The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

July 2023 Microsoft Patch Update

Published: 2023-07-11

Last Updated: 2023-07-11 20:37:11 UTC

by Scott Fendley (Version: 1)

Today's Microsoft patch Tuesday addresses 132 vulnerabilities. Nine of the vulnerabilities are rated as Critical, and 6 of these are listed as exploited prior in the wild.

In particular, CVE-2023-36884 includes a remote code execution vulnerability via Microsoft Word documents and was linked to the Storm-0978 threat actor. Microsoft Threat Intelligence has a blog entry which discusses this situation. Take special note of the mitigations which are recommended, as updates will likely be released out-of-cycle for this one.

Other exploited vulnerabilities include:

CVE-2023-35311 is a Microsoft Outlook Security Feature bypass which was being exploited in the wild which worked in the preview pane and bypasses security warning.

CVE-2023-32046 is an actively exploited privilege elevation vulnerability in Windows MSHTML which could be exploited by opening a specially crafted file in email or a malicious website.

CVE-2023-32049 is a security feature bypass vulnerability with Windows SmartScreen which was being exploited to prevent the Open File - Security Warning prompt when downloading/opening files from the Internet.

CVE-2023-36874 is an actively exploited privilege escalation flaw which could allow threat actors to gain local administrator privileges. Attackers would need to have local access to the targeted machine and the user be able to create folder and performance traces to fully exploit this vulnerability.

Microsoft also issued a high-impact advisory (ADV230001) where attackers where abusing the drivers being certified by Microsoft's Windows Hardware Developer Program (MWHDP) as a post-exploitation activity. The implicated developer accounts were suspected, and Microsoft has taken steps to untrust drivers which were improperly certified.

Read the full entry:

https://isc.sans.edu/diary/July+2023+Microsoft+Patch+Update/30018/

Loader activity for Formbook "QM18"

Published: 2023-07-12

Last Updated: 2023-07-12 02:34:30 UTC

by Brad Duncan (Version: 1)

Introduction

In recent weeks, I've run across loaders related to GuLoader or ModiLoader/DBatLoader. I wrote about one in my previous diary last month. That loader for Remcos RAT was identified by @Gi7w0rm as GuLoader. Today I ran across another loader based on a tweet from @V3n0mStrike about recent Formbook activity.

Today's diary briefly reviews this activity based from an infection run on Tuesday 2023-07-11.

[...]

Email Distribution

After viewing the tweet from @V3n0mStrike, I searched through VirusTotal and found at least two emails with the associated .docx file attachment.

[...]

Indicators of Compromise

The following are indicators of compromise (IOCs) after using the .docx attachment to kick off an infection run.

Read the full entry:

https://isc.sans.edu/diary/Loader+activity+for+Formbook+QM18/30020/

DShield pfSense Client Update

Published: 2023-06-30

Last Updated: 2023-06-30 00:01:06 UTC

by Yee Ching Tok (Version: 1)

The SANS Internet Storm Center (ISC) developed the DShield pfSense client in 2017 to support the ingestion of pfSense firewall logs into the DShield project. The pfSense project has also evolved over the years, with some changes in the offerings. With the advent of pfSense Community Edition (CE) 2.7.0 and pfSense Plus 23.01, updates to the DShield client were required to fix unintended issues.

I am pleased to share that the DShield pfSense client has been updated and tested to be working* with pfSense CE 2.7.0 Release Candidate (RC) (just in time before pfSense CE 2.7.0-RELEASE is released on the targeted date of June 29, 2023), pfSense Plus 23.01-RELEASE as well as pfSense CE 2.6.0-RELEASE. To take a look at the DShield pfSense client, please visit the GitHub repository here. If you are a pfSense user and would like to participate in the DShield project, please refer to my previous diary [6] for the steps required to set it up.

Read the full entry:

https://isc.sans.edu/diary/DShield+pfSense+Client+Update/29994/

DSSuite (Didier's Toolbox) Docker Image Update (2023.07.07)

https://isc.sans.edu/diary/DSSuite+Didiers+Toolbox+Docker+Image+Update/30008/

IDS Comparisons with DShield Honeypot Data (2023.07.06)

https://isc.sans.edu/diary/IDS+Comparisons+with+DShield+Honeypot+Data/30002/

Analysis Method for Custom Encoding (2023.07.05)

https://isc.sans.edu/diary/Analysis+Method+for+Custom+Encoding/29946/

Controlling network access to ICS systems (2023.07.03)

https://isc.sans.edu/diary/Controlling+network+access+to+ICS+systems/30000/

Sandfly Security (2023.07.01)

https://isc.sans.edu/diary/Sandfly+Security/29998/

GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT (2023.06.29)

https://isc.sans.edu/diary/GuLoader+or+DBatLoaderModiLoaderstyle+infection+for+Remcos+RAT/29990/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35365NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35366NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35367ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35365- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367CVE-2023-36884 - Office and Windows HTML Remote Code Execution VulnerabilityProduct: Microsoft Windows and OfficeCVSS Score: 8.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36884ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows APIProduct: Microsoft Windows Vista CVSS Score: 0** KEV since 2021-11-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-0199ISC Diary: https://isc.sans.edu/diary/30020CVE-2023-21631 - Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.Product: Qualcomm 315 5GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21631NVD References: https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletinCVE-2023-3504 - SmartWeb Infotech Job Board 1.0 is vulnerable to unrestricted upload in the My Profile Page component, allowing remote attackers to manipulate the filename and launch an attack.Product: Smartweb Infotech Job Board Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3504NVD References: - https://vuldb.com/?ctiid.232952- https://vuldb.com/?id.232952CVE-2021-46890, CVE-2021-46891 -  GPU module of the product lacks proper read and write permission verification, leading to potential impact on service confidentiality, integrity, and availability.Product: Huawei EMUICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-46890NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-46891NVD References: https://consumer.huawei.com/en/support/bulletin/2023/7/NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858CVE-2023-36934 - MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4) allows an unauthenticated attacker to gain unauthorized database access through a SQL injection vulnerability.Product: Progress MOVEit TransferCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36934NVD References: - https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023- https://www.progress.com/moveitCVE-2020-25969 - gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().Product: GnuplotProject CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-25969NVD References: https://sourceforge.net/p/gnuplot/bugs/2311/CVE-2023-35924 - GLPI inventory endpoint in versions prior to 10.0.8 allows unauthenticated SQL injection attacks, but can be mitigated by disabling native inventory.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35924NVD References: - https://github.com/glpi-project/glpi/releases/tag/10.0.8- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmmCVE-2023-36808 - GLPI is vulnerable to SQL injection attacks in versions prior to 10.0.8, allowing malicious actors to exploit Computer Virtual Machine form and GLPI inventory request.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36808NVD References: - https://github.com/glpi-project/glpi/releases/tag/10.0.8- https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjmCVE-2023-22319 - Milesight VPN v2.0.2 is vulnerable to an SQL injection flaw in its LoginAuth functionality, allowing an attacker to bypass authentication via a specially-crafted network request.Product: Milesight VPNCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22319NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701CVE-2023-23902 - Milesight UR32L v32.3.0.5 is vulnerable to a remote code execution due to a buffer overflow in its uhttpd login functionality.Product: Milesight UR32LCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23902NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1697CVE-2023-36459 -  Mastodon, a free and open-source social network server, is vulnerable to cross-site scripting (XSS) attacks due to insufficient HTML sanitization in oEmbed preview cards.Product: MastodonCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36459NVD References: - http://www.openwall.com/lists/oss-security/2023/07/06/5- https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa…

Product: CC Tweaked MinecraftCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37262NVD References: - https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm- https://github.com/cc-tweaked/CC-Tweaked/blob/96847bb8c28df51e5e49f2dd2978ff6cc4e2821b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java#L116-L126- https://github.com/cc-tweaked/CC-Tweaked/commit/4bbde8c50c00bc572578ab2cff609b3443d10ddf- https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2- https://github.com/dan200/ComputerCraft/issues/170CVE-2023-37286 - SmartSoft SmartBPM.NET has a vulnerability that allows an unauthenticated remote attacker to execute arbitrary code and disrupt service by exploiting a hard-coded machine key.Product: SmartSoft SmartBPM.NETCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37286NVD References: https://www.twcert.org.tw/tw/cp-132-7221-438c6-1.htmlCVE-2023-37287 - SmartBPM.NET has a hard-coded authentication key vulnerability that allows unauthenticated remote attackers to access the system, read application data, and execute submission and approval processes with regular user privilege.Product: SmartBPM.NETCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37287NVD References: https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.htmlCVE-2021-42081 - An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.Product: OSNEXUS QuantaStor before 6.0.0.355CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42081NVD References: - https://csirt.divd.nl/CVE-2021-42081- https://www.osnexus.com/products/software-defined-storage- https://www.wbsec.nl/osnexusCVE-2021-4406 - An administrator is able to execute commands as root via the alerts management dialogProduct: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver …

Product: OSNEXUS QuantaStor before 6.0.0.355CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42081NVD References: - https://csirt.divd.nl/CVE-2021-42081- https://www.osnexus.com/products/software-defined-storage- https://www.wbsec.nl/osnexusCVE-2021-4406 - An administrator is able to execute commands as root via the alerts management dialogProduct: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is v…

Product: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 -…

Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 - The affected RUGGEDCOM ROX series devices are vulnerable to command injection through the install-app URL parameter, potentially enabling an authenticated remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36751NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36752 -  The RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, and RUGGEDCOM ROX RX5000 products are vulnerable to command injection through the upgrade-app URL parameter, allowing an attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOMCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36752NVD Referenc…

Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 - The affected RUGGEDCOM ROX series devices are vulnerable to command injection through the install-app URL parameter, potentially enabling an authenticated remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36751NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36752 -  The RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, and RUGGEDCOM ROX RX5000 products are vulnerable to command injection through the upgrade-app URL parameter, allowing an attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOMCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36752NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36753 - The RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 devices are vulnerable to command injection via the uninstall-app App-name parameter in the web interface, potentially allowing a privileged remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9…

Product: Microsoft Windows Network Load BalancingCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33163ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163CVE-2023-33170 - ASP.NET and Visual Studio Security Feature Bypass VulnerabilityProduct: Microsoft ASP.NET and Visual StudioCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33170ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170CVE-2023-33171 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityProduct: Microsoft Dynamics 365CVSS Score: 8.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33171ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33171CVE-2023-35297 - Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35297ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35297CVE-2023-35298 - HTTP.sys Denial of Service VulnerabilityProduct: Microsoft HTTP.sysCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35298ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35298CVE-2023-35299 - Windows Common Log File System Driver Elevation of Privilege VulnerabilityProduct: Microsoft Windows Common Log File System DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35299ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35299CVE-2023-35300 - Remote Procedure Call Runtime Remote Code Execution VulnerabilityProduct: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35300ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35300CVE-2023-35302 - Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityProduct: Microsoft PostScript and PCL6 Class Printer DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35302ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35302CVE-2023-35303 - USB Audio Class System Driver Remote Code Execution VulnerabilityProduct: Not enough information is provided in the given vulnerability description to determine the vendor and product names. CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35303ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35303CVE-2023-35304, CVE-2023-35305 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35304NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35305ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35304MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35305CVE-2023-35312 - Microsoft VOLSNAP.SYS Elevation of Privilege VulnerabilityProduct: Microsoft VOLSNAP.SYSCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35312ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35312CVE-2023-35313 - Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution VulnerabilityProduct: Microsoft Windows Online Certificate Status Protocol (OCSP) SnapInCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35313ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35313CVE-2023-35315 - Windows Layer-2 Bridge Network Driver Remote Code Execution VulnerabilityProduct: Microsoft  Windows Layer-2 Bridge Network DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35315ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35315CVE-2023-35317 - Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityProduct: Microsoft Windows Server Update Service (WSUS)CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35317ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35317CVE-2023-35320 - Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityProduct: Microsoft Connected User Experiences and TelemetryCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35320ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-…