Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.



**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-33934

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.
This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Software Security / Vulnerability

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.

This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004).

This is in addition to 31 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD (CVE-2023-20569 or Inception).

ADV230003 concerns an already known security flaw tracked as CVE-2023-36884, a remote code execution vulnerability in Office and Windows HTML that has been actively exploited by the Russia-linked RomCom threat actor in attacks targeting Ukraine as well as pro-Ukraine targets in Eastern Europe and North America.

Microsoft said that installing the latest update "stops the attack chain" leading to the remote code execution bug.

The other defense-in-depth update for the Memory Integrity System Readiness scan tool, which is used to check for compatibility issues with memory integrity (aka hypervisor-protected code integrity or HVCI), takes care of a publicly known bug wherein the "original version was published without a RSRC section, which contains resource information for a module."

Also patched by the tech giant are numerous remote code execution flaws in Microsoft Message Queuing (MSMQ) and Microsoft Teams as well as a number of spoofing vulnerabilities in Azure Apache Ambari, Azure Apache Hadoop, Azure Apache Hive, Azure Apache Oozie, Azure DevOps Server, Azure HDInsight Jupyter, and .NET Framework.

On top of that, Redmond has resolved six denial-of-service (DoS) and two information disclosure flaws in MSMQ, and follows a number of other problems discovered in the same service that could result in remote code execution and DoS.

Three other vulnerabilities of note are CVE-2023-35388, CVE-2023-38182 (CVSS scores: 8.0), and CVE-2023-38185 (CVSS score: 8.8) – remote code execution flaws in Exchange Server – the first two of which have been tagged with an "Exploitation More Likely" assessment.

"The exploitation of CVE-2023-35388 and CVE-2023-38182 is somewhat restricted because of the need for an adjacent attack vector and valid exchange credentials," Natalie Silva, lead content engineer at Immersive Labs, said.

"This means the attacker needs to be connected to your internal network and be able to authenticate as a valid Exchange user before they can exploit these vulnerabilities. Any person who achieves this can carry out remote code execution using a PowerShell remoting session."

Microsoft further acknowledged the availability of a proof-of-concept (PoC) exploit for a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180, CVSS score: 7.5), noting that the "code or technique is not functional in all situations and may require substantial modification by a skilled attacker."

Lastly, the update also includes patches for five privilege escalation flaws in the Windows Kernel (CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154, CVSS scores: 7.8) that could be weaponized by a threat actor with local access to the target machine to gain SYSTEM privileges.

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apache Projects
*   Aruba Networks
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   Hitachi Energy
*   HP
*   IBM
*   Intel
*   Ivanti
*   Jenkins
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NVIDIA
*   PaperCut
*   Qualcomm
*   Samba
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   SolarWinds
*   Splunk
*   Synology
*   Trend Micro
*   Veritas
*   VMware
*   Zimbra
*   Zoho ManageEngine
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Azure Apache Ambari Spoofing Vulnerability

CVE-2023-36881

Azure Apache Hadoop Spoofing Vulnerability

CVE-2023-38188

Azure Apache Oozie Spoofing Vulnerability

CVE-2023-36877

CVE-2023-35393

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

Submitted by oretnom23 on Friday, December 2, 2022 - 14:30.

This project is entitled **Judging Management System**. It is a web-based application that was developed using **PHP Language** and **MySQL Database**. The application provides an online and automated judging system. I manage certain organizations' event contests. It has a pleasant user interface and consists of user-friendly features and functionalities.

****How does the Judging Management System work?****

**The Judging Management System** is an automated or electronic platform for managing and tallying certain contest scoring. This application allows certain organization management or staff to register on the system for free. **Organizer** or user can simply create their account by filling in all the required fields on the registration form. Registered organizers can create multiple events and sub-events. They can list the event contestants, judges, and criteria if the sub-event is activated. Judges can manage the score of the contestant using the system-generated judge code. The system also contains an Overall tally, tally by judges, contestant ranking, and event placing features.

****Features and Functionalities****

The **Judging Management System** project is consist of the following features and functionalities.

****Organizers****

*   **Manage Event List**
*   **Manage Sub-Event**
*   **Manage Sub-Event Settings**
    *   List of Contestant
    *   List of Judges
    *   Criteria Management
*   **Score Sheets Management**
    *   Live View of Scores
    *   View Contestant Scores per Judges
    *   Deduct Contestant Point(s)
    *   Generate Final Result
    *   Generate Over All Result
*   **Review Data**
*   **Manage Organizer's Basic and Company Information**
*   **Add/Edit Tabulator User**

****Tabulator****

*   **Live View of Scores**
*   **View Contestant Scores per Judges**
*   **Deduct Contestant Point(s)**
*   **Generate Final Result**
*   **Generate Over All Result**

****Judges****

*   **Manage Contestant Score**
*   **Update Contestant Score**
*   **View Tally**

****Snapshots****

Here are some snapshots of some pages of the **Judging Management System**

****Event List****

****Event's List of Judges****

****Judge Panel's Scoring Page****

****Judge Panel's Tally Page****

****Event's Contestant Scores Per Judge****

The **Judging Management System** project source code is available on this website. The source code is a modified copy and not developed from scratch _(unmodified copy was downloaded from http://freeproject24.com/php-judging-system-with-source-code-freeproject24/)_. Feel free to download the modified copy on this site.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****jms\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****jms\_db.sql**** located inside the **db** folder.
7.  **Browse** the **Judging Management System** in a **browser**. i.e. ****http://localhost/php-jms/****.

You can simply create your own organizer user by registering on the system.

That's it! I hope this **Judging Management System in PHP and MySQL Database Project** helps you with what you are looking for and that you'll find something useful also from the source code itself for your current and future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy :)****

*   4543 views

CVE-2023-37682: Judging Management System using PHP and MySQL Free Source Code

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.


CVE-2023-4009: Ops Manager Server Changelog — MongoDB Ops Manager 5.0

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?**

An attacker would have to send the victim a malicious file that the victim would have to execute.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20230712**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230712)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2023-38188: Azure Apache Hadoop Spoofing Vulnerability

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20230614**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230614)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

Tag

#apache