Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

The strange case of Great honeypot of China

Published: 2023-04-17

Last Updated: 2023-04-17 08:44:28 UTC

by Jan Kopriva (Version: 1)

Looking at changes that the internet as a whole goes through over time can be quite edifying. Since old servers are being decommissioned and new ones are being added all the time, the internet “landscape” can change significantly even over the course of a year or several months.

Because very few of us have ever had access to our own Carna botnet or other solution, which would enable us to periodically scan the entire public IP space, we have to depend on information provided to us by specialized services (e.g., Censys or Shodan), which conduct such scans on our behalf, to learn of these changes.

Since we are dependent on these third-party services, which are, from our viewpoint, basically “black boxes”, any large spikes that may be seen in data gathered from them may be the result of a real, rapid change in the public IP space, or the result of misconfiguration or error in some internal mechanism used by these services. And, unfortunately, it is not always easy to say which is which… Which holds true even for a recent spike in the number of honeypots that Shodan detected.

As I mentioned in some of my previous Diaries, I use my TriOp tool to periodically gather significant amounts of data from Shodan about the global internet landscape, as well as about the situation in different countries. Among other information, I use the tool to gather the number of devices that Shodan classifies as “medical” systems, which are accessible from the internet, and a few weeks ago, a script that I use to identify significant changes in the data started to generate daily notices about a sharp relative increase in such systems in China (and, several days later, about a corresponding relative increase on a global level).

Read the full entry:

https://isc.sans.edu/diary/The+strange+case+of+Great+honeypot+of+China/29750/

HTTP: What's Left of it and the OCSP Problem

Published: 2023-04-13

Last Updated: 2023-04-13 14:43:37 UTC

by Johannes Ullrich (Version: 1)

It has been well documented that most "web" traffic these days uses TLS, either as traditional HTTPS or the more modern QUIC protocol. So it is always interesting to see what traffic remains as HTTP.

Looking at the top TCP ports in my network:

325900 443

38191 22

31006 23

25884 80

22025 53

HTTPS is by far the top port (and most of the 22/23 connections are likely for my honeypot, and so are many of the port 80 connections.)

So let's dive into a bit more detail on my zeek HTTP logs. I use the JSON format for zeek logs and will use the "jq" tool to parse them instead of the usual "zeek-cut" tool.

Read the full entry:

https://isc.sans.edu/diary/HTTP+Whats+Left+of+it+and+the+OCSP+Problem/29744/

Internet Storm Center Entries


UDDIs are back? Attackers rediscovering old exploits. (2023.04.18)

https://isc.sans.edu/diary/UDDIs+are+back+Attackers+rediscovering+old+exploits/29754/

Microsoft April 2023 Patch Tuesday (2023.04.11)

https://isc.sans.edu/diary/Microsoft+April+2023+Patch+Tuesday/29736/

Apple Patching Two 0-Day Vulnerabilities in iOS and macOS (2023.04.07)

https://isc.sans.edu/diary/Apple+Patching+Two+0Day+Vulnerabilities+in+iOS+and+macOS/29726/

Recent CVEs




The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2023-29492 - Novi Survey before version 8.9.43676 allows remote code execution on the server in the context of the service account, without giving access to stored survey or response data.

Product: Novi Survey

CVSS Score: 9.8

** KEV since 2023-04-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29492

NVD References: https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx




CVE-2023-28252 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507 

CVSS Score: 7.8

** KEV since 2023-04-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28252

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252




CVE-2023-21554 - Microsoft Message Queuing Remote Code Execution Vulnerability

Product: Microsoft  Message Queuing

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21554

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554




CVE-2023-28250 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28250

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28250




CVE-2023-22897 - SecurePoint UTM before 12.2.5.1 allows authenticated users to retrieve uninitialized data via the firewall's endpoint /spcgi.cgi, leading to information disclosure of memory contents.

Product: SecurePoint UTM

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22897

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8454

NVD References: 

- http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html

- http://seclists.org/fulldisclosure/2023/Apr/8

- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt

- https://rcesecurity.com




CVE-2023-2033 - Chromium: CVE-2023-2033 Type Confusion in V8

Product: Google Chrome

CVSS Score: 0

** KEV since 2023-04-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2033

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033

NVD References: 

- https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

- https://crbug.com/1432210

- https://www.debian.org/security/2023/dsa-5390




CVE-2023-27497 - SAP Diagnostics Agent version 720 is vulnerable to code injection, allowing attackers to execute malicious scripts and compromise system confidentiality, integrity, and availability.

Product: Sap Diagnostics Agent

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27497

NVD References: 

- https://launchpad.support.sap.com/#/notes/3305369

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-28765 - SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430 allows attackers to compromise the application by accessing BI user passwords through a decrypted lcmbiar file.

Product: Sap Businessobjects Business Intelligence

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28765

NVD References: 

- https://launchpad.support.sap.com/#/notes/3298961

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-26121 - Safe-eval package is vulnerable to Prototype Pollution via its safeEval function.

Product: Safe-Eval Project 

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26121

NVD References: 

- https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9

- https://github.com/hacksparrow/safe-eval/issues/28

- https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062




CVE-2023-26122 - Safe-eval is vulnerable to Sandbox Bypass and RCE through prototype pollution exploitation in functions like defineGetter and valueOf.

Product: Safe-Eval Project 

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26122

NVD References: 

- https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce

- https://github.com/hacksparrow/safe-eval/issues/27

- https://github.com/hacksparrow/safe-eval/issues/31

- https://github.com/hacksparrow/safe-eval/issues/32

- https://github.com/hacksparrow/safe-eval/issues/33

- https://github.com/hacksparrow/safe-eval/issues/34

- https://github.com/hacksparrow/safe-eval/issues/35

- https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064




CVE-2023-25950 - HAProxy versions 2.7.0 and 2.6.1 to 2.6.7 are vulnerable to HTTP request/response smuggling, allowing remote attackers to alter user requests and potentially cause a DoS condition or obtain sensitive information.

Product: Haproxy 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25950

NVD References: 

- https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46

- https://jvn.jp/en/jp/JVN38170084/

- https://www.haproxy.org/




CVE-2023-27645 - POWERAMP audioplayer is vulnerable to privilege escalation via remote attack through reverb and EQ preset parameters in build 925 bundle play and build 954.

Product: Powerampapp 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27645

NVD References: 

- https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27645/CVE%20detail.md

- https://play.google.com/store/apps/details?id=com.maxmpz.audioplayer

- https://powerampapp.com/




CVE-2023-0645 - Libjxl is vulnerable to an out of bounds read that can be triggered by a specially crafted file and is mitigated by upgrading to version 0.8.1 or higher.

Product: Libjxl Project 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0645

NVD References: 

- https://github.com/libjxl/libjxl/pull/2101

- https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159




CVE-2022-41331 - FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access Redis and MongoDB instances via crafted authentication requests due to a missing authentication vulnerability (CWE-306).

Product: Fortinet Fortiproxy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41331

NVD References: https://fortiguard.com/psirt/FG-IR-22-355




CVE-2023-1983 - SourceCodester Sales Tracker Management System 1.0 is vulnerable to critical remote SQL injection through manipulation of the id parameter in /admin/products/manage_product.php.

Product: Sales Tracker Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1983

NVD References: 

- https://github.com/graywar1/bug_report/blob/main/SQLi.md

- https://vuldb.com/?ctiid.225530

- https://vuldb.com/?id.225530




CVE-2023-28808 - "Hikvision Hybrid SAN/Cluster Storage products are vulnerable to access control manipulation through crafted messages, enabling unauthorized admin access."

Product: Hikvision Hybrid SAN/Cluster Storage products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28808

NVD References: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/




CVE-2022-25678 - Memory correction in modem due to buffer overwrite during coap connection

Product: Qualcomm

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-25678

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-25740 - The modem is vulnerable to memory corruption caused by buffer overwrite during the creation of an IPv6 multicast address.

Product: Qualcomm

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-25740

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-25745 - Memory corruption in modem due to improper input validation while handling the incoming CoAP message

Product: Qualcomm 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-25745

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-33211 -  Memory corruption in modem due to improper check while calculating size of serialized CoAP message

Product: Qualcomm

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33211

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-33231 - Memory corruption due to double free in core while initializing the encryption key.

Product: Qualcomm

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33231

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-33259 - Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

Product: Nokia  modem

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33259

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-33269 - Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Product: Qualcom

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33269

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2022-33288 - Core is vulnerable to memory corruption caused by unchecked input size when sending SCM commands to retrieve write protection information.

Product: Core SCM command

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33288

NVD References: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin




CVE-2023-24509 - Arista EOS allows unprivileged users to log in as root on standby supervisor, leading to privilege escalation.

Product: Arista  EOS

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24509

NVD References: https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082




CVE-2023-1863 - Eskom's Water Metering Software before 23.04.06 is prone to SQL Injection allowing command line execution.

Product: Eskom  Water Metering Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1863

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0225




CVE-2023-1617 - B&R Industrial Automation's VC4 VNC-Server modules have an Improper Authentication vulnerability that could allow an unauthenticated attacker to bypass authentication and access affected devices.

Product: B&R Industrial Automation  B&R VC4

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1617

NVD References: https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf




CVE-2023-1803 - DTS Electronics Redline Router firmware before 7.17 allows Authentication Bypass through an Alternate Name vulnerability.

Product: DTS Electronics Redline Router

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1803

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0227




CVE-2023-1833 - DTS Electronics Redline Router firmware before 7.17 is vulnerable to an authentication bypass.

Product: DTS Electronics Redline Router

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1833

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0227




CVE-2022-3748 - Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Access Management: from 6.5.0 through 7.2.0.

Product: ForgeRock Inc.  Access Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3748

NVD References: 

- https://backstage.forgerock.com/downloads/browse/am/all/productId:am

- https://backstage.forgerock.com/knowledge/kb/article/a34332318

- https://backstage.forgerock.com/knowledge/kb/article/a92134872




CVE-2023-29199 - vm2 versions up to 3.9.15 allow for unsanitized host exceptions to leak, enabling attackers to execute code remotely; patched in version 3.9.16.

Product: vm2 vendor

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29199

NVD References: 

- https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c

- https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7

- https://github.com/patriksimek/vm2/issues/516

- https://github.com/patriksimek/vm2/releases/tag/3.9.16

- https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985




CVE-2023-2027 - ZM Ajax Login & Register plugin for WordPress up to and including 2.0.2 allows unauthenticated attackers to bypass authentication via insufficient verification during Facebook login, granting access to any user account.

Product: ZM  Ajax Login & Register plugin for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2027

NVD References: 

- https://plugins.trac.wordpress.org/browser/zm-ajax-login-register/trunk/src/ALRSocial/ALRSocialFacebook.php#L58

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d01ec-54ef-456b-9410-ed013343a962?source=cve




CVE-2023-29201 - XWiki is vulnerable to JavaScript injection through the "restricted" mode of its HTML cleaner, which can allow for server-side code execution with programming rights.

Product: XWiki Commons

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29201

NVD References: 

- https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dc5623b2

- https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f3720c6182

- https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35j

- https://jira.xwiki.org/browse/XCOMMONS-1680

- https://jira.xwiki.org/browse/XCOMMONS-2426

- https://jira.xwiki.org/browse/XWIKI-9118




CVE-2023-29202 - XWiki Commons allows for arbitrary HTML and JavaScript injection due to a lack of cleaning in the RSS macro.

Product: XWiki Commons

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29202

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr

- https://jira.xwiki.org/browse/XWIKI-19671




CVE-2023-29205 -  XWiki Commons' HTML macro allows for an XSS attack due to inadequate neutralization of script-related html tags, but has been fixed in version 14.8RC1.

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29205

NVD References: 

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24

- https://jira.xwiki.org/browse/XWIKI-18568




CVE-2023-29206 - XWiki Commons allowed users with only Edit Rights to craft scripts and perform unauthorized operations, but this has been patched in version 14.9-rc-1.

Product: XWiki Commons

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29206

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx

- https://jira.xwiki.org/browse/XWIKI-19514

- https://jira.xwiki.org/browse/XWIKI-19583

- https://jira.xwiki.org/browse/XWIKI-9119




CVE-2023-29209 - XWiki Commons allows arbitrary code execution due to improper macro parameter escaping in the legacy notification activity macro, potentially granting full access to the XWiki installation.

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29209

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q

- https://jira.xwiki.org/browse/XWIKI-20258




CVE-2023-29210 - XWiki Commons allows users to execute arbitrary code due to improper escaping of macros, leading to full access to the XWiki installation, but has been patched in versions 13.10.11, 14.4.7, and 14.10.

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29210

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x

- https://jira.xwiki.org/browse/XWIKI-20259




CVE-2023-29211 - XWiki Commons allows any user with view rights `WikiManager.DeleteWiki` to execute arbitrary code and gain full access to the XWiki installation due to improper escaping of the `wikiId` url parameter (now patched in versions 13.10.11, 14.4.7, and 14.10).

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29211

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4

- https://jira.xwiki.org/browse/XWIKI-20297




CVE-2023-29212 - XWiki Commons allows for arbitrary code execution by users with edit rights due to improper page escaping, fixed in versions 14.4.7 and 14.10.

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29212

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475

- https://jira.xwiki.org/browse/XWIKI-20293




CVE-2023-29214 - XWiki Commons allows arbitrary code execution giving full access to the XWiki installation, due to improper escaping in the IncludedDocuments panel, now patched in 14.4.7 and 14.10.

Product: XWiki Commons

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29214

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh

- https://jira.xwiki.org/browse/XWIKI-20306




CVE-2023-29507 - XWiki Commons Document script API allows unauthorized execution of scripts due to a vulnerability in setting any document author, but has been patched in versions 14.10 and 14.4.7.

Product: XWiki Commons

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29507

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c

- https://jira.xwiki.org/browse/XWIKI-20380




CVE-2023-29509 - XWiki Commons allows execution of arbitrary code by unauthorized users through a macro vulnerability in `FlamingoThemesCode.WebHome`.

Product: XWiki FlamingoThemesCode

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29509

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4

- https://jira.xwiki.org/browse/XWIKI-20279




CVE-2023-29511 - XWiki Platform allows any user with edit rights to execute arbitrary code and gain full access to the installation due to improper escaping of section ids, patched in versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29511

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668

- https://jira.xwiki.org/browse/XWIKI-20261




CVE-2023-30537 - XWiki Platform allows any user to execute arbitrary code and gain full access to the installation due to improper escaping of styles properties in the `FlamingoThemesCode.WebHome` page.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30537

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp

- https://jira.xwiki.org/browse/XWIKI-20280




CVE-2023-29213 - The XWiki Platform's `org.xwiki.platform:xwiki-platform-logging-ui` is vulnerable to remote code execution when a user with programming rights visits a crafted URL.

Product: XWiki  xwiki-platform-logging-ui

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29213

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg

- https://jira.xwiki.org/browse/XWIKI-20291




CVE-2023-29510 - XWiki Platform allows remote code execution through unrestricted translation additions by users, but can be mitigated by upgrading to version 14.10.2 or 15.0 RC1.

Product: XWiki Platform

CVSS Score: 9.9 

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29510

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw

- https://jira.xwiki.org/browse/XWIKI-19749




CVE-2023-29512 - XWiki Platform allows any user with edit rights to execute arbitrary code and gain full access to the installation due to improper escaping of information in certain pages, which has been patched in newer versions and requires user upgrade.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29512

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96

- https://jira.xwiki.org/browse/XWIKI-20267




CVE-2023-29514 - XWiki Platform allows remote code execution through a user with edit rights on any document.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29514

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j

- https://jira.xwiki.org/browse/XWIKI-20268




CVE-2023-29516 -  XWiki Platform allows arbitrary code execution through improper escaping in the "Cancel and return to page" button, giving full access to the XWiki installation for any user with view rights on XWiki.AttachmentSelector.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29516

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f

- https://jira.xwiki.org/browse/XWIKI-20275




CVE-2023-29518 - XWiki Platform allows arbitrary code execution for any user with view rights due to improper escaping of `Invitation.InvitationCommon`, but the vulnerability has been patched in recent versions.

Product: XWiki Platform Invitation.InvitationCommon

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29518

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9

- https://jira.xwiki.org/browse/XWIKI-20283




CVE-2023-29519 - XWiki Platform allows for remote code execution and privilege escalation by injecting code into the "property" field of an attachment selector in a registered user's own dashboard gadget.

Product: XWiki Platform attachment selector

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29519

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww

- https://jira.xwiki.org/browse/XWIKI-20364




CVE-2023-29522 - XWiki Platform allows remote code execution and unrestricted read and write access to all wiki contents through a crafted payload on a non-existing page.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29522

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w

- https://jira.xwiki.org/browse/XWIKI-20456




CVE-2023-29523 - XWiki Platform allows remote code execution and unrestricted read and write access to all wiki contents by any user who can edit their own user profile.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29523

NVD References: 

- https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application

- https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx

- https://jira.xwiki.org/browse/XWIKI-20327




CVE-2023-29524 - XWiki Platform allows unauthorized execution of code through the Scheduler Application sheet page, which was patched in version 14.10.3 and 15.0 RC1.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29524

NVD References: 

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h

- https://jira.xwiki.org/browse/XWIKI-20295

- https://jira.xwiki.org/browse/XWIKI-20462




CVE-2023-29525 - XWiki Platform is vulnerable to code injection via the `since` parameter in the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint, allowing for privilege escalation and code execution.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29525

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766

- https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj

- https://jira.xwiki.org/browse/XWIKI-20287




CVE-2023-29526 - XWiki Platform allows unauthorized page access and code injection through the async and display macros.

Product: XWiki Platform 

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29526

NVD References: 

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5

- https://jira.xwiki.org/browse/XRENDERING-694

- https://jira.xwiki.org/browse/XWIKI-20394




CVE-2023-29527 - XWiki Platform allows unauthorized code execution through the wiki editor when a user edits a document with groovy script content.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29527

NVD References: 

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr

- https://jira.xwiki.org/browse/XWIKI-20423




CVE-2023-1723 - Veragroup Mobile Assistant before 21.S.2343 allows SQL Injection due to improper neutralization of special elements in an SQL command.

Product: Veragroup  Mobile Assistant

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1723

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0228




CVE-2023-1873 - Faturamatik Bircard before 23.04.05 is vulnerable to SQL Injection.

Product: Faturamatik  Bircard

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1873

NVD References: 

- https://www.faturamatik.com.tr/tr/hizmetlerimiz/bircard

- https://www.usom.gov.tr/bildirim/tr-23-0231




CVE-2023-30769 - The vulnerable product allows attackers to disrupt peer-to-peer communications and take nodes offline by crafting and sending consensus messages or attacking unpatched nodes found by crawling the network.

Product: Dogecoin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30769

NVD References: 

- https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks

- https://www.halborn.com/disclosures




CVE-2023-24501 - Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.

Product: Electra  Central AC unit

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24501

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories




CVE-2023-30547 - vm2 sandbox (versions up to 3.9.16) allows attackers to execute arbitrary code in host context due to an exception sanitization vulnerability.

Product: vm2  sandbox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30547

NVD References: 

- https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244

- https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049

- https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5

- https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m




CVE-2023-28839 - Shoppingfeed PrestaShop add-on (versions 1.4.0 to 1.8.2) is vulnerable to SQL injection due to lack of input sanitization, fixed in version 1.8.3, with no known workarounds.

Product: Shoppingfeed  PrestaShop

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28839

NVD References: 

- https://github.com/shoppingflux/module-prestashop/pull/209

- https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf




CVE-2023-29411 - Java RMI interface allows remote code execution and changes to administrative credentials due to missing authentication for critical function (CWE-306).

Product: Schneider Electric Java RMI interface

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29411

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf




CVE-2023-29412 - The Java RMI interface in an application is vulnerable to remote code execution due to improper case sensitivity handling.

Product: Schneider Electric

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29412

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf




CVE-2023-28004 - The vulnerable product has an improper validation of array index causing denial of service or remote code execution.

Product: Schneider Electric

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28004

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf