This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T18:50:58+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.]]> 2023-10-29T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40685 www.secnews.physaphae.fr/article.php?IdArticle=8402247 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure ** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."]]> 2023-10-29T01:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46858 www.secnews.physaphae.fr/article.php?IdArticle=8402250 False None None None CVE Liste - Common Vulnerability Exposure Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.]]> 2023-10-29T01:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5840 www.secnews.physaphae.fr/article.php?IdArticle=8402254 False None None None CVE Liste - Common Vulnerability Exposure Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.]]> 2023-10-29T01:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5839 www.secnews.physaphae.fr/article.php?IdArticle=8402253 False None None None CVE Liste - Common Vulnerability Exposure IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.]]> 2023-10-29T01:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43041 www.secnews.physaphae.fr/article.php?IdArticle=8402249 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.]]> 2023-10-29T01:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5838 www.secnews.physaphae.fr/article.php?IdArticle=8402252 False None None None CVE Liste - Common Vulnerability Exposure Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.]]> 2023-10-29T01:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40686 www.secnews.physaphae.fr/article.php?IdArticle=8402248 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.]]> 2023-10-28T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46854 www.secnews.physaphae.fr/article.php?IdArticle=8402159 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.]]> 2023-10-28T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5837 www.secnews.physaphae.fr/article.php?IdArticle=8402161 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.]]> 2023-10-28T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5836 www.secnews.physaphae.fr/article.php?IdArticle=8402160 False Vulnerability None None CVE Liste - Common Vulnerability Exposure exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.]]> 2023-10-28T21:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45897 www.secnews.physaphae.fr/article.php?IdArticle=8402126 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775.]]> 2023-10-28T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5835 www.secnews.physaphae.fr/article.php?IdArticle=8401989 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.]]> 2023-10-28T12:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5426 www.secnews.physaphae.fr/article.php?IdArticle=8401956 False None None None CVE Liste - Common Vulnerability Exposure The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.]]> 2023-10-28T12:15:37+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5425 www.secnews.physaphae.fr/article.php?IdArticle=8401955 False None None None CVE Liste - Common Vulnerability Exposure Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.]]> 2023-10-28T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46215 www.secnews.physaphae.fr/article.php?IdArticle=8401890 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.]]> 2023-10-28T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46570 www.secnews.physaphae.fr/article.php?IdArticle=8401807 False None None None CVE Liste - Common Vulnerability Exposure An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.]]> 2023-10-28T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46569 www.secnews.physaphae.fr/article.php?IdArticle=8401806 False None None None CVE Liste - Common Vulnerability Exposure ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.]]> 2023-10-28T01:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43322 www.secnews.physaphae.fr/article.php?IdArticle=8401803 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.]]> 2023-10-28T01:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46467 www.secnews.physaphae.fr/article.php?IdArticle=8401804 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.]]> 2023-10-28T01:15:51+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46468 www.secnews.physaphae.fr/article.php?IdArticle=8401805 False None None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.]]> 2023-10-27T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46587 www.secnews.physaphae.fr/article.php?IdArticle=8401720 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.]]> 2023-10-27T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46490 www.secnews.physaphae.fr/article.php?IdArticle=8401719 False Vulnerability None None CVE Liste - Common Vulnerability Exposure HashiCorp Vagrant\'s Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.]]> 2023-10-27T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5834 www.secnews.physaphae.fr/article.php?IdArticle=8401721 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.]]> 2023-10-27T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5830 www.secnews.physaphae.fr/article.php?IdArticle=8401685 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46510 www.secnews.physaphae.fr/article.php?IdArticle=8401680 False None None None CVE Liste - Common Vulnerability Exposure In multiple functions of DialogFillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40137 www.secnews.physaphae.fr/article.php?IdArticle=8401669 False None None None CVE Liste - Common Vulnerability Exposure An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46509 www.secnews.physaphae.fr/article.php?IdArticle=8401679 False None None None CVE Liste - Common Vulnerability Exposure In setHeader of DialogFillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40136 www.secnews.physaphae.fr/article.php?IdArticle=8401668 False None None None CVE Liste - Common Vulnerability Exposure Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The \'setcasualleave\' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44480 www.secnews.physaphae.fr/article.php?IdArticle=8401673 False None None None CVE Liste - Common Vulnerability Exposure In FillUi of FillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40138 www.secnews.physaphae.fr/article.php?IdArticle=8401670 False None None None CVE Liste - Common Vulnerability Exposure In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40140 www.secnews.physaphae.fr/article.php?IdArticle=8401672 False None None None CVE Liste - Common Vulnerability Exposure In multiple locations of DialogFillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40133 www.secnews.physaphae.fr/article.php?IdArticle=8401665 False None None None CVE Liste - Common Vulnerability Exposure In isFullScreen of FillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40134 www.secnews.physaphae.fr/article.php?IdArticle=8401666 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46211 www.secnews.physaphae.fr/article.php?IdArticle=8401677 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46200 www.secnews.physaphae.fr/article.php?IdArticle=8401674 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In applyCustomDescription of SaveUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40135 www.secnews.physaphae.fr/article.php?IdArticle=8401667 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46208 www.secnews.physaphae.fr/article.php?IdArticle=8401675 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40131 www.secnews.physaphae.fr/article.php?IdArticle=8401664 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46209 www.secnews.physaphae.fr/article.php?IdArticle=8401676 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In FillUi of FillUi.java, there is a possible way to view another user\'s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40139 www.secnews.physaphae.fr/article.php?IdArticle=8401671 False None None None CVE Liste - Common Vulnerability Exposure In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40125 www.secnews.physaphae.fr/article.php?IdArticle=8401659 False None None None CVE Liste - Common Vulnerability Exposure In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40121 www.secnews.physaphae.fr/article.php?IdArticle=8401657 False None None None CVE Liste - Common Vulnerability Exposure In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40129 www.secnews.physaphae.fr/article.php?IdArticle=8401662 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34834 www.secnews.physaphae.fr/article.php?IdArticle=8401645 False None None None CVE Liste - Common Vulnerability Exposure In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40130 www.secnews.physaphae.fr/article.php?IdArticle=8401663 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34833 www.secnews.physaphae.fr/article.php?IdArticle=8401644 False None None None CVE Liste - Common Vulnerability Exposure In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40123 www.secnews.physaphae.fr/article.php?IdArticle=8401658 False None None None CVE Liste - Common Vulnerability Exposure In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40120 www.secnews.physaphae.fr/article.php?IdArticle=8401656 False None None None CVE Liste - Common Vulnerability Exposure In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40117 www.secnews.physaphae.fr/article.php?IdArticle=8401655 False None None None CVE Liste - Common Vulnerability Exposure In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40127 www.secnews.physaphae.fr/article.php?IdArticle=8401660 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35794 www.secnews.physaphae.fr/article.php?IdArticle=8401653 False None None None CVE Liste - Common Vulnerability Exposure An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34832 www.secnews.physaphae.fr/article.php?IdArticle=8401643 False None None None CVE Liste - Common Vulnerability Exposure 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32738 www.secnews.physaphae.fr/article.php?IdArticle=8401652 False Vulnerability None None CVE Liste - Common Vulnerability Exposure In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40116 www.secnews.physaphae.fr/article.php?IdArticle=8401654 False None None None CVE Liste - Common Vulnerability Exposure In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.]]> 2023-10-27T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40128 www.secnews.physaphae.fr/article.php?IdArticle=8401661 False None None None CVE Liste - Common Vulnerability Exposure alphabet_size dans la fonction read_vlc_prefix ().

---

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 www.secnews.physaphae.fr/article.php?IdArticle=8401678 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5829 www.secnews.physaphae.fr/article.php?IdArticle=8401684 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46852 www.secnews.physaphae.fr/article.php?IdArticle=8401681 False None None None CVE Liste - Common Vulnerability Exposure baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29009 www.secnews.physaphae.fr/article.php?IdArticle=8401651 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5828 www.secnews.physaphae.fr/article.php?IdArticle=8401683 False Vulnerability,Threat,Industrial None None CVE Liste - Common Vulnerability Exposure In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.]]> 2023-10-27T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46853 www.secnews.physaphae.fr/article.php?IdArticle=8401682 False None None None CVE Liste - Common Vulnerability Exposure A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.]]> 2023-10-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3700 www.secnews.physaphae.fr/article.php?IdArticle=8401648 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.]]> 2023-10-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3701 www.secnews.physaphae.fr/article.php?IdArticle=8401649 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.]]> 2023-10-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3611 www.secnews.physaphae.fr/article.php?IdArticle=8401646 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.]]> 2023-10-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3681 www.secnews.physaphae.fr/article.php?IdArticle=8401647 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.]]> 2023-10-27T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3702 www.secnews.physaphae.fr/article.php?IdArticle=8401650 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it\'s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46246 www.secnews.physaphae.fr/article.php?IdArticle=8401599 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27854 www.secnews.physaphae.fr/article.php?IdArticle=8401597 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46290 www.secnews.physaphae.fr/article.php?IdArticle=8401601 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4967 www.secnews.physaphae.fr/article.php?IdArticle=8401602 False None None None CVE Liste - Common Vulnerability Exposure Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46289 www.secnews.physaphae.fr/article.php?IdArticle=8401600 False Threat None None CVE Liste - Common Vulnerability Exposure Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27858 www.secnews.physaphae.fr/article.php?IdArticle=8401598 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.]]> 2023-10-27T19:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3429 www.secnews.physaphae.fr/article.php?IdArticle=8401594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.]]> 2023-10-27T19:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34886 www.secnews.physaphae.fr/article.php?IdArticle=8401595 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.]]> 2023-10-27T19:15:40+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34887 www.secnews.physaphae.fr/article.php?IdArticle=8401596 False None None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.]]> 2023-10-27T18:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5826 www.secnews.physaphae.fr/article.php?IdArticle=8401603 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability.]]> 2023-10-27T18:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5827 www.secnews.physaphae.fr/article.php?IdArticle=8401604 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.  Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.]]> 2023-10-27T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46604 www.secnews.physaphae.fr/article.php?IdArticle=8401518 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.]]> 2023-10-27T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5443 www.secnews.physaphae.fr/article.php?IdArticle=8401519 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.]]> 2023-10-27T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46394 www.secnews.physaphae.fr/article.php?IdArticle=8401517 False Vulnerability None None CVE Liste - Common Vulnerability Exposure gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users\' passwords via a crafted packet.]]> 2023-10-27T14:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46393 www.secnews.physaphae.fr/article.php?IdArticle=8401516 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.]]> 2023-10-27T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5807 www.secnews.physaphae.fr/article.php?IdArticle=8401475 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'add3\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44377 www.secnews.physaphae.fr/article.php?IdArticle=8401472 False None None None CVE Liste - Common Vulnerability Exposure Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The \'add2\' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.]]> 2023-10-27T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44376 www.secnews.physaphae.fr/article.php?IdArticle=8401471 False None None None CVE Liste - Common Vulnerability Exposure The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-27T12:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5821 www.secnews.physaphae.fr/article.php?IdArticle=8401477 False None None None CVE Liste - Common Vulnerability Exposure Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.]]> 2023-10-27T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5570 www.secnews.physaphae.fr/article.php?IdArticle=8401473 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'vk_filter_search\' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-27T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5705 www.secnews.physaphae.fr/article.php?IdArticle=8401474 False None None None CVE Liste - Common Vulnerability Exposure The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-27T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5820 www.secnews.physaphae.fr/article.php?IdArticle=8401476 False None None None CVE Liste - Common Vulnerability Exposure The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-27T11:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5817 www.secnews.physaphae.fr/article.php?IdArticle=8401423 False None None None CVE Liste - Common Vulnerability Exposure The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-27T11:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5774 www.secnews.physaphae.fr/article.php?IdArticle=8401422 False None None None CVE Liste - Common Vulnerability Exposure A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.]]> 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44219 www.secnews.physaphae.fr/article.php?IdArticle=8401371 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46093 www.secnews.physaphae.fr/article.php?IdArticle=8401374 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46091 www.secnews.physaphae.fr/article.php?IdArticle=8401373 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46153 www.secnews.physaphae.fr/article.php?IdArticle=8401375 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.]]> 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44220 www.secnews.physaphae.fr/article.php?IdArticle=8401372 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46192 www.secnews.physaphae.fr/article.php?IdArticle=8401376 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46194 www.secnews.physaphae.fr/article.php?IdArticle=8401377 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46199 www.secnews.physaphae.fr/article.php?IdArticle=8401378 False Vulnerability None None CVE Liste - Common Vulnerability Exposure open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.]]> 2023-10-27T05:15:39+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34059 www.secnews.physaphae.fr/article.php?IdArticle=8401370 False Vulnerability None None CVE Liste - Common Vulnerability Exposure VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.]]> 2023-10-27T05:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34057 www.secnews.physaphae.fr/article.php?IdArticle=8401368 False Tool None None