Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49087 | 1 Simplesamlphp | 2 Saml2, Xml-security | 2023-12-10 | N/A | 7.5 HIGH |
| xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13. | |||||
| CVE-2023-43800 | 1 Arduino | 1 Create Agent | 2023-12-10 | N/A | 7.8 HIGH |
| Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-37920 | 1 Kennethreitz | 1 Certifi | 2023-12-10 | N/A | 9.8 CRITICAL |
| Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. | |||||
| CVE-2023-39347 | 1 Cilium | 1 Cilium | 2023-12-10 | N/A | 9.0 CRITICAL |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys. | |||||
| CVE-2023-36139 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-12-10 | N/A | 9.8 CRITICAL |
| In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2015-8371 | 1 Getcomposer | 1 Composer | 2023-12-10 | N/A | 8.8 HIGH |
| Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected. | |||||
| CVE-2023-41896 | 1 Home-assistant | 2 Home-assistant, Home-assistant-js-websocket | 2023-12-10 | N/A | 9.0 CRITICAL |
| Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alternative WebSocket backend. Henceforth, the attacker can spoof any WebSocket responses and trigger cross site scripting (XSS). Since the XSS is executed on the actual Home Assistant frontend domain, it can connect to the real Home Assistant backend, which essentially represents a comprehensive takeover scenario. Permitting the site to be iframed by other origins, as discussed in GHSA-935v-rmg9-44mw, renders this exploit substantially covert since a malicious website can obfuscate the compromise strategy in the background. However, even without this, the attacker can still send the `auth_callback` link directly to the victim user. To mitigate this issue, Cure53 advises modifying the WebSocket code’s authentication flow. An optimal implementation in this regard would not trust the `hassUrl` passed in by a GET parameter. Cure53 must stipulate the significant time required of the Cure53 consultants to identify an XSS vector, despite holding full control over the WebSocket responses. In many areas, data from the WebSocket was properly sanitized, which hinders post-exploitation. The audit team eventually detected the `js_url` for custom panels, though generally, the frontend exhibited reasonable security hardening. This issue has been addressed in Home Assistant Core version 2023.8.0 and in the npm package home-assistant-js-websocket in version 8.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-35719 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2023-12-10 | N/A | 6.8 MEDIUM |
| ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009. | |||||
| CVE-2023-2314 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-26141 | 1 Contribsys | 1 Sidekiq | 2023-12-10 | N/A | 4.9 MEDIUM |
| Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | |||||
| CVE-2023-4589 | 1 Delinea | 1 Secret Server | 2023-12-10 | N/A | 7.2 HIGH |
| Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update. | |||||
| CVE-2023-36858 | 3 Apple, F5, Microsoft | 4 Macos, Access Policy Manager Clients, Big-ip Access Policy Manager and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-4699 | 1 Mitsubishielectric | 432 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 429 more | 2023-12-10 | N/A | 9.1 CRITICAL |
| Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. | |||||
| CVE-2023-3920 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. | |||||
| CVE-2023-5450 | 2 Apple, F5 | 2 Macos, Big-ip Access Policy Manager | 2023-12-10 | N/A | 7.8 HIGH |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-3749 | 1 Johnsoncontrols | 1 Videoedge | 2023-12-10 | N/A | 5.5 MEDIUM |
| A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. | |||||
| CVE-2023-43666 | 1 Apache | 1 Inlong | 2023-12-10 | N/A | 6.5 MEDIUM |
| Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8623 | |||||
| CVE-2023-3663 | 1 Codesys | 1 Development System | 2023-12-10 | N/A | 8.8 HIGH |
| In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | |||||
| CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-12-10 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | |||||
| CVE-2023-36541 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 8.8 HIGH |
| Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | |||||