SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 13
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Updates Everything (including Studio Display)
Published: 2023-03-27
Last Updated: 2023-03-27 21:01:22 UTC
by Johannes Ullrich (Version: 1)
Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vulnerability (CVE-2023-23529). Current operating systems received a patch for this vulnerability mid January.
Noteworthy is also that this is the first time, as far as I can recall, that we got a security update for the Studio Display firmware. Firmware updates were released before for the studio display, but they fixed non-security bugs.
Read the full entry:
https://isc.sans.edu/diary/Apple+Updates+Everything+including+Studio+Display/29682/
Microsoft Released an Update for Windows Snipping Tool Vulnerability
Published: 2023-03-25
Last Updated: 2023-03-25 19:56:15 UTC
by Guy Bruneau (Version: 1)
To exploit this vulnerability, the image must be created under very specific condition listed here.
According to the information provided by Microsoft, "The default Snipping Tool in Windows 10 and older versions are unaffected. Only Snip & Sketch in Windows 10 and Snipping Tool in Windows 11 are affected by this vulnerability. A security update has been released for these applications, which are available through the Microsoft Store."[1]
This is the information provide to verify if the system is affected:
For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later contain this update.
For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later contain this update.
Read the full entry:
Cropping and Redacting Images Safely
Published: 2023-03-23
Last Updated: 2023-03-23 16:09:10 UTC
by Johannes Ullrich (Version: 1)
The recent "acropalypse" vulnerabilities in Android and Windows 11 showed yet again the dangers of relying on image processing tools to redact images [1][2]. While many image formats are still fundamentally "pixel" based, many have gone beyond simple "array of pixel" formats. Added compression, metadata, and other optimization features can make it difficult to remove information from images. This is not a new issue and has been a problem many times [3].
In some cases, image modifications are just appended to the original image file and overlayed as the image is displayed. Or files retain older versions to allow users to "undo" edits. And of course there are "bugs" like what we had with the recent image issues.
Here are some approaches to make image redaction safer. But please use them with caution.
Read the full entry:
https://isc.sans.edu/diary/Cropping+and+Redacting+Images+Safely/29666/
Internet Storm Center Entries
Network Data Collector Placement Makes a Difference (2023.03.28)
https://isc.sans.edu/diary/Network+Data+Collector+Placement+Makes+a+Difference/29664/
Another Malicious HTA File Analysis - Part 1 (2023.03.27)
https://isc.sans.edu/diary/Another+Malicious+HTA+File+Analysis+Part+1/29674/
CyberChef Version 10 Released (2023.03.26)
https://isc.sans.edu/diary/CyberChef+Version+10+Released/29672/
Extra: "String Obfuscation: Character Pair Reversal" (2023.03.26)
https://isc.sans.edu/diary/Extra+String+Obfuscation+Character+Pair+Reversal/29656/
Recent CVEs
CVE-2023-23529 - A type confusion issue was addressed with improved checks.
CVE-2023-20861 - Spring Framework is vulnerable to a denial-of-service (DoS) attack due to a specially crafted SpEL expression in older unsupported versions up to 6.0.6, 5.3.25, and 5.2.22.RELEASE.
CVE-2023-26360 - Adobe ColdFusion is vulnerable to arbitrary code execution due to an Improper Access Control issue in versions 2018 Update 15 and earlier, and 2021 Update 5 and earlier.
CVE-2023-26359 - Adobe ColdFusion is vulnerable to a Deserialization of Untrusted Data flaw that allows for arbitrary code execution without user interaction.
CVE-2023-27935 - A remote user may be able to cause unexpected app termination or arbitrary code execution. The issue was addressed with improved bounds checks.
CVE-2023-27934 - A memory initialization issue was addressed.
CVE-2012-10009 - 404like Plugin up to 1.0.2 is vulnerable to remote SQL injection via the checkPage function in 404Like.php when the searchWord argument is manipulated, with an available patch in version 1.0.2 (2c4b589d27554910ab1fd104ddbec9331b540f7f).
CVE-2023-1537 - Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1153 - Pacsrapor before 1.22 allows SQL Injection and command line execution through SQL Injection.
CVE-2022-45637 - MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 has an insecure password reset vulnerability through an insecure expiry mechanism.
CVE-2023-27569 - The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
CVE-2023-27570 - The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.
CVE-2023-25684 - IBM Security Guardium Key Lifecycle Manager versions 3.0 to 4.1.1 are susceptible to SQL injection attacks, which can lead to unauthorized access and alteration of the backend database.
CVE-2018-25082 - The zwczou WeChat SDK Python 0.3.0 is vulnerable to a critical issue in the validate/to_xml function, allowing for remote initiation of an attack through xml external entity reference manipulation, which can be addressed by upgrading to version 0.5.5 with patch e54abadc777715b6dcb545c13214d1dea63df6c9.
CVE-2023-26497 - Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125 is vulnerable to memory corruption during Session Description Negotiation for Video Configuration Attribute.
CVE-2023-26498 - Samsung Baseband Modem Chipset is vulnerable to memory corruption caused by improper checking of properties in the SDP module when parsing the chatroom attribute.
CVE-2023-26496 - Samsung Baseband Modem Chipset is vulnerable to memory corruption caused by improper parameter length checking while parsing fmtp attribute in the SDP module.
CVE-2023-27855 - Rockwell Automation's ThinManager ThinServer allows unauthenticated remote attackers to upload arbitrary files and potentially gain remote code execution by exploiting a path traversal vulnerability.
CVE-2023-28725 - The General Bytes Crypto Application Server (CAS) on BATM devices allowed remote attackers to execute arbitrary Java code by uploading a Java application to a specific directory, fixed in 20221118.48 and 20230120.44.
CVE-2023-25589 - ClearPass Policy Manager has a vulnerability that allows unauthenticated remote attackers to create arbitrary users and achieve total cluster compromise.
CVE-2023-1556 - SourceCodester Judging Management System 1.0 is vulnerable to remote SQL injection via manipulation of the main_event_id argument in summary_results.php (VDB-223549).
CVE-2023-1557 - SourceCodester E-Commerce System 1.0 is vulnerable to improper access controls through manipulation of the USERID argument in /ecommerce/admin/user/controller.php?action=edit.
CVE-2023-1558 - Simple and Beautiful Shopping Cart System 1.0 is vulnerable to a critical remote file upload exploit (VDB-223551).
CVE-2023-1561 - Simple Online Hotel Reservation System 1.0 allows unrestricted remote file upload through the add_room.php function (VDB-223554).
CVE-2023-1563 - SourceCodester Student Study Center Desk Management System 1.0 is vulnerable to remote SQL injection via manipulation of the 'id' parameter in the /admin/assign/assign.php file.
CVE-2023-1564 - SourceCodester Air Cargo Management System 1.0 is vulnerable to SQL injection via the file "admin/transactions/update_status.php" when manipulating the argument "id".
CVE-2023-27637 - Tshirtecommerce component 2.1.4 for PrestaShop allows SQL injection via compromised product_id GET parameter in designer.php, exploited in March 2023.
CVE-2023-27638 - Tshirtecommerce component 2.1.4 for PrestaShop is vulnerable to SQL injection via a forged HTTP request with a compromised tshirtecommerce_design_cart_id GET parameter, leading to exploitation in March 2023.
CVE-2023-1566 - SourceCodester Medical Certificate Generator App 1.0 is vulnerable to remote SQL injection via manipulation of the argument id in unknown code of action.php (VDB-223558).
CVE-2023-1571 - DataGear up to 4.5.0 is vulnerable to SQL injection through manipulation of the argument queryOrder, and can be initiated remotely, but upgrading to version 4.5.1 can address the issue.
CVE-2023-27224 - NginxProxyManager v.2.9.19 is vulnerable to arbitrary code execution via a lua script to the configuration file.
CVE-2023-28662 - The Gift Cards WordPress Plugin version <= 4.3.1 has an unauthenticated SQL injection vulnerability in the template parameter.
CVE-2023-28667 - The Lead Generated WordPress Plugin version <= 1.23 has an unauthenticated insecure deserialization issue that could lead to PHP object injection.
CVE-2023-27060 - LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.
CVE-2023-27100 - Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allow bypass of brute force protection via crafted web requests in the SSHGuard component.
CVE-2022-28494 - TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is susceptible to command injection that allows attackers to execute arbitrary commands via a crafted request in the setUpgradeFW function using the filename parameter.
CVE-2022-28492 - TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
CVE-2022-28491 - The TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is vulnerable to command injection via the NTPSyncWithHost function.
CVE-2022-28493 - A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
CVE-2022-28497 - TOTOlink outdoor CPE CP900 V6.3c.566_B20171026 has a command injection vulnerability that lets attackers execute arbitrary commands via a crafted request in the mtd_write_bootloader function.
CVE-2022-28495 - The TOTOlink outdoor CPE CP900 V6.3c.566_B20171026 is susceptible to command injection via the webWlanIdx parameter, allowing attackers to execute arbitrary commands.
CVE-2023-27135 - TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
CVE-2023-24655 - Simple Customer Relationship Management System v1.0 has a SQL injection vulnerability via the name parameter in Profile Update.
CVE-2023-26114 - Code-server before version 4.10.1 is vulnerable to Missing Origin Validation in WebSocket handshakes, allowing adversaries to access data and connect to the instance in specific scenarios.
CVE-2022-22512 - VARTA Storage products in multiple versions have hard-coded credentials in their Web-UI, allowing unauthorized access to administrative privileges via network.
CVE-2023-1050 - As Koc Energy Web Report System is vulnerable to SQL Injection before version 23.03.10.
CVE-2023-1589 - SourceCodester Online Tours & Travels Management System 1.0 is vulnerable to a critical SQL injection in the admin/operations/approve_delete.php file's exec function, allowing for remote exploitation (VDB-223654).
CVE-2023-1590 - SourceCodester's Online Tours & Travels Management System 1.0 is susceptible to SQL injection through the exec function of the file admin/operations/currency.php, allowing remote access to attackers using the disclosed exploit, VDB-223655.
CVE-2023-1591 - SourceCodester Automatic Question Paper Generator System 1.0 is vulnerable to remote SQL injection via manipulation of the id/email argument in classes/Users.php?f=save_ruser (VDB-223659).
CVE-2023-1592 - SourceCodester Automatic Question Paper Generator System 1.0 is vulnerable to remote SQL injection via the "id" parameter in the "view_class.php" file.
CVE-2023-1594 - Novel-plus 3.6.2 is vulnerable to a remote SQL injection attack due to a critical flaw in the MenuService function of the sys/menu/list file.
Product: Novel-Plus Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1594NVD References: - https://github.com/OYyunshen/Poc/blob/main/Novel-PlusV3.6.2Sqli.pdf- https://vuldb.com/?ctiid.223662- https://vuldb.com/?id.223662CVE-2023-1606 - Novel-plus 3.6.2 is vulnerable to a critical SQL injection in DictController.java's orderby argument, allowing for remote attacks.Product: Novel-Plus Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1606NVD References: - https://github.com/OYyunshen/Poc/blob/main/Novel-PlusSqli1.pdf- https://vuldb.com/?ctiid.223736- https://vuldb.com/?id.223736CVE-2023-27078 - "TP-Link MR3020 v.1_150921 is vulnerable to remote command injection via a crafted request to the tftp endpoint."Product: TP-Link MR3020CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27078NVD References: https://github.com/B2eFly/Router/blob/main/TPLINK/MR3020/1.mdCVE-2023-28610 - OMICRON StationGuard and OMICRON StationScout before 2.21 are vulnerable to remote root access by exploiting the update process with a modified firmware update image.Product: OMICRON Energy StationGuard and StationScoutCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28610NVD References: - https://www.omicronenergy.com/en/support/product-security/- https://www.omicronenergy.com/fileadmin/user_upload/website/files/product-security/osa-5.txtCVE-2023-28611 - OMICRON StationGuard and StationScout allow unauthorized access due to incorrect authorization.Product: OMICRON Energy StationGuard and StationScoutCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28611NVD References: - https://www.omicronenergy.com/en/support/product-security/- https://www.omicronenergy.com/fileadmin/user_upload/website/files/product-security/osa-6.txtCVE-2023-1608 - Zhong Bang CRMEB Java up to 1.3.4 is vulnerable to remote sql injection via the getAdminList function in the /api/admin/store/product/list file with manipulated cateId argument (VDB-223738).Product: CRMEB JavaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1608NVD References: - https://github.com/crmeb/crmeb_java/issues/11- https://vuldb.com/?ctiid.223738-https://vuldb.com/?id.223738CVE-2023-25654 - baserCMS prior to version 4.7.5 has a Remote Code Execution (RCE) Vulnerability in its management system.Product: baserCMS CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25654NVD References: - https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96- https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359- https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0- https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5CVE-2023-25655 - baserCMS allows any file to be uploaded prior to version 4.7.5, but a patch is included in version 4.7.5.Product: baserCMS CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25655NVD References: - https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100- https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd- https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5- https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8CVE-2023-1612 - Rebuild version up to 3.2.3 is vulnerable to remote SQL injection via manipulation of the file /files/list-file.Product: Ruifang-Tech RebuildCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1612NVD References: - https://github.com/getrebuild/rebuild/issues/598- https://vuldb.com/?ctiid.223743- https://vuldb.com/?id.223743CVE-2023-27034 - PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.Product: Joommasters Jms BlogCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27034NVD References: https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsblog.htmlCVE-2023-28445 - Deno is vulnerable to an out-of-bound read/write caused by resizable ArrayBuffers passed to asynchronous functions that are shrunk during operation in Deno 1.32.0.CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28445NVD References: - https://github.com/denoland/deno/pull/18395- https://github.com/denoland/deno/releases/tag/v1.32.1- https://github.com/denoland/deno/security/advisories/GHSA-c25x-cm9x-qqgxCVE-2023-1177 - Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.Product: Lfprojects MlflowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1177NVD References: - https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28CVE-2022-20532 - Android is vulnerable to remote escalation of privilege due to an integer overflow in MPEG4Extractor.cpp.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-20532NVD References: h…
CVE-2023-27078 - "TP-Link MR3020 v.1_150921 is vulnerable to remote command injection via a crafted request to the tftp endpoint."
CVE-2023-28610 - OMICRON StationGuard and OMICRON StationScout before 2.21 are vulnerable to remote root access by exploiting the update process with a modified firmware update image.
CVE-2023-28611 - OMICRON StationGuard and StationScout allow unauthorized access due to incorrect authorization.
CVE-2023-1608 - Zhong Bang CRMEB Java up to 1.3.4 is vulnerable to remote sql injection via the getAdminList function in the /api/admin/store/product/list file with manipulated cateId argument (VDB-223738).
CVE-2023-25654 - baserCMS prior to version 4.7.5 has a Remote Code Execution (RCE) Vulnerability in its management system.
CVE-2023-25655 - baserCMS allows any file to be uploaded prior to version 4.7.5, but a patch is included in version 4.7.5.
CVE-2023-1612 - Rebuild version up to 3.2.3 is vulnerable to remote SQL injection via manipulation of the file /files/list-file.
CVE-2023-27034 - PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
Product: Joommasters Jms BlogCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27034NVD References: https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsblog.htmlCVE-2023-28445 - Deno is vulnerable to an out-of-bound read/write caused by resizable ArrayBuffers passed to asynchronous functions that are shrunk during operation in Deno 1.32.0.CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28445NVD References: - https://github.com/denoland/deno/pull/18395- https://github.com/denoland/deno/releases/tag/v1.32.1- https://github.com/denoland/deno/security/advisories/GHSA-c25x-cm9x-qqgxCVE-2023-1177 - Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.Product: Lfprojects MlflowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1177NVD References: - https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e- https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28CVE-2022-20532 - Android is vulnerable to remote escalation of privilege due to an integer overflow in MPEG4Extractor.cpp.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-20532NVD References: https://source.android.com/security/bulletin/pixel/2023-03-01CVE-2022-42498 - Android Pixel cellular firmware allows remote code execution without additional privileges due to a missing bounds check.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42498NVD References: https://source.android.com/security/bulletin/pixel/2023-03-01CVE-2022-42499 - Android kernel in sms_MmConManagement.c allows remote code execution via out of bounds write due to heap buffer overflow without user interaction.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42499NVD References: https://source.android.com/security/bulletin/pixel/2023-03-01CVE-2023-28444 - angular-server-side-configuration is vulnerable when used in a monorepo setup, allowing exposure of backend environment variables, but can be mitigated in version 15.1.0 with a new `searchPattern` option or manual editing of the ngssc.json file.CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28444NVD References: - https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86- https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0- https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5CVE-2023-25668 - TensorFlow prior to versions 2.12.0 and 2.11.1 allows attackers to execute remote code or cause a crash by accessing uncontrolled heap memory.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25668NVD References: - https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96CVE-2023-28437 - Dataease is vulnerable to SQL injection due to a missing blacklist, fixed in version 1.18.5 with no known workarounds.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28437NVD References: - https://github.com/dataease/dataease/issues/4795- https://github.com/dataease/dataease/releases/tag/v1.18.5- https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56CVE-2023-24838 - HGiga PowerStation allows an unauthenticated remote attacker to obtain the administrator's credential and perform arbitrary system operation or disrupt service due to an Information Leakage vulnerability.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24838NVD References: https://www.twcert.org.tw/tw/cp-132-6957-d8f67-1.htmlCVE-2023-25909 - HGiga OAKlouds allows unauthenticated remote attackers to upload and execute arbitrary files.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25909NVD References: https://www.twcert.org.tw/tw/cp-132-6973-45872-1.htmlCVE-2022-4126 - ABB RCCMD is vulnerable to default password use, allowing for easy access with common or default usernames on Windows, Linux, and MacOS before version 4.40 230207.CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4126NVD References: https://search.abb.com/library/Download.aspx?DocumentID=2CMT006099_EN&LanguageCode=en&DocumentPartId=&Action=LaunchCVE-2023-1133 - Delta Electronics InfraSuite Device Master versions prior to 1.0.5 allows unauthenticated remote code execution due to UDP packets being deserialized by the device-status service.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1133NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02CVE-2023-1136 - Delta Electronics InfraSuite Device Master versions prior to 1.0.5 allow unauthenticated attackers to bypass authentication by generating a valid token.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1136NVD References: https://www.cisa.gov/news-events/ics-advisories/i…
CVE-2023-1177 - Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
CVE-2022-20532 - Android is vulnerable to remote escalation of privilege due to an integer overflow in MPEG4Extractor.cpp.
CVE-2022-42498 - Android Pixel cellular firmware allows remote code execution without additional privileges due to a missing bounds check.
CVE-2022-42499 - Android kernel in sms_MmConManagement.c allows remote code execution via out of bounds write due to heap buffer overflow without user interaction.
Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-42499NVD References: https://source.android.com/security/bulletin/pixel/2023-03-01CVE-2023-28444 - angular-server-side-configuration is vulnerable when used in a monorepo setup, allowing exposure of backend environment variables, but can be mitigated in version 15.1.0 with a new `searchPattern` option or manual editing of the ngssc.json file.CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28444NVD References: - https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86- https://github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0- https://github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5CVE-2023-25668 - TensorFlow prior to versions 2.12.0 and 2.11.1 allows attackers to execute remote code or cause a crash by accessing uncontrolled heap memory.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25668NVD References: - https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96CVE-2023-28437 - Dataease is vulnerable to SQL injection due to a missing blacklist, fixed in version 1.18.5 with no known workarounds.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28437NVD References: - https://github.com/dataease/dataease/issues/4795- https://github.com/dataease/dataease/releases/tag/v1.18.5- https://github.com/dataease/dataease/security/advisories/GHSA-7j7j-9rw6-3r56CVE-2023-24838 - HGiga PowerStation allows an unauthenticated remote attacker to obtain the administrator's credential and perform arbitrary system operation or disrupt service due to an Information Leakage vulnerability.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24838NVD References: https://www.twcert.org.tw/tw/cp-132-6957-d8f67-1.htmlCVE-2023-25909 - HGiga OAKlouds allows unauthenticated remote attackers to upload and execute arbitrary files.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25909NVD References: https://www.twcert.org.tw/tw/cp-132-6973-45872-1.htmlCVE-2022-4126 - ABB RCCMD is vulnerable to default password use, allowing for easy access with common or default usernames on Windows, Linux, and MacOS before version 4.40 230207.CVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4126NVD References: https://search.abb.com/library/Download.aspx?DocumentID=2CMT006099_EN&LanguageCode=en&DocumentPartId=&Action=LaunchCVE-2023-1133 - Delta Electronics InfraSuite Device Master versions prior to 1.0.5 allows unauthenticated remote code execution due to UDP packets being deserialized by the device-status service.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1133NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02CVE-2023-1136 - Delta Electronics InfraSuite Device Master versions prior to 1.0.5 allow unauthenticated attackers to bypass authentication by generating a valid token.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1136NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02CVE-2023-1140 - Delta Electronics InfraSuite Device Master versions prior to 1.0.5 allow unauthenticated remote code execution by an attacker in the context of an administrator.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1140NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02CVE-2022-46415 - The DJI Spark 01.00.0900 is vulnerable to remote attacks that exhaust the DHCP IP address pool, preventing legitimate terminal connections by an attacker who has guessed the password of the device's internal Wi-Fi network and sent many DHCP requests.CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46415NVD References: - https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-54q2-3r2m-9pgm- https://smartstore.naver.com/chachablues/products/6617613337- https://smartstore.naver.com/hancomawesome-tech/products/5367473135CVE-2022-46416 - Parrot Bebop 4.7.1 is vulnerable to DHCP exhaustion attacks, allowing remote attackers to prevent legitimate terminal connections by flooding the IP address pool.CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46416NVD References: - https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-4xx4-r27p-wcrv- https://smartstore.naver.com/chachablues/products/6617613337- https://smartstore.naver.com/hancomawesome-tech/products/5367473135CVE-2022-3682 - The Hitachi Energy SDM600 is vulnerable to arbitrary code execution via specially crafted messages uploaded by an attacker due to file permission validation issues in versions prior to 1.2 FP3 HF4.Product: Hitachi Energy SDM600CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3682NVD References: https://search.abb.com…
CVE-2022-3682 - The Hitachi Energy SDM600 is vulnerable to arbitrary code execution via specially crafted messages uploaded by an attacker due to file permission validation issues in versions prior to 1.2 FP3 HF4.
Sponsors
SANS
*********** Sponsored By SANS ***********Calling all DevSecOps practitioners! Take the annual SANS 2023 DevSecOps Survey today to share your insights with the cyber community about how DevSecOps practices are maturing as they gain mainstream adoption. Your time is valuable, upon completion you will be entered into our drawing for a chance to win a $400 Amazon gift card.Take the survey:
Corelight, Inc.
Featured session as a part of SANS 2023 on Tuesday, April 4th at 12:30pm ET | SOC Visibility Triad, Why You Need NDR Alongside EDR - Join us as we demo popular EDR tools and give analyst workflow examples and use cases. | Register now:
BlackBerry
Join Chris Crowley on Wednesday, April 5th at 10:30am ET for this upcoming whitepaper discussion - Managed Detection and Response: Optimizing External Expertise | Register now:
Sumo Logic | AWS
Upcoming webcast on Tuesday, April 13th at 10:30am ET | Cloud Security: Does the Endpoint Still Matter? | Register now: