CVE-2023-4304
published 2023-08-11CVE-2023-4304: Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
PriorityP48low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.48%
37.6th percentile
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| froxlor | froxlor | < 2.0.22 | 2.0.22 |
| froxlor | froxlor | >= 0 < 2.0.22 | 2.0.22 |
| froxlor | froxlor_froxlor | >= unspecified < 2.0.22,2.1.0 | 2.0.22,2.1.0 |
| openssl | openssl | >= 0 < 1.1.1-1ubuntu2.1~18.04.21 | 1.1.1-1ubuntu2.1~18.04.21 |
| openssl | openssl | >= 0 < 1.1.1f-1ubuntu2.17 | 1.1.1f-1ubuntu2.17 |
| openssl | openssl | >= 0 < 3.0.2-0ubuntu1.8 | 3.0.2-0ubuntu1.8 |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
osv4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Froxlor vulnerable to business logic errors
osv·2023-08-11
CVE-2023-4304 [LOW] Froxlor vulnerable to business logic errors
Froxlor vulnerable to business logic errors
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22
GHSA
Froxlor vulnerable to business logic errors
ghsa·2023-08-11
CVE-2023-4304 [LOW] CWE-284 Froxlor vulnerable to business logic errors
Froxlor vulnerable to business logic errors
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22
OSV
openssl vulnerabilities
osv·2023-02-07·CVSS 4.9
CVE-2023-0286 openssl vulnerabilities
openssl vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)
Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive information. (CVE-2022-4304)
Dawei Wang discovered that OpenSSL incor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-11
Published