» 2023 » 7월

CVE-2023-38197

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

Source: CVE-2023-38197

CVE-2023-34129

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34129

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34129

CVE-2023-34130

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34130

CVE-2023-34124

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34124

CVE-2023-21260

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

Source: CVE-2023-21260

CVE-2023-34128

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34128

CVE-2023-34127

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34127

CVE-2023-34126

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34126

CVE-2023-34125

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Source: CVE-2023-34125

CVE-2023-21254

Posted on 2023년 7월 13일2023년 7월 13일 by admin

CVE-2023-21254

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21254