The Consensus Security Vulnerability Alert

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.CVE-2023-21715 - Microsoft Publisher Security Features Bypass VulnerabilityCVSS Score: 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21715ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege VulnerabilityCVSS Score: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23376ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376CVE-2023-21823 - Windows Graphics Component Remote Code Execution VulnerabilityCVSS Score: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21823ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823CVE-2023-21716 - Microsoft Word Remote Code Execution VulnerabilityCVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CNVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21716ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716CVE-2023-21803 - Windows iSCSI Discovery Service Remote Code Execution VulnerabilityCVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CNVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21803ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803CVE-2023-21689, CVE-2023-21690, and CVE-2023-21692 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilitiesCVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CNVD: - https://nvd.nist.gov/vuln/detail/CVE-2023-21689- https://nvd.nist.gov/vuln/detail/CVE-2023-21690- https://nvd.nist.gov/vuln/detail/CVE-2023-21692ISC Diary: https://isc.sans.edu/diary/29548MSFT Details: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692CVE-2022-31249 - A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.CVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31249NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1200299CVE-2022-43757 - A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.CVSS Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43757NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1205295CVE-2022-24990 - TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.CVSS Score: 0CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H** KEV since 2023-02-10 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24990NVD References: - https://forum.terra-master.com/en/viewforum.php?f=28- https://github.com/0xf4n9x/CVE-2022-24990- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732CVE-2023-24813 - Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified…