Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29492: novi survey security advisory apr 2023

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

CVE
#vulnerability

Audience: Current and prior users of the Novi Survey installable software.

Product affected: installable version of Novi Survey

Version affected: all versions less than 8.9.43676

Reference: CVE-2023-29492

Description:

A vulnerability allows remote attackers to execute arbitrary code on the server in the context of the service account on affected installations of Novi Survey.

The vulnerability does not provide access to survey or response data stored within the system.

Mitigation:

Upgrade the installation to version 8.9.43676 or greater. There is no workaround available for versions less than 8.9.43676.

Related news

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907