CVE-2023-39292
published 2023-08-14CVE-2023-39292: A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.5th percentile
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 5.15.0-119.129 | 5.15.0-119.129 |
| mitel | mivoice_office_400 | <= 7.0.9281 | — |
| mitel | mivoice_office_400_smb_controller_firmware | <= 1.2.5.23 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-oracle-5.15 vulnerabilities
osv·2024-08-23·CVSS 8.4
CVE-2024-26921 linux-oracle-5.15 vulnerabilities
linux-oracle-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- User-Mode Linux (UML);
- MMC subsystem;
- Network drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
(CVE-2024-26921, CVE-2023-52629, CVE-2024-26680, CVE-2024-26830,
CVE-2024-39484, CVE-2024-39292, CVE-2024-36901, CVE-2023-52760)
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,
osv·2024-08-21·CVSS 8.4
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- User-Mode Linux (UML);
- MMC subsystem;
- Network drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
(CVE-2024-26921, CVE-2023-52629, CVE-2024-26680, CVE-2024-26830,
CVE-2024-39484, CVE-2024-39292, CVE-20
GHSA
GHSA-h83c-g2f6-cfm6: A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1
ghsa_unreviewed·2023-08-14
CVE-2023-39292 [CRITICAL] CWE-89 GHSA-h83c-g2f6-cfm6: A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-14
Published