SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 31
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft August 2023 Patch Tuesday
Published: 2023-08-08
Last Updated: 2023-08-08 17:55:38 UTC
by Renato Marinho (Version: 1)
This month we got patches for 88 vulnerabilities. Of these, 6 are critical, and 2 are already being exploited, according to Microsoft.
One of the exploited vulnerabilities is .NET and Visual Studio Denial of Service Vulnerability (CVE-2023-38180). The max severity for the vulnerability is important and the CVSS is 7.5.
The other exploited vulnerability is Microsoft Office Defense in Depth Update (ADV230003). According to the advisory this defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.
Moving to critical vulnerabilities, there are Remote Code Execution (RCE) vulnerabilities affecting Microsoft Message Queuing (CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911). According to the advisory, the Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. The attack complexity is low, no privileges and no user interaction are required. The CVSS for this vulnerability is 9.8.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+August+2023+Patch+Tuesday/30106/
From small LNK to large malicious BAT file with zero VT score
Published: 2023-08-03
Last Updated: 2023-08-03 15:49:44 UTC
by Jan Kopriva (Version: 1)
Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.
The e-mail message was the usual malspam fare trying to appear as a purchase order sent to the recipient, however, the attachment, named “Purchase%20Order%20PO007289.pdf.zip”, was somewhat more intriguing. As you have probably guessed, it did not contain a PDF file, as its name might have suggested, but instead a 15 kB LNK.
If one were to look at the LNKs properties using the standard Windows dialog, one would only see the following string as the “target” for the shortcut, given that the textbox in the dialog supports only a fairly short string.
Since the “target” string begins with the ComSpec variable, we can clearly see that the LNK is pointing at cmd.exe (at least on any Windows system with usual configuration), but that is about all we can be certain about at this point. To get to further details, we might take advantage of some specialized tool for analyzing LNK files, however, any hex editor can serve us just as well.
Even if one didn’t understand the internal structure of the Shell Link file format, one would only have to locate a string in the file containing multiple “/shakir” substrings to be able to get to the entire command that the file is supposed to execute.
Read the full entry:
https://isc.sans.edu/diary/From+small+LNK+to+large+malicious+BAT+file+with+zero+VT+score/30094/
Are Leaked Credentials Dumps Used by Attackers?
Published: 2023-08-04
Last Updated: 2023-08-04 07:46:31 UTC
by Xavier Mertens (Version: 1)
Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned”[1] help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).
I’ve been watching dumps of leaked credentials for a long time. My goal is not to compete with the service above. I do this for research purposes and to track potential leaks for juicy domains. Most of the "combo" files that you can find on the Internet are compilations of old leaks but presented as "fresh", "verified" or "valid" by the attacker:
250K-belgium-Combolist.txt
300kusa.txt
310k-yahoo-combos.txt
75k HQ Valid mail access.txt
83k mail_access.txt
50K Combo private BY AmrNet1 All Site.txt
...
The quality of these dumps is very poor. Most verifications I performed with 3rd parties always gave the same results: the account has not existed for a long time, our password policy has changed, etc.
Read the full entry:
https://isc.sans.edu/diary/Are+Leaked+Credentials+Dumps+Used+by+Attackers/30098/
Internet Storm Center Entries
Update: Researchers scanning the Internet (2023.08.07)
https://isc.sans.edu/diary/Update+Researchers+scanning+the+Internet/30102/
Zeek and Defender Endpoint (2023.08.02)
https://isc.sans.edu/diary/Zeek+and+Defender+Endpoint/30088/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-38180 - .NET and Visual Studio Denial of Service Vulnerability
CVE-2023-35385, CVE-2023-36910, CVE-2023-36911 - Microsoft Message Queuing Remote Code Execution Vulnerabilities
CVE-2023-35081 - Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows authenticated administrator to write arbitrary files through path traversal vulnerability.
CVE-2023-35081 - Arbitrary-File-Write?language=en_US
CVE-2023-35081-Arbitrary-File-Write?language=en_US">https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
CVE-2023-39143 - PaperCut NG and PaperCut MF before 22.1.3 allow path traversal leading to unauthorized file access and manipulation.
Product: Papercut NG/MFCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39143ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8604NVD References: - https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/- https://www.papercut.com/kb/Main/securitybulletinjuly2023/CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege VulnerabilityProduct: Microsoft Exchange ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21709ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709CVE-2023-34960 - Chamilo v1.11.* up to v1.11.18 enables command injections via a SOAP API call to wsConvertPpt with a manipulated PowerPoint name.Product: Chamilo CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34960NVD References: - http://chamilo.com- https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-ExecutionCVE-2023-37478 - Pnpm package manager is susceptible to a malicious tarball vulnerability that allows compromised or malicious versions to be installed when using pnpm, despite appearing safe on npm registry.Product: Pnpm CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37478NVD References: - https://github.com/pnpm/pnpm/releases/tag/v7.33.4- https://github.com/pnpm/pnpm/releases/tag/v8.6.8- https://github.com/pnpm/pnpm/security/advisories/GHSA-5r98-f33j-g8h7CVE-2022-39986 - RaspAP versions 2.8.0 through 2.8.7, an unauthenticated command injection vulnerability allows attackers to execute arbitrary commands via the cfg_id parameter in certain PHP files.Product: RaspAPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-39986NVD References: - https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php- https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2CVE-2023-31710 - TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.Product: TP-Link Archer Ax21CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31710NVD References: https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710CVE-2023-34634 - Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.Product: Greenshot CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34634NVD References: - http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html- https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c- https://greenshot.atlassian.net/browse/BUG-3061- https://www.exploit-db.com/exploits/51633CVE-2023-4056 - Firefox, Firefox ESR, and Thunderbird versions prior to 116, 102.14, and 115.1 respectively suffer from memory safety bugs that could potentially allow arbitrary code execution through memory corruption.Product: Mozilla FirefoxCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4056NVD References: - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847- https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html- https://www.debian.org/security/2023/dsa-5464- https://www.debian.org/security/2023/dsa-5469- https://www.mozilla.org/security/advisories/mfsa2023-29/- https://www.mozilla.org/security/advisories/mfsa2023-30/- https://www.mozilla.org/security/advisories/mfsa2023-31/CVE-2023-4057 - Firefox, Firefox ESR, and Thunderbird versions 115.0 suffer from memory safety bugs that could potentially lead to arbitrary code execution, affecting Firefox versions below 116 and Firefox ESR versions below 115.1.Product: Mozilla FirefoxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4057NVD References: - https://bugzilla.mozilla.org/show_bug.cgi?id=1841682- https://www.mozilla.org/security/advisories/mfsa2023-29/- https://www.mozilla.org/security/advisories/mfsa2023-31/- https://www.mozilla.org/security/advisories/mfsa2023-33/CVE-2023-4058 - Firefox versions prior to 116 contain memory safety bugs that could allow potential hackers to run arbitrary code by exploiting the memory corruption.Product: Mozilla FirefoxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4058NVD References: - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1819160%2C1828024- https://www.mozilla.org/security/advisories/mfsa2023-29/CVE-2023-33493 - PrestaShop through 2.3.0 allows remote attackers to upload dangerous files without restrictions.Product: Ajaxmanager Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33493NVD References: https://security.friendsofpresta.org/module/2023/07/28/ajaxmanager.htmlCVE-2023-36210 - MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the …
CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2023-34960 - Chamilo v1.11.* up to v1.11.18 enables command injections via a SOAP API call to wsConvertPpt with a manipulated PowerPoint name.
CVE-2023-37478 - Pnpm package manager is susceptible to a malicious tarball vulnerability that allows compromised or malicious versions to be installed when using pnpm, despite appearing safe on npm registry.
CVE-2022-39986 - RaspAP versions 2.8.0 through 2.8.7, an unauthenticated command injection vulnerability allows attackers to execute arbitrary commands via the cfg_id parameter in certain PHP files.
CVE-2023-31710 - TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.
CVE-2023-34634 - Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
CVE-2023-4056 - Firefox, Firefox ESR, and Thunderbird versions prior to 116, 102.14, and 115.1 respectively suffer from memory safety bugs that could potentially allow arbitrary code execution through memory corruption.
CVE-2023-4057 - Firefox, Firefox ESR, and Thunderbird versions 115.0 suffer from memory safety bugs that could potentially lead to arbitrary code execution, affecting Firefox versions below 116 and Firefox ESR versions below 115.1.
CVE-2023-4058 - Firefox versions prior to 116 contain memory safety bugs that could allow potential hackers to run arbitrary code by exploiting the memory corruption.
CVE-2023-33493 - PrestaShop through 2.3.0 allows remote attackers to upload dangerous files without restrictions.
CVE-2023-36210 - MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.
CVE-2023-33561 - Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
CVE-2023-33562 - PHP Jabbers Time Slots Booking Calendar v3.3 is susceptible to user enumeration, as an attacker can leverage password recovery to differentiate valid and invalid users, facilitating a potential brute force attack.
CVE-2023-26443 - The vulnerable product, Full-text autocomplete search, allows user-provided SQL syntax to be injected, posing a potential malicious SQL injection vulnerability when existing sanitization measures are bypassed, but now resolves the issue by encoding single quotes for SQL FULLTEXT queries and no known public exploits exist.
CVE-2023-26317 - Xiaomi routers are susceptible to command injection through an external interface, potentially resulting in remote code execution and complete compromise of the device.
CVE-2022-40609 - IBM SDK, Java Technology Edition versions 7.1.5.18 and 8.0.8.0 suffer from an unsafe deserialization flaw, allowing remote attackers to execute arbitrary code on the system.
CVE-2023-1437 - Advantech WebAccess/SCADA versions prior to 9.1.4 allows untrusted pointers, enabling remote access to files, execution of commands, and file overwrite.
CVE-2023-1935 - The ROC800-Series RTU devices can be exploited by an attacker to bypass authentication and gain unauthorized access, potentially leading to data compromise, device control, and denial-of-service.
CVE-2023-33369 - Control ID IDSecure 4.7.26.0 and prior allows attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service due to a path traversal vulnerability.
Product: Assaabloy Control ID IDSecureCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33369NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33369- https://www.controlid.com.br/en/access-control/idsecure/CVE-2023-33371 - IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to bypass authentication.Product: Assaabloy Control ID IDSecureCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33371NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33371- https://www.controlid.com.br/en/access-control/idsecure/CVE-2023-36082 - GatesAir Flexiva FM Transmitter/Exiter Fax 150W is vulnerable to remote privilege escalation through LDAP and SMTP credentials.Product: GatesAir Flexiva Fax 150WCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36082NVD References: - http://flexiva.com- http://gatesair.com- https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36082CVE-2023-4068, CVE-2023-4069, CVE-2023-4070 - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.Product: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4068NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4069NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4070ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1466183- https://crbug.com/1465326- https://crbug.com/1462951- https://www.debian.org/security/2023/dsa-5467CVE-2023-4071 - Chromium: CVE-2023-4071 Heap buffer overflow in VisualsProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4071ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1458819- https://www.debian.org/security/2023/dsa-5467CVE-2023-4072 - Chromium: CVE-2023-4072 Out of bounds read and write in WebGLProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4072ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1464038- https://www.debian.org/security/2023/dsa-5467CVE-2023-4073 - Chromium: CVE-2023-4073 Out of bounds memory access in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4073ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1456243- https://www.debian.org/security/2023/dsa-5467CVE-2023-4074 - Chromium: CVE-2023-4074 Use after free in Blink Task SchedulingProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4074ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1464113- https://www.debian.org/security/2023/dsa-5467CVE-2023-4075 - Chromium: CVE-2023-4075 Use after free in CastProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4075ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1457757- https://www.debian.org/security/2023/dsa-5467CVE-2023-4076 - Chromium: CVE-2023-4076 Use after free in WebRTCProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4076ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1459124- https://www.debian.org/security/2023/dsa-5467CVE-2023-4077 - Chromium: CVE-2023-4077 Insufficient data validation in ExtensionsProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4077ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077NVD References: - https:/…
CVE-2023-33371 - IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to bypass authentication.
Product: Assaabloy Control ID IDSecureCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33371NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33371- https://www.controlid.com.br/en/access-control/idsecure/CVE-2023-36082 - GatesAir Flexiva FM Transmitter/Exiter Fax 150W is vulnerable to remote privilege escalation through LDAP and SMTP credentials.Product: GatesAir Flexiva Fax 150WCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36082NVD References: - http://flexiva.com- http://gatesair.com- https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36082CVE-2023-4068, CVE-2023-4069, CVE-2023-4070 - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.Product: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4068NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4069NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4070ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1466183- https://crbug.com/1465326- https://crbug.com/1462951- https://www.debian.org/security/2023/dsa-5467CVE-2023-4071 - Chromium: CVE-2023-4071 Heap buffer overflow in VisualsProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4071ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1458819- https://www.debian.org/security/2023/dsa-5467CVE-2023-4072 - Chromium: CVE-2023-4072 Out of bounds read and write in WebGLProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4072ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1464038- https://www.debian.org/security/2023/dsa-5467CVE-2023-4073 - Chromium: CVE-2023-4073 Out of bounds memory access in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4073ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1456243- https://www.debian.org/security/2023/dsa-5467CVE-2023-4074 - Chromium: CVE-2023-4074 Use after free in Blink Task SchedulingProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4074ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1464113- https://www.debian.org/security/2023/dsa-5467CVE-2023-4075 - Chromium: CVE-2023-4075 Use after free in CastProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4075ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1457757- https://www.debian.org/security/2023/dsa-5467CVE-2023-4076 - Chromium: CVE-2023-4076 Use after free in WebRTCProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4076ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1459124- https://www.debian.org/security/2023/dsa-5467CVE-2023-4077 - Chromium: CVE-2023-4077 Insufficient data validation in ExtensionsProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4077ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077NVD References: - https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html- https://crbug.com/1451146- https://www.debian.org/security/2023/dsa-5467CVE-2023-4078 - Chromium: CVE-2023-4078 Inappropriate implementation in ExtensionsProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4078ISC Diary: https://isc.sans.edu/diary/30106MSFT Details: https://msrc.microsoft.com/update-guide…
CVE-2023-36082 - GatesAir Flexiva FM Transmitter/Exiter Fax 150W is vulnerable to remote privilege escalation through LDAP and SMTP credentials.
CVE-2023-4068, CVE-2023-4069, CVE-2023-4070 - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
CVE-2023-4071 - Chromium:
CVE-2023-4072 - Chromium:
CVE-2023-4073 - Chromium:
CVE-2023-4074 - Chromium:
CVE-2023-4075 - Chromium:
CVE-2023-4076 - Chromium:
CVE-2023-4077 - Chromium:
CVE-2023-4078 - Chromium:
CVE-2023-38954 - ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
CVE-2023-37364 - WS-Inc J WBEM Server 4.7.4 before 4.7.5 allows context-dependent attackers to read arbitrary files or cause a denial of service via the CIM-XML protocol adapter's entity resolution feature.
CVE-2023-37679 - NextGen Mirth Connect v4.3.0 is vulnerable to remote command execution, enabling attackers to execute arbitrary commands on the hosting server.
CVE-2023-3346 - MITSUBSHI CNC Series is vulnerable to a remote unauthenticated attacker causing a Denial of Service (DoS) condition and executing arbitrary code by sending specially crafted packets, requiring a system reset for recovery.
CVE-2023-21408 - The vulnerable product allows unprivileged users to gain access to unencrypted user credentials used in the integration interface towards 3rd party systems due to insufficient file permissions.
cve-2023-2140712 - en-US-409778.pdf
cve-2023-2140712-en-US-409778.pdf">https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdfCVE-2023-21409 - Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.Product: Axis License Plate VerifierCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21409NVD References: https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdfCVE-2023-4008 - GitLab CE/EE before versions 16.0.8, 16.1.3, and 16.2.2 allows the takeover of GitLab Pages using known random string for unique domain URLs.Product: Gitlab CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4008NVD References: https://gitlab.com/gitlab-org/gitlab/-/issues/415942CVE-2023-4120 - Beijing Baichuo Smart S85F Management Platform up to 20230722 is vulnerable to remote command injection via manipulation of the sql argument in importhtml.php, potentially leading to unauthorized access and attack exploitation.Product: Byzoro Smart S85FCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4120NVD References: - https://github.com/RCEraser/cve/blob/main/rce.md- https://vuldb.com/?ctiid.235967- https://vuldb.com/?id.235967CVE-2023-4121 - Beijing Baichuo Smart S85F Management Platform up to 20230722 allows remote attackers to execute unrestricted file uploads, classified as critical (VDB-235968).Product: Byzoro Smart S85FCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4121NVD References: - https://github.com/torres14852/cve/blob/main/upload.md- https://vuldb.com/?ctiid.235968- https://vuldb.com/?id.235968CVE-2023-36213 - MotoCMS v.3.4.3 is vulnerable to SQL injection, allowing remote attackers to gain privileges through the search function's keyword parameter.Product: MotoCMS CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36213NVD References: - https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html- https://www.exploit-db.com/exploits/51504CVE-2023-36217 - Xoops CMS v.2.5.10 is vulnerable to Cross Site Scripting, allowing remote attackers to execute arbitrary code via the category name field of the image manager function.Product: Xoops CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36217NVD References: - https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10- https://www.exploit-db.com/exploits/51520CVE-2023-33666 - ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.Product: Ai-Dev AioptimizedcombinationsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33666NVD References: - https://security.friendsofpresta.org/modules/2023/08/03/aioptimizedcombinations.html- https://www.boutique.ai-dev.fr/en/ergonomie/59-optimized-combinations.htmlCVE-2023-20214 - Cisco SD-WAN vManage software is vulnerable to an unauthenticated remote attacker gaining read or limited write permissions to the configuration through a crafted API request.Product: Cisco SD-WAN vManageCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20214NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPACVE-2023-38951 - A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.Product: ZKTeco BiotimeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38951NVD References: - http://zkteco.com- https://claroty.com/team82/disclosure-dashboard/cve-2023-38951CVE-2023-33665 - ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.Product: Ai-Dev Ai-TableCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33665NVD References: - https://security.friendsofpresta.org/modules/2023/08/01/aitable.html- https://www.boutique.ai-dev.fr/en/ergonomie/56-table-attributes.htmlCVE-2023-36131 - PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.Product: PHPJabbers Availability Booking CalendarCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36131NVD References: - https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4- https://www.phpjabbers.com/availability-booking-calendar/CVE-2023-36132 - PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.Product: PHPJabbers Availability Booking CalendarCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36132NVD References: - https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4- https://www.phpjabbers.com/availability-booking-calendar/CVE-2023-36133 - PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.Product: PHPJabbers Availability B…
cve-2023-2140712 - en-US-409778.pdf
CVE-2023-4008 - GitLab CE/EE before versions 16.0.8, 16.1.3, and 16.2.2 allows the takeover of GitLab Pages using known random string for unique domain URLs.
CVE-2023-4120 - Beijing Baichuo Smart S85F Management Platform up to 20230722 is vulnerable to remote command injection via manipulation of the sql argument in importhtml.php, potentially leading to unauthorized access and attack exploitation.
CVE-2023-4121 - Beijing Baichuo Smart S85F Management Platform up to 20230722 allows remote attackers to execute unrestricted file uploads, classified as critical (VDB-235968).
CVE-2023-36213 - MotoCMS v.3.4.3 is vulnerable to SQL injection, allowing remote attackers to gain privileges through the search function's keyword parameter.
CVE-2023-36217 - Xoops CMS v.2.5.10 is vulnerable to Cross Site Scripting, allowing remote attackers to execute arbitrary code via the category name field of the image manager function.
CVE-2023-33666 - ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
CVE-2023-20214 - Cisco SD-WAN vManage software is vulnerable to an unauthenticated remote attacker gaining read or limited write permissions to the configuration through a crafted API request.
CVE-2023-38951 - A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.
CVE-2023-33665 - ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
CVE-2023-36131 - PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.
CVE-2023-36132 - PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
CVE-2023-36133 - PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
CVE-2023-36134 - PHP Jabbers Class Scheduling System 1.0 allows remote attackers to take over accounts due to insufficient verification when changing email addresses and/or passwords on the Profile Page.
CVE-2023-36139 - PHPJabbers Cleaning Business Software 1.0 allows remote attackers to take over accounts by lacking verification when changing an email address and/or password on the Profile Page.
CVE-2023-36480 - The Aerospike Java client allows remote attackers to execute arbitrary code and take control of the machine by tricking the client into communicating with a malicious server.
CVE-2023-36480 - Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses
CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses">https://support.aerospike.com/s/article/CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses
CVE-2023-37470 - Metabase is vulnerable to remote code execution due to the exposure of the embedded in-memory database H2, allowing users to inject and execute executable code through connection strings.
CVE-2023-38686 - Sydent identity server for the Matrix communications protocol (prior to version 2.5.6) is vulnerable to interception of emails via MITM attack due to failure in verifying SMTP server certificates.
CVE-2023-33372 - Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT, allowing attackers to impersonate devices and bypass authentication.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33372NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33372- https://www.connectedio.com/products/routersCVE-2023-33373 - Connected IO v2.1.0 and prior stores passwords and credentials in clear-text format, enabling attackers to steal them and impersonate devices.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33373NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33373- https://www.connectedio.com/products/routersCVE-2023-33374 - Connected IO v2.1.0 and prior allows arbitrary remote command execution through its communication protocol.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33374NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33374- https://www.connectedio.com/products/routersCVE-2023-33375 - Connected IO v2.1.0 and prior: Stack-based buffer overflow vulnerability allows device takeover by attackers.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33375NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33375- https://www.connectedio.com/products/routersCVE-2023-33376 - Connected IO v2.1.0 and prior: Argument injection vulnerability in iptables command allows for execution of arbitrary OS commands.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33376NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33376- https://www.connectedio.com/products/routersCVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: P…
CVE-2023-33373 - Connected IO v2.1.0 and prior stores passwords and credentials in clear-text format, enabling attackers to steal them and impersonate devices.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33373NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33373- https://www.connectedio.com/products/routersCVE-2023-33374 - Connected IO v2.1.0 and prior allows arbitrary remote command execution through its communication protocol.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33374NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33374- https://www.connectedio.com/products/routersCVE-2023-33375 - Connected IO v2.1.0 and prior: Stack-based buffer overflow vulnerability allows device takeover by attackers.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33375NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33375- https://www.connectedio.com/products/routersCVE-2023-33376 - Connected IO v2.1.0 and prior: Argument injection vulnerability in iptables command allows for execution of arbitrary OS commands.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33376NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33376- https://www.connectedio.com/products/routersCVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, wi…
CVE-2023-33374 - Connected IO v2.1.0 and prior allows arbitrary remote command execution through its communication protocol.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33374NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33374- https://www.connectedio.com/products/routersCVE-2023-33375 - Connected IO v2.1.0 and prior: Stack-based buffer overflow vulnerability allows device takeover by attackers.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33375NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33375- https://www.connectedio.com/products/routersCVE-2023-33376 - Connected IO v2.1.0 and prior: Argument injection vulnerability in iptables command allows for execution of arbitrary OS commands.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33376NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33376- https://www.connectedio.com/products/routersCVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.Product: PrestaShop e-commerce web applicationCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39526NVD References: - https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56…
CVE-2023-33375 - Connected IO v2.1.0 and prior: Stack-based buffer overflow vulnerability allows device takeover by attackers.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33375NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33375- https://www.connectedio.com/products/routersCVE-2023-33376 - Connected IO v2.1.0 and prior: Argument injection vulnerability in iptables command allows for execution of arbitrary OS commands.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33376NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33376- https://www.connectedio.com/products/routersCVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.Product: PrestaShop e-commerce web applicationCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39526NVD References: - https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pcCVE-2023-37483 - SAP PowerDesigner version 16.7 allows unauthenticated attackers to run arbitrary queries against the back-end database via Proxy due to improper access control.Product: SAP PowerDesignerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37483NVD References: - https://me.sap.com/notes/3341460- https://www.sap.…
CVE-2023-33376 - Connected IO v2.1.0 and prior: Argument injection vulnerability in iptables command allows for execution of arbitrary OS commands.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33376NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33376- https://www.connectedio.com/products/routersCVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.Product: PrestaShop e-commerce web applicationCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39526NVD References: - https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pcCVE-2023-37483 - SAP PowerDesigner version 16.7 allows unauthenticated attackers to run arbitrary queries against the back-end database via Proxy due to improper access control.Product: SAP PowerDesignerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37483NVD References: - https://me.sap.com/notes/3341460- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-3526 - PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT versions prior to 2.07.2 and CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 are vulnerable to unauthenticated remote code execution via reflective XSS in the license viewer page.Product: PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENTCVSS Sco…
CVE-2023-33377 - Connected IO v2.1.0 and prior allows arbitrary OS command execution through an OS command injection vulnerability in its communication protocol during the set firewall command.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33377NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33377- https://www.connectedio.com/products/routersCVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.Product: PrestaShop e-commerce web applicationCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39526NVD References: - https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pcCVE-2023-37483 - SAP PowerDesigner version 16.7 allows unauthenticated attackers to run arbitrary queries against the back-end database via Proxy due to improper access control.Product: SAP PowerDesignerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37483NVD References: - https://me.sap.com/notes/3341460- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-3526 - PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT versions prior to 2.07.2 and CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 are vulnerable to unauthenticated remote code execution via reflective XSS in the license viewer page.Product: PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENTCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3526NVD References: https://cert.vde.com/en/advisories/VDE-2023-017CVE-2023-3570 - PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 allow remote attackers with low privileges to gain full access via a specific HTTP DELETE request.Product: PHOENIX CONTACT WP 6xxx series web panelsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detai…
CVE-2023-33378 - Connected IO v2.1.0 and prior allows attackers to execute arbitrary OS commands on devices via an argument injection vulnerability in its AT command message.
Product: Connected IOCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33378NVD References: - https://claroty.com/team82/disclosure-dashboard/cve-2023-33378- https://www.connectedio.com/products/routersCVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.Product: CloudExplorer Lite CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38692NVD References: - https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5wCVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.Product: MindsDB AI Virtual DatabaseCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38699NVD References: - https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcwCVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.Product: KnowageCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38702NVD References: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fcCVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.Product: Online Security Guards Hiring System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39551NVD References: https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.mdCVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.Product: social-media-skeleton CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39344NVD References: - https://github.com/fobybus/social-media-skeleton/commit/3cabdd35c3d874608883c9eaf9bf69b2014d25c1- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-857x-p6fq-mgfhCVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentialsProduct: Pega PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32090NVD References: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operatorsCVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.Product: PrestaShop e-commerce web applicationCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39526NVD References: - https://github.com/PrestaShop/PrestaShop/commit/817847e2347844a9b6add017581f1932bcd28c09- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gf46-prm4-56pcCVE-2023-37483 - SAP PowerDesigner version 16.7 allows unauthenticated attackers to run arbitrary queries against the back-end database via Proxy due to improper access control.Product: SAP PowerDesignerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37483NVD References: - https://me.sap.com/notes/3341460- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-3526 - PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT versions prior to 2.07.2 and CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 are vulnerable to unauthenticated remote code execution via reflective XSS in the license viewer page.Product: PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENTCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3526NVD References: https://cert.vde.com/en/advisories/VDE-2023-017CVE-2023-3570 - PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 allow remote attackers with low privileges to gain full access via a specific HTTP DELETE request.Product: PHOENIX CONTACT WP 6xxx series web panelsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3570NVD References: https://cert.vde.com/en/advisories/VDE-2023-018/CVE-2023-3571 - PHOENIX CONTACTs WP 6xxx series web panels prior to 4.0.10 allow remote attackers to gain full device access by exploiting a specific HTTP POST related to certificate operations.Product: PHOENIX CONTACT WP 6xxx series web panelsCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-357…
CVE-2023-38692 - CloudExplorer Lite versions prior to 1.3.1 allow command injection via the installation function, fixed in v1.3.1 with no known workarounds other than upgrading.
CVE-2023-38699 - MindsDB's AI Virtual Database prior to version 23.7.4.0 allows disabling SSL certificate checks through a call to requests with `verify=False`, potentially exposing data to security risks.
CVE-2023-38702 - Knowage is an open source analytics and business intelligence suite with an authenticated file upload vulnerability that allows an attacker to achieve code execution on the server.
CVE-2023-39551 - PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.
CVE-2023-39344 - social-media-skeleton is vulnerable to a SQL injection allowing UNION based injections, indirectly leading to remote code execution, fixed in commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1.
CVE-2023-32090 - Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
CVE-2023-39526 - PrestaShop, versions prior to 1.7.8.10, 8.0.5, and 8.1.1, allows remote code execution and arbitrary file write through SQL injection in the back office, with no known workarounds.
CVE-2023-37483 - SAP PowerDesigner version 16.7 allows unauthenticated attackers to run arbitrary queries against the back-end database via Proxy due to improper access control.
CVE-2023-3526 - PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT versions prior to 2.07.2 and CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 are vulnerable to unauthenticated remote code execution via reflective XSS in the license viewer page.
CVE-2023-3570 - PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 allow remote attackers with low privileges to gain full access via a specific HTTP DELETE request.
CVE-2023-3571 - PHOENIX CONTACTs WP 6xxx series web panels prior to 4.0.10 allow remote attackers to gain full device access by exploiting a specific HTTP POST related to certificate operations.
CVE-2023-3572 - PHOENIX CONTACTs WP 6xxx series web panels prior to 4.0.10 allow remote attackers with low privileges to gain full access utilizing a specific HTTP POST request attribute for date/time operations.
CVE-2023-3573 - PHOENIX CONTACTs WP 6xxx series web panels prior to 4.0.10 allow remote attackers to gain full access to the device through a command injection vulnerability in font configuration operations.
CVE-2023-3898 - mAyaNet E-Commerce Software before 1.1 is vulnerable to SQL Injection.
CVE-2022-40510 - Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-21643 - Memory corruption due to untrusted pointer dereference in automotive during system call.
CVE-2023-21651 - Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2023-24845 - Multiple RUGGEDCOM ROS devices are vulnerable to an insufficient blocking of mirrored traffic, allowing an attacker to transmit malicious packets to systems in the mirrored network and potentially impact their configuration and behavior.
CVE-2023-37372 - RUGGEDCOM CROSSBOW (All versions < V5.4) is susceptible to SQL injection, permitting unauthenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2023-28561 - Memory corruption in QESL while processing payload from external ESL device to firmware.
CVE-2023-3717 - Farmakom Remote Administration Console before 1.02 is vulnerable to SQL Injection.
CVE-2023-4202 - Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are susceptible to Stored Cross-Site Scripting via authenticated users in the device name field of the web-interface.
CVE-2023-4203 - Advantech EKI-1524, EKI-1522, and EKI-1521 devices through 1.21 are vulnerable to stored cross-site scripting through the ping tool in the web-interface for authenticated users.
CVE-2023-3716 - Oduyo Online Collection Software before 1.0.1 is vulnerable to SQL Injection.
CVE-2023-3651 - Digital Ant E-Commerce Software before 11 is vulnerable to SQL injection, enabling the injection of malicious SQL commands.
CVE-2023-3386 - The a2 Camera Trap Tracking System before 3.1905 allows SQL Injection.
CVE-2023-3522 - License Portal System before 1.48 is vulnerable to SQL injection allowing improper neutralization of special elements used in an SQL command.
CVE-2023-39532 - SES is vulnerable to a confinement hole that allows guest programs to access the host's dynamic import, potentially leading to information exfiltration or execution of arbitrary code.
CVE-2023-20569 - AMD:
CVE-2023-29328, CVE-2023-29330 - Microsoft Teams Remote Code Execution Vulnerabilities
CVE-2023-35359 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35368 - Microsoft Exchange Remote Code Execution Vulnerability
CVE-2023-35371 - Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35372 - Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-35378 - Windows Projected File System Elevation of Privilege Vulnerability
CVE-2023-35379 - Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, CVE-2023-38154 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2023-35381 - Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-35383 - Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-35387 - Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
CVE-2023-35388 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-35390 - .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-36534 - Zoom Desktop Client for Windows before 5.14.7 allows unauthenticated users to escalate privileges via network access due to path traversal vulnerability.
CVE-2023-36865 - Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36866 - Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36876 - Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-36882 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36891, CVE-2023-36892 - Microsoft SharePoint Server Spoofing Vulnerabilities
CVE-2023-36895 - Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36896 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36897 - Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-36898 - Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36900 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36903 - Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36904 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36912, CVE-2023-38172 - Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38167 - Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
CVE-2023-38169 - Microsoft OLE DB Remote Code Execution Vulnerability
CVE-2023-38170 - HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2023-38172 - Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38175 - Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-38176 - Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
CVE-2023-38178 - .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-38181 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38182 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38184 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-38185 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38186 - Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2023-39216 - Zoom Desktop Client for Windows before version 5.14.7 allows unauthenticated users to escalate privileges through network access due to improper input validation.
CVE-2023-36873 - .NET Framework Spoofing Vulnerability
CVE-2023-39213 - The Zoom Desktop and VDI Clients before 5.15.2 allow unauthorized users to escalate privileges via network access.
Sponsors
Dragos
*********** Sponsored By Dragos, Inc. ***********The Dragos public intelligence brief, COSMICENERGY – Not an Immediate Threat, provides an analysis of this latest malware discovery and how it compares to other more concerning threats like CRASHOVERRIDE and Industroyer2. We want to help you break through the hype with actionable defensive recommendations and potential impacts on ICS/OT environments. Download Intelligence Brief:
Zscaler
Upcoming webcast on Thu, August 17 at 1:00pm ET | How to Use Zero Trust to Secure Workloads in the Public Cloud- Register for this free virtual webcast to receive first free access to the accompanying whitepaper written by Dave Shackleford. | Register Now:
CardinalOps
Upcoming webcast on Tue, August 22 at 1:00pm ET | The Future of Log Centralization for SIEMs and DFIR – Is the End Nigh? Tune in as we explore the pros and cons of centralized log data and will take a look at key questions like: Why might a decentralized approach be more attractive today, and what about normalization? | Register Now:
Vectra®
State of Threat Detection – The Defenders’ Dilemma | During this “Ask the Expert” webinar, we explored an independent global study of 2,000 SecOps analysts, and dove headfirst into the spiral of more that SOC analysts face. | Watch the Replay: