RMX Security CERT Global

• CVE-2022-47611 (hover_image)
  Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. ... read more
• CERTFR-2023-ACT-023 : Bulletin d’actualité CERTFR-2023-ACT-023 (30 mai 2023)
  Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
• CVE-2023-0443
  The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without ... read more
• CVE-2023-33955
  Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0. ... read more
• CVE-2023-2117
  The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to ... read more
• CVE-2023-0766
  The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks ... read more
• CVE-2023-2023
  The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. ... read more
• CVE-2023-2113
  The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript ... read more
• CVE-2023-1524
  The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be ... read more
• CVE-2022-41766
  An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when ... read more
• CVE-2023-32687
  tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections ... read more
• CVE-2023-30571
  Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a ... read more
• CVE-2022-24632
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. ... read more
• CVE-2022-24580
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-24580. Reason: This candidate is a duplicate of CVE-2023-24580. A typo caused the wrong ID to be used. Notes: All ... read more
• CVE-2023-30253
  Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. ... read more
• CVE-2023-32072
  Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 ... read more
• CVE-2022-24630
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. ... read more
• CVE-2022-24628
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. ... read more
• CVE-2022-24631
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. ... read more
• CVE-2022-24629
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of ... read more
• CVE-2022-24627
  An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. ... read more
• CVE-2023-33439 (faculty_evaluation_system)
  Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. ... read more
• CVE-2021-46881 (emui)
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2023-33440 (faculty_evaluation_system)
  Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. ... read more
• CVE-2023-0117
  The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. ... read more
• CVE-2023-31225
  The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. ... read more
• CVE-2021-46882
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2021-46887
  Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. ... read more
• CVE-2021-46884
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2021-46886
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2021-46885
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2023-31227
  The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. ... read more
• CVE-2023-31226
  The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. ... read more
• CVE-2023-2002
  A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of ... read more
• CVE-2022-48478
  The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. ... read more
• CVE-2023-2817
  A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to ... read more
• CVE-2022-48479
  The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. ... read more
• CVE-2023-20883
  In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring ... read more
• CVE-2023-33780
  A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the ... read more
• CVE-2021-46883
  The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2022-48480
  Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. ... read more
• CVE-2023-0116
  The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. ... read more
• CVE-2023-20882
  In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. ... read more
• CVE-2023-33779
  A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. ... read more
• Zyxel udsender kritiske sikkerhedsrettelser
  Bedst som proof-of-concept er offentliggjort på ’gamle’ sårbarheder i Zyxel-produkter, har Zyxel udsendt nye softwareopdateringer for at rette to kritiske sikkerhedsfejl, der påvirker udvalgte firewall- og VPN-produkter. Udnyttelse af fejlene ... read more
• CVE-2022-46945
  Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. ... read more
• CVE-2023-25029
  Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. ... read more
• CVE-2023-23714
  Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. ... read more
• CVE-2023-25038
  Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. ... read more
• CVE-2023-24008
  Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. ... read more