CVE Liste - Common Vulnerability Exposure In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21323 www.secnews.physaphae.fr/article.php?IdArticle=8403004 False None None None CVE Liste - Common Vulnerability Exposure In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21306 www.secnews.physaphae.fr/article.php?IdArticle=8402988 False None None None CVE Liste - Common Vulnerability Exposure In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21318 www.secnews.physaphae.fr/article.php?IdArticle=8403000 False None None None CVE Liste - Common Vulnerability Exposure In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21305 www.secnews.physaphae.fr/article.php?IdArticle=8402987 False None None None CVE Liste - Common Vulnerability Exposure In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21319 www.secnews.physaphae.fr/article.php?IdArticle=8403001 False None None None CVE Liste - Common Vulnerability Exposure In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21320 www.secnews.physaphae.fr/article.php?IdArticle=8403002 False None None None CVE Liste - Common Vulnerability Exposure In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21309 www.secnews.physaphae.fr/article.php?IdArticle=8402991 False None None None CVE Liste - Common Vulnerability Exposure In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21304 www.secnews.physaphae.fr/article.php?IdArticle=8402986 False None None None CVE Liste - Common Vulnerability Exposure In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21308 www.secnews.physaphae.fr/article.php?IdArticle=8402990 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21310 www.secnews.physaphae.fr/article.php?IdArticle=8402992 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21321 www.secnews.physaphae.fr/article.php?IdArticle=8403003 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21302 www.secnews.physaphae.fr/article.php?IdArticle=8402984 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21315 www.secnews.physaphae.fr/article.php?IdArticle=8402997 False None None None CVE Liste - Common Vulnerability Exposure In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21311 www.secnews.physaphae.fr/article.php?IdArticle=8402993 False None None None CVE Liste - Common Vulnerability Exposure In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21313 www.secnews.physaphae.fr/article.php?IdArticle=8402995 False None None None CVE Liste - Common Vulnerability Exposure In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21301 www.secnews.physaphae.fr/article.php?IdArticle=8402983 False None None None CVE Liste - Common Vulnerability Exposure In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21303 www.secnews.physaphae.fr/article.php?IdArticle=8402985 False None None None CVE Liste - Common Vulnerability Exposure In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21312 www.secnews.physaphae.fr/article.php?IdArticle=8402994 False None None None CVE Liste - Common Vulnerability Exposure In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21324 www.secnews.physaphae.fr/article.php?IdArticle=8403005 False None None None CVE Liste - Common Vulnerability Exposure In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21317 www.secnews.physaphae.fr/article.php?IdArticle=8402999 False None None None CVE Liste - Common Vulnerability Exposure In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21316 www.secnews.physaphae.fr/article.php?IdArticle=8402998 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21314 www.secnews.physaphae.fr/article.php?IdArticle=8402996 False None None None CVE Liste - Common Vulnerability Exposure In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.]]> 2023-10-30T17:15:48+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21307 www.secnews.physaphae.fr/article.php?IdArticle=8402989 False None None None CVE Liste - Common Vulnerability Exposure In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21293 www.secnews.physaphae.fr/article.php?IdArticle=8402975 False None None None CVE Liste - Common Vulnerability Exposure In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21297 www.secnews.physaphae.fr/article.php?IdArticle=8402979 False None None None CVE Liste - Common Vulnerability Exposure In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20264 www.secnews.physaphae.fr/article.php?IdArticle=8402974 False None None None CVE Liste - Common Vulnerability Exposure In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39810 www.secnews.physaphae.fr/article.php?IdArticle=8402973 False None None None CVE Liste - Common Vulnerability Exposure In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21298 www.secnews.physaphae.fr/article.php?IdArticle=8402980 False None None None CVE Liste - Common Vulnerability Exposure In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21299 www.secnews.physaphae.fr/article.php?IdArticle=8402981 False None None None CVE Liste - Common Vulnerability Exposure In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21295 www.secnews.physaphae.fr/article.php?IdArticle=8402977 False None None None CVE Liste - Common Vulnerability Exposure In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21300 www.secnews.physaphae.fr/article.php?IdArticle=8402982 False None None None CVE Liste - Common Vulnerability Exposure In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21294 www.secnews.physaphae.fr/article.php?IdArticle=8402976 False None None None CVE Liste - Common Vulnerability Exposure In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.]]> 2023-10-30T17:15:47+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21296 www.secnews.physaphae.fr/article.php?IdArticle=8402978 False None None None CVE Liste - Common Vulnerability Exposure Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.]]> 2023-10-30T15:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4964 www.secnews.physaphae.fr/article.php?IdArticle=8402915 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.]]> 2023-10-30T15:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4575 www.secnews.physaphae.fr/article.php?IdArticle=8402908 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  ]]> 2023-10-30T15:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4574 www.secnews.physaphae.fr/article.php?IdArticle=8402907 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.]]> 2023-10-30T15:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44323 www.secnews.physaphae.fr/article.php?IdArticle=8402914 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.]]> 2023-10-30T15:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48189 www.secnews.physaphae.fr/article.php?IdArticle=8402909 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.]]> 2023-10-30T15:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4573 www.secnews.physaphae.fr/article.php?IdArticle=8402906 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'tcpaccordion\' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5666 www.secnews.physaphae.fr/article.php?IdArticle=8402928 False None None None CVE Liste - Common Vulnerability Exposure The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5566 www.secnews.physaphae.fr/article.php?IdArticle=8402926 False None None None CVE Liste - Common Vulnerability Exposure The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the \'wpsimplegallery_gallery\' post meta via \'wpsgallery\' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.]]> 2023-10-30T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5583 www.secnews.physaphae.fr/article.php?IdArticle=8402927 False None None None CVE Liste - Common Vulnerability Exposure The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the \'dfads_ajax_load_ads\' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.]]> 2023-10-30T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5843 www.secnews.physaphae.fr/article.php?IdArticle=8402929 False None None None CVE Liste - Common Vulnerability Exposure The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the \'php-to-page\' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5199 www.secnews.physaphae.fr/article.php?IdArticle=8402918 False None None None CVE Liste - Common Vulnerability Exposure The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5315 www.secnews.physaphae.fr/article.php?IdArticle=8402922 False None None None CVE Liste - Common Vulnerability Exposure The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5164 www.secnews.physaphae.fr/article.php?IdArticle=8402917 False None None None CVE Liste - Common Vulnerability Exposure The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \'rafflepress\' and \'rafflepress_gutenberg\' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on \'giframe\' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5049 www.secnews.physaphae.fr/article.php?IdArticle=8402916 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41605 www.secnews.physaphae.fr/article.php?IdArticle=8402912 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44078 www.secnews.physaphae.fr/article.php?IdArticle=8402913 False None None None CVE Liste - Common Vulnerability Exposure The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'shortmenu\' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5565 www.secnews.physaphae.fr/article.php?IdArticle=8402925 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40943 www.secnews.physaphae.fr/article.php?IdArticle=8402911 False None None None CVE Liste - Common Vulnerability Exposure The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the \'grid_plus_save_layout_callback\' and \'grid_plus_delete_callback\' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5251 www.secnews.physaphae.fr/article.php?IdArticle=8402920 False None None None CVE Liste - Common Vulnerability Exposure The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5250 www.secnews.physaphae.fr/article.php?IdArticle=8402919 False None None None CVE Liste - Common Vulnerability Exposure The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'buzzsprout\' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5335 www.secnews.physaphae.fr/article.php?IdArticle=8402923 False None None None CVE Liste - Common Vulnerability Exposure The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5252 www.secnews.physaphae.fr/article.php?IdArticle=8402921 False None None None CVE Liste - Common Vulnerability Exposure The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'spice_post_slider\' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-30T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5362 www.secnews.physaphae.fr/article.php?IdArticle=8402924 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11103 www.secnews.physaphae.fr/article.php?IdArticle=8402904 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.]]> 2023-10-30T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48190 www.secnews.physaphae.fr/article.php?IdArticle=8402910 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25870 www.secnews.physaphae.fr/article.php?IdArticle=8402905 False None None None CVE Liste - Common Vulnerability Exposure Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.]]> 2023-10-30T13:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5832 www.secnews.physaphae.fr/article.php?IdArticle=8402832 False None None None CVE Liste - Common Vulnerability Exposure Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.]]> 2023-10-30T13:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5833 www.secnews.physaphae.fr/article.php?IdArticle=8402833 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.]]> 2023-10-30T11:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42431 www.secnews.physaphae.fr/article.php?IdArticle=8402827 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.]]> 2023-10-30T11:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5844 www.secnews.physaphae.fr/article.php?IdArticle=8402834 False None None None CVE Liste - Common Vulnerability Exposure In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.]]> 2023-10-30T07:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45799 www.secnews.physaphae.fr/article.php?IdArticle=8402831 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.]]> 2023-10-30T07:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45798 www.secnews.physaphae.fr/article.php?IdArticle=8402830 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.]]> 2023-10-30T07:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45797 www.secnews.physaphae.fr/article.php?IdArticle=8402829 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.]]> 2023-10-30T05:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45746 www.secnews.physaphae.fr/article.php?IdArticle=8402828 False Vulnerability,Cloud None None CVE Liste - Common Vulnerability Exposure Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.]]> 2023-10-30T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44141 www.secnews.physaphae.fr/article.php?IdArticle=8402646 False None None None CVE Liste - Common Vulnerability Exposure In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.]]> 2023-10-30T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46867 www.secnews.physaphae.fr/article.php?IdArticle=8402651 False None None None CVE Liste - Common Vulnerability Exposure Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port�) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip� field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip� field are unaffected.]]> 2023-10-30T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25736 www.secnews.physaphae.fr/article.php?IdArticle=8402643 False None None None CVE Liste - Common Vulnerability Exposure In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.]]> 2023-10-30T03:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46866 www.secnews.physaphae.fr/article.php?IdArticle=8402650 False None None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.]]> 2023-10-30T01:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5842 www.secnews.physaphae.fr/article.php?IdArticle=8402652 False None None None CVE Liste - Common Vulnerability Exposure /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.]]> 2023-10-30T01:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46865 www.secnews.physaphae.fr/article.php?IdArticle=8402649 False None None None CVE Liste - Common Vulnerability Exposure Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.]]> 2023-10-30T00:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46864 www.secnews.physaphae.fr/article.php?IdArticle=8402648 False None None None CVE Liste - Common Vulnerability Exposure Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.]]> 2023-10-30T00:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46863 www.secnews.physaphae.fr/article.php?IdArticle=8402647 False None None None CVE Liste - Common Vulnerability Exposure HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.]]> 2023-10-30T00:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4393 www.secnews.physaphae.fr/article.php?IdArticle=8402644 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.]]> 2023-10-30T00:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44002 www.secnews.physaphae.fr/article.php?IdArticle=8402645 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.]]> 2023-10-29T18:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-10003 www.secnews.physaphae.fr/article.php?IdArticle=8402490 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.]]> 2023-10-29T15:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-10002 www.secnews.physaphae.fr/article.php?IdArticle=8402423 False Vulnerability None None CVE Liste - Common Vulnerability Exposure When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.]]> 2023-10-29T08:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33637 www.secnews.physaphae.fr/article.php?IdArticle=8402307 False None None None CVE Liste - Common Vulnerability Exposure When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.]]> 2023-10-29T08:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33638 www.secnews.physaphae.fr/article.php?IdArticle=8402308 False None None None CVE Liste - Common Vulnerability Exposure When malicious images are pulled by isula pull, attackers can execute arbitrary code.]]> 2023-10-29T08:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33635 www.secnews.physaphae.fr/article.php?IdArticle=8402305 False None None None CVE Liste - Common Vulnerability Exposure iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.]]> 2023-10-29T08:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33634 www.secnews.physaphae.fr/article.php?IdArticle=8402304 False None None None CVE Liste - Common Vulnerability Exposure When the isula load command is used to load malicious images, attackers can execute arbitrary code.]]> 2023-10-29T08:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33636 www.secnews.physaphae.fr/article.php?IdArticle=8402306 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.]]> 2023-10-29T04:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46862 www.secnews.physaphae.fr/article.php?IdArticle=8402251 False None None None