SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 27
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
July 2023 Microsoft Patch Update
Published: 2023-07-11
Last Updated: 2023-07-11 20:37:11 UTC
by Scott Fendley (Version: 1)
Today's Microsoft patch Tuesday addresses 132 vulnerabilities. Nine of the vulnerabilities are rated as Critical, and 6 of these are listed as exploited prior in the wild.
In particular, CVE-2023-36884 includes a remote code execution vulnerability via Microsoft Word documents and was linked to the Storm-0978 threat actor. Microsoft Threat Intelligence has a blog entry which discusses this situation. Take special note of the mitigations which are recommended, as updates will likely be released out-of-cycle for this one.
Other exploited vulnerabilities include:
CVE-2023-35311 is a Microsoft Outlook Security Feature bypass which was being exploited in the wild which worked in the preview pane and bypasses security warning.
CVE-2023-32046 is an actively exploited privilege elevation vulnerability in Windows MSHTML which could be exploited by opening a specially crafted file in email or a malicious website.
CVE-2023-32049 is a security feature bypass vulnerability with Windows SmartScreen which was being exploited to prevent the Open File - Security Warning prompt when downloading/opening files from the Internet.
CVE-2023-36874 is an actively exploited privilege escalation flaw which could allow threat actors to gain local administrator privileges. Attackers would need to have local access to the targeted machine and the user be able to create folder and performance traces to fully exploit this vulnerability.
Microsoft also issued a high-impact advisory (ADV230001) where attackers where abusing the drivers being certified by Microsoft's Windows Hardware Developer Program (MWHDP) as a post-exploitation activity. The implicated developer accounts were suspected, and Microsoft has taken steps to untrust drivers which were improperly certified.
Read the full entry:
https://isc.sans.edu/diary/July+2023+Microsoft+Patch+Update/30018/
Loader activity for Formbook "QM18"
Published: 2023-07-12
Last Updated: 2023-07-12 02:34:30 UTC
by Brad Duncan (Version: 1)
Introduction
In recent weeks, I've run across loaders related to GuLoader or ModiLoader/DBatLoader. I wrote about one in my previous diary last month. That loader for Remcos RAT was identified by @Gi7w0rm as GuLoader. Today I ran across another loader based on a tweet from @V3n0mStrike about recent Formbook activity.
Today's diary briefly reviews this activity based from an infection run on Tuesday 2023-07-11.
[...]
Email Distribution
After viewing the tweet from @V3n0mStrike, I searched through VirusTotal and found at least two emails with the associated .docx file attachment.
[...]
Indicators of Compromise
The following are indicators of compromise (IOCs) after using the .docx attachment to kick off an infection run.
Read the full entry:
https://isc.sans.edu/diary/Loader+activity+for+Formbook+QM18/30020/
DShield pfSense Client Update
Published: 2023-06-30
Last Updated: 2023-06-30 00:01:06 UTC
by Yee Ching Tok (Version: 1)
The SANS Internet Storm Center (ISC) developed the DShield pfSense client in 2017 to support the ingestion of pfSense firewall logs into the DShield project. The pfSense project has also evolved over the years, with some changes in the offerings. With the advent of pfSense Community Edition (CE) 2.7.0 and pfSense Plus 23.01, updates to the DShield client were required to fix unintended issues.
I am pleased to share that the DShield pfSense client has been updated and tested to be working* with pfSense CE 2.7.0 Release Candidate (RC) (just in time before pfSense CE 2.7.0-RELEASE is released on the targeted date of June 29, 2023), pfSense Plus 23.01-RELEASE as well as pfSense CE 2.6.0-RELEASE. To take a look at the DShield pfSense client, please visit the GitHub repository here. If you are a pfSense user and would like to participate in the DShield project, please refer to my previous diary [6] for the steps required to set it up.
Read the full entry:
https://isc.sans.edu/diary/DShield+pfSense+Client+Update/29994/
Internet Storm Center Entries
DSSuite (Didier's Toolbox) Docker Image Update (2023.07.07)
https://isc.sans.edu/diary/DSSuite+Didiers+Toolbox+Docker+Image+Update/30008/
IDS Comparisons with DShield Honeypot Data (2023.07.06)
https://isc.sans.edu/diary/IDS+Comparisons+with+DShield+Honeypot+Data/30002/
Analysis Method for Custom Encoding (2023.07.05)
https://isc.sans.edu/diary/Analysis+Method+for+Custom+Encoding/29946/
Controlling network access to ICS systems (2023.07.03)
https://isc.sans.edu/diary/Controlling+network+access+to+ICS+systems/30000/
Sandfly Security (2023.07.01)
https://isc.sans.edu/diary/Sandfly+Security/29998/
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT (2023.06.29)
https://isc.sans.edu/diary/GuLoader+or+DBatLoaderModiLoaderstyle+infection+for+Remcos+RAT/29990/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-32057 - Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35309 - Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-33150 - Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities
Product: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35365NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35366NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35367ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35365- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367CVE-2023-36884 - Office and Windows HTML Remote Code Execution VulnerabilityProduct: Microsoft Windows and OfficeCVSS Score: 8.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36884ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows APIProduct: Microsoft Windows Vista CVSS Score: 0** KEV since 2021-11-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-0199ISC Diary: https://isc.sans.edu/diary/30020CVE-2023-21631 - Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.Product: Qualcomm 315 5GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21631NVD References: https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletinCVE-2023-3504 - SmartWeb Infotech Job Board 1.0 is vulnerable to unrestricted upload in the My Profile Page component, allowing remote attackers to manipulate the filename and launch an attack.Product: Smartweb Infotech Job Board Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3504NVD References: - https://vuldb.com/?ctiid.232952- https://vuldb.com/?id.232952CVE-2021-46890, CVE-2021-46891 - GPU module of the product lacks proper read and write permission verification, leading to potential impact on service confidentiality, integrity, and availability.Product: Huawei EMUICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-46890NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-46891NVD References: https://consumer.huawei.com/en/support/bulletin/2023/7/NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858CVE-2023-36934 - MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4) allows an unauthenticated attacker to gain unauthorized database access through a SQL injection vulnerability.Product: Progress MOVEit TransferCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36934NVD References: - https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023- https://www.progress.com/moveitCVE-2020-25969 - gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().Product: GnuplotProject CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-25969NVD References: https://sourceforge.net/p/gnuplot/bugs/2311/CVE-2023-35924 - GLPI inventory endpoint in versions prior to 10.0.8 allows unauthenticated SQL injection attacks, but can be mitigated by disabling native inventory.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35924NVD References: - https://github.com/glpi-project/glpi/releases/tag/10.0.8- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmmCVE-2023-36808 - GLPI is vulnerable to SQL injection attacks in versions prior to 10.0.8, allowing malicious actors to exploit Computer Virtual Machine form and GLPI inventory request.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36808NVD References: - https://github.com/glpi-project/glpi/releases/tag/10.0.8- https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjmCVE-2023-22319 - Milesight VPN v2.0.2 is vulnerable to an SQL injection flaw in its LoginAuth functionality, allowing an attacker to bypass authentication via a specially-crafted network request.Product: Milesight VPNCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22319NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701CVE-2023-23902 - Milesight UR32L v32.3.0.5 is vulnerable to a remote code execution due to a buffer overflow in its uhttpd login functionality.Product: Milesight UR32LCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23902NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1697CVE-2023-36459 - Mastodon, a free and open-source social network server, is vulnerable to cross-site scripting (XSS) attacks due to insufficient HTML sanitization in oEmbed preview cards.Product: MastodonCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36459NVD References: - http://www.openwall.com/lists/oss-security/2023/07/06/5- https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa…
CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability
CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API
CVE-2023-21631 - Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVE-2023-3504 - SmartWeb Infotech Job Board 1.0 is vulnerable to unrestricted upload in the My Profile Page component, allowing remote attackers to manipulate the filename and launch an attack.
CVE-2021-46890, CVE-2021-46891 - GPU module of the product lacks proper read and write permission verification, leading to potential impact on service confidentiality, integrity, and availability.
CVE-2023-36934 - MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4) allows an unauthenticated attacker to gain unauthorized database access through a SQL injection vulnerability.
CVE-2020-25969 - gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
CVE-2023-35924 - GLPI inventory endpoint in versions prior to 10.0.8 allows unauthenticated SQL injection attacks, but can be mitigated by disabling native inventory.
CVE-2023-36808 - GLPI is vulnerable to SQL injection attacks in versions prior to 10.0.8, allowing malicious actors to exploit Computer Virtual Machine form and GLPI inventory request.
CVE-2023-22319 - Milesight VPN v2.0.2 is vulnerable to an SQL injection flaw in its LoginAuth functionality, allowing an attacker to bypass authentication via a specially-crafted network request.
CVE-2023-23902 - Milesight UR32L v32.3.0.5 is vulnerable to a remote code execution due to a buffer overflow in its uhttpd login functionality.
CVE-2023-36459 - Mastodon, a free and open-source social network server, is vulnerable to cross-site scripting (XSS) attacks due to insufficient HTML sanitization in oEmbed preview cards.
CVE-2023-36460 - Mastodon allows attackers to create arbitrary files and achieve remote code execution through carefully crafted media files.
CVE-2023-35987 - PiiGAB M-Bus contains hard-coded credentials which it uses for authentication.
CVE-2021-33796 - In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
CVE-2021-32494 - Radare2's Mach-O parser's rebase_buffer function has a division by zero vulnerability, allowing for malicious inputs causing denial of service.
CVE-2021-32495 - Radare2 has a use-after-free vulnerability in its pyc parser's get_none_object function, allowing attackers to read freed memory and cause denial of service.
CVE-2022-4361 - Keycloak has a cross-site scripting (XSS) vulnerability that allows attackers to execute malicious scripts via the SAML or OIDC providers by manipulating URLs.
CVE-2023-37261 - OpenComputers is a Minecraft mod that enables unauthorized access and information exposure in versions 1.2.0 to 1.8.3, allowing players to potentially pivot or escalate privileges, gain access to metadata servers, and compromise the hosting provider's network.
CVE-2023-37262 - CC: Tweaked, a mod for Minecraft, allows unauthorized access to sensitive information via metadata services API endpoints on popular cloud hosting providers, potentially leading to privilege escalation or pivoting into the hosting provider.
Product: CC Tweaked MinecraftCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37262NVD References: - https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm- https://github.com/cc-tweaked/CC-Tweaked/blob/96847bb8c28df51e5e49f2dd2978ff6cc4e2821b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java#L116-L126- https://github.com/cc-tweaked/CC-Tweaked/commit/4bbde8c50c00bc572578ab2cff609b3443d10ddf- https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2- https://github.com/dan200/ComputerCraft/issues/170CVE-2023-37286 - SmartSoft SmartBPM.NET has a vulnerability that allows an unauthenticated remote attacker to execute arbitrary code and disrupt service by exploiting a hard-coded machine key.Product: SmartSoft SmartBPM.NETCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37286NVD References: https://www.twcert.org.tw/tw/cp-132-7221-438c6-1.htmlCVE-2023-37287 - SmartBPM.NET has a hard-coded authentication key vulnerability that allows unauthenticated remote attackers to access the system, read application data, and execute submission and approval processes with regular user privilege.Product: SmartBPM.NETCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37287NVD References: https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.htmlCVE-2021-42081 - An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.Product: OSNEXUS QuantaStor before 6.0.0.355CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42081NVD References: - https://csirt.divd.nl/CVE-2021-42081- https://www.osnexus.com/products/software-defined-storage- https://www.wbsec.nl/osnexusCVE-2021-4406 - An administrator is able to execute commands as root via the alerts management dialogProduct: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver …
CVE-2021-42081 - An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
Product: OSNEXUS QuantaStor before 6.0.0.355CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42081NVD References: - https://csirt.divd.nl/CVE-2021-42081- https://www.osnexus.com/products/software-defined-storage- https://www.wbsec.nl/osnexusCVE-2021-4406 - An administrator is able to execute commands as root via the alerts management dialogProduct: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is v…
CVE-2021-4406 - An administrator is able to execute commands as root via the alerts management dialog
Product: OSNEXUS QuantaStor version 6.0.0.355 and otehrsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4406NVD References: - https://csirt.divd.nl/CVE-2021-4406- https://www.divd.nl/DIVD-2021-00020- https://www.osnexus.com/products/software-defined-storageCVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.Product: Yontem Informatics Vehicle Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2046NVD References: https://www.usom.gov.tr/bildirim/tr-23-0389CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.Product: Softmed SelfPatronCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2852NVD References: https://www.usom.gov.tr/bildirim/tr-23-0388CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 -…
CVE-2023-2046 - Yontem Informatics Vehicle Tracking System before 8 is vulnerable to SQL Injection.
CVE-2023-2852 - Softmed SelfPatron before 2.0 allows SQL Injection.
CVE-2023-32250 - The Linux kernel's ksmbd is vulnerable to code execution due to a lack of proper locking in the processing of SMB2_SESSION_SETUP commands.
Product: Linux kernelProduct: ksmbd CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32250NVD References: - https://access.redhat.com/security/cve/CVE-2023-32250- https://bugzilla.redhat.com/show_bug.cgi?id=2208849- https://www.zerodayinitiative.com/advisories/ZDI-23-698/CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing. Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 - The affected RUGGEDCOM ROX series devices are vulnerable to command injection through the install-app URL parameter, potentially enabling an authenticated remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36751NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36752 - The RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, and RUGGEDCOM ROX RX5000 products are vulnerable to command injection through the upgrade-app URL parameter, allowing an attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOMCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36752NVD Referenc…
CVE-2023-32254 - The Linux kernel's ksmbd is vulnerable to code execution due to improper locking during SMB2_TREE_DISCONNECT command processing.
Product: Linux kernel's ksmbdCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32254NVD References: - https://access.redhat.com/security/cve/CVE-2023-32254- https://bugzilla.redhat.com/show_bug.cgi?id=2191658- https://www.zerodayinitiative.com/advisories/ZDI-23-702/CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.Product: Tise Technology Parking Web ReportCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3045NVD References: https://www.usom.gov.tr/bildirim/tr-23-0387CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.Product: XWiki PlatformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37277NVD References: - https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6- https://jira.xwiki.org/browse/XWIKI-20135CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34347NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.Product: ShareFile storage zones controller CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24489NVD References: https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.Product: SAP NetWeaver ABAPCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36922NVD References: - https://me.sap.com/notes/3350297- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.Product: BlueMark Innovations DroneScout ds230CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31191NVD References: - https://download.bluemark.io/dronescout/firmware/history.txt- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31191/CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.Product: SIMATIC CN 4100CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdfCVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROX MX5000RECVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36750NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36751 - The affected RUGGEDCOM ROX series devices are vulnerable to command injection through the install-app URL parameter, potentially enabling an authenticated remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36751NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36752 - The RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, and RUGGEDCOM ROX RX5000 products are vulnerable to command injection through the upgrade-app URL parameter, allowing an attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOMCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36752NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdfCVE-2023-36753 - The RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 devices are vulnerable to command injection via the uninstall-app App-name parameter in the web interface, potentially allowing a privileged remote attacker to execute arbitrary code with root privileges.Product: Siemens RUGGEDCOM ROXCVSS Score: 9…
CVE-2023-3045 - Tise Technology Parking Web Report before 2.1 allows SQL Injection.
CVE-2023-37277 - XWiki Platform allows cross-site request forgery (CSRF) attacks through its REST API, enabling remote code execution and impacting the integrity, availability, and confidentiality of the system.
CVE-2023-34347 - Delta Electronics InfraSuite Device Master versions prior to 1.0.7 allows remote code execution through unserialized classes.
CVE-2023-24489 - Customer-managed ShareFile storage zones controller is susceptible to remote compromise by an unauthenticated attacker.
CVE-2023-36922 - SAP NetWeaver ABAP (IS-OIL) versions 600-806 allow an authenticated attacker to inject arbitrary operating system commands, resulting in unauthorized access and potential system shutdown.
CVE-2023-31191 - The DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection, allowing an attacker to inject high power spoofed ODID messages to force the receiver to drop real RID information and transmit crafted RID information instead, compromising the access to drones’ real RID information.
CVE-2023-29130 - SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.
CVE-2023-36750 - The RUGGEDCOM ROX series (All versions < V2.16.0) is vulnerable to command injection through the software-upgrade Url parameter, allowing authenticated attackers to execute arbitrary code with root privileges.
CVE-2023-36751 - The affected RUGGEDCOM ROX series devices are vulnerable to command injection through the install-app URL parameter, potentially enabling an authenticated remote attacker to execute arbitrary code with root privileges.
CVE-2023-36752 - The RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536, and RUGGEDCOM ROX RX5000 products are vulnerable to command injection through the upgrade-app URL parameter, allowing an attacker to execute arbitrary code with root privileges.
CVE-2023-36753 - The RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 devices are vulnerable to command injection via the uninstall-app App-name parameter in the web interface, potentially allowing a privileged remote attacker to execute arbitrary code with root privileges.
CVE-2023-36754 - The RUGGEDCOM ROX products are vulnerable to command injection in the web interface's SCEP server configuration URL parameter, enabling authenticated remote attackers to execute arbitrary code with root privileges.
CVE-2023-36755 - The affected RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 products are vulnerable to command injection via the SCEP CA Certificate Name parameter in the web interface, enabling attackers to execute arbitrary code.
CVE-2023-2746 - The Rockwell Automation Enhanced HIM software is vulnerable to a CSRF attack due to insufficient protection of its API and incorrect CORS settings, potentially leading to sensitive information disclosure and remote access.
CVE-2023-21526 - Windows Netlogon Information Disclosure Vulnerability
CVE-2023-21756 - Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-29347 - Windows Admin Center Spoofing Vulnerability
CVE-2023-32038 - Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-32044, CVE-2023-32045 - Microsoft Message Queuing Denial of Service Vulnerabilities
CVE-2023-32047 - Paint 3D Remote Code Execution Vulnerability
CVE-2023-32050 - Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32051 - Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-32053 - Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32054 - Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-32056 - Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-32084 - HTTP.sys Denial of Service Vulnerability
CVE-2023-33127 - .NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-33134 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33148 - Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-33149 - Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-33152 - Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33154 - Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-33155 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-33157 - Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-33160 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33159 - Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-33158 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33161 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33163 - Windows Network Load Balancing Remote Code Execution Vulnerability
Product: Microsoft Windows Network Load BalancingCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33163ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163CVE-2023-33170 - ASP.NET and Visual Studio Security Feature Bypass VulnerabilityProduct: Microsoft ASP.NET and Visual StudioCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33170ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170CVE-2023-33171 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityProduct: Microsoft Dynamics 365CVSS Score: 8.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33171ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33171CVE-2023-35297 - Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35297ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35297CVE-2023-35298 - HTTP.sys Denial of Service VulnerabilityProduct: Microsoft HTTP.sysCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35298ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35298CVE-2023-35299 - Windows Common Log File System Driver Elevation of Privilege VulnerabilityProduct: Microsoft Windows Common Log File System DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35299ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35299CVE-2023-35300 - Remote Procedure Call Runtime Remote Code Execution VulnerabilityProduct: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35300ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35300CVE-2023-35302 - Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityProduct: Microsoft PostScript and PCL6 Class Printer DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35302ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35302CVE-2023-35303 - USB Audio Class System Driver Remote Code Execution VulnerabilityProduct: Not enough information is provided in the given vulnerability description to determine the vendor and product names. CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35303ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35303CVE-2023-35304, CVE-2023-35305 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35304NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35305ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35304MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35305CVE-2023-35312 - Microsoft VOLSNAP.SYS Elevation of Privilege VulnerabilityProduct: Microsoft VOLSNAP.SYSCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35312ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35312CVE-2023-35313 - Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution VulnerabilityProduct: Microsoft Windows Online Certificate Status Protocol (OCSP) SnapInCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35313ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35313CVE-2023-35315 - Windows Layer-2 Bridge Network Driver Remote Code Execution VulnerabilityProduct: Microsoft Windows Layer-2 Bridge Network DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35315ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35315CVE-2023-35317 - Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityProduct: Microsoft Windows Server Update Service (WSUS)CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35317ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35317CVE-2023-35320 - Connected User Experiences and Telemetry Elevation of Privilege VulnerabilityProduct: Microsoft Connected User Experiences and TelemetryCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35320ISC Diary: https://isc.sans.edu/diary/30018MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-…
CVE-2023-33171 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-35297 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-35298 - HTTP.sys Denial of Service Vulnerability
CVE-2023-35299 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-35300 - Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-35302 - Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-35303 - USB Audio Class System Driver Remote Code Execution Vulnerability
CVE-2023-35304, CVE-2023-35305 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2023-35312 - Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
CVE-2023-35313 - Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability
CVE-2023-35315 - Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2023-35317 - Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-35320 - Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35322 - Windows Deployment Services Remote Code Execution Vulnerability
CVE-2023-35323 - Windows OLE Remote Code Execution Vulnerability
CVE-2023-35325 - Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-35328 - Windows Transaction Manager Elevation of Privilege Vulnerability
CVE-2023-35330 - Windows Extended Negotiation Denial of Service Vulnerability
CVE-2023-35333 - MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
CVE-2023-35335 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-35337 - Win32k Elevation of Privilege Vulnerability
CVE-2023-35338 - Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVE-2023-35339 - Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-35340 - Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-35342 - Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35343 - Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2023-35347 - Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35350 - Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35352 - Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-35358, CVE-2023-35360, CVE-2023-35361, CVE-2023-35363, CVE-2023-35364 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2023-35362 - Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-35374 - Paint 3D Remote Code Execution Vulnerability
CVE-2023-36825 - Decidim is vulnerable to remote code execution due to a deserialization issue in the `_state` query parameter, fixed in version `14.5.0` and later.
CVE-2023-36867 - Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2023-24492 - Citrix Secure Access client for Ubuntu is vulnerable to remote code execution through an attacker-crafted link if a user accepts malicious prompts.
CVE-2023-32033 - Microsoft Failover Cluster Remote Code Execution Vulnerability
CVE-2023-32034, CVE-2023-32035 - Remote Procedure Call Runtime Denial of Service Vulnerabilities
CVE-2023-32037 - Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVE-2023-32039 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32040 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32041 - Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-32042 - OLE Automation Information Disclosure Vulnerability
CVE-2023-32043 - Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-32052 - Microsoft Power Apps (online) Spoofing Vulnerability
CVE-2023-32055 - Active Template Library Elevation of Privilege Vulnerability
CVE-2023-32083 - Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2023-32085 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-33151 - Microsoft Outlook Spoofing Vulnerability
CVE-2023-33153 - Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33156 - Microsoft Defender Elevation of Privilege Vulnerability
CVE-2023-33162 - Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33164 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33165 - Microsoft SharePoint Server Security Feature Bypass Vulnerability
CVE-2023-33166 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33167 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33168 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33169 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33172 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33173 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33174 - Windows Cryptographic Information Disclosure Vulnerability
CVE-2023-35296 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35306 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35308 - Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35310 - Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35314 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35316 - Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-35318 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35319 - Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35321 - Windows Deployment Services Denial of Service Vulnerability
CVE-2023-35324 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35326 - Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35329 - Windows Authentication Denial of Service Vulnerability
CVE-2023-35331 - Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2023-35332 - Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35336 - Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35341 - Microsoft DirectMusic Information Disclosure Vulnerability
CVE-2023-35344 - Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35345 - Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35346 - Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35351 - Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35373 - Mono Authenticode Validation Spoofing Vulnerability
CVE-2023-36868 - Azure Service Fabric on Windows Information Disclosure Vulnerability
CVE-2023-36871 - Azure Active Directory Security Feature Bypass Vulnerability
CVE-2023-36872 - VP9 Video Extensions Information Disclosure Vulnerability
CVE-2023-35348 - Active Directory Federation Service Security Feature Bypass Vulnerability
Sponsors
Palo Alto Networks
*********** Sponsored By Palo Alto Networks ***********Come join Palo Alto Networks at the Network Security Summit. You will hear about the future of network security, learn how AI is your ally in the digital future, and experience hands-on labs from security experts. Register here:
Carahsoft
Register today for the Government Security Solutions Forum on Thursday, July 20th. This free virtual event brings a wealth of knowledgeable experts together for a series of presentations and panel discussions that will offer advice and guidance on how to best counteract the threats of today, and protect your security program for tomorrow. Don't miss it, save your seat today!
Randori
Tune in on Thursday, July 27 for the FREE Building Red Team Capability Solutions Forum 2023 - Hear directly from leaders who are using emerging innovations to close the time gap and inspire confidence as they move from reacting to anticipating. | Register now:
HackerOne
We invite you to take the 2023 SANS Attack Surface Management and Implications for Offensive Security Survey! Share your insights about your external attack surface, and you'll be entered into our drawing for a chance to win a $250 Amazon gift card | Take the survey: