@RISK

The Consensus Security Vulnerability Alert

September 14, 2023  |  Vol. 23, Num. 36

Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft September 2023 Patch Tuesday

Published: 2023-09-12

Last Updated: 2023-09-12 20:37:17 UTC

by Renato Marinho (Version: 1)

This month we got patches for 66 vulnerabilities. Of these, 5 are critical, and 2 are already being exploited, according to Microsoft.

One of the exploited vulnerabilities is a Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for this vulnerability is 6.8.

The second one is a Microsoft Word Information Disclosure Vulnerability (CVE-2023-36761). According to the advisory, the Preview Pane is an attack vector and exploiting this vulnerability could allow the disclosure of NTLM hashes.

Regarding critical vulnerabilities, one of them is a Remote Code Execution (RCE) vulnerability on Internet Connection Sharing (ICS) (CVE-2023-38148). According to the advisory, an unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service. This vulnerability requires no user interaction and no privileges. The CVSS is 8.8 - the highest for this month.

The second highest CVSS this month is associated to a RCE affecting Visual Studio (CVE-2023-36793). To exploit this vulnerability an attacker would have to convince a user to open a maliciously crafted package file in Visual Studio. The CVSS is 7.8.

Read the full entry:

https://isc.sans.edu/diary/Microsoft+September+2023+Patch+Tuesday/30214/

Apple fixes 0-Day Vulnerability in Older Operating Systems

Published: 2023-09-11

Last Updated: 2023-09-11 18:32:28 UTC

by Johannes Ullrich (Version: 1)

This update fixes the ImageIO vulnerability Apple patched for current operating systems last week. Now, Apple follows up with a patch for its older, but still supported, operating system versions.

According to Citizen Lab, this vulnerability is already being exploited. Exploitation took advantage of the ImageIO vulnerability and a vulnerability in the Apple wallet "PassKit" API to send a "Pass" to the victim, including the malicious image. These older operating systems support PassKit, but it needs to be clarified if they are vulnerable to the PassKit issue.

More details:

Apple: https://support.apple.com/en-us/HT201222

Citizen Lab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Read the full entry:

https://isc.sans.edu/diary/Apple+fixes+0Day+Vulnerability+in+Older+Operating+Systems/30210/

Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities

Published: 2023-09-07

Last Updated: 2023-09-08 14:57:04 UTC

by Johannes Ullrich (Version: 1)

Read the full entry:

https://isc.sans.edu/diary/Apple+Releases+iOSiPadOS+1661+macOS+1352+watchOS+962+fixing+two+zeroday+vulnerabilities/30200/

Internet Storm Center Entries


Quickie: Generating a YARA Rule to Detect Obfuscated Strings (2023.09.10)

https://isc.sans.edu/diary/Quickie+Generating+a+YARA+Rule+to+Detect+Obfuscated+Strings/30206/

?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary] (2023.09.09)

https://isc.sans.edu/diary/Anyone+get+the+ASN+of+the+Truck+that+Hit+Me+Creating+a+PowerShell+Function+to+Make+3rd+Party+API+Calls+for+Extending+Honeypot+Information+Guest+Diary/30204/

Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store (2023.09.07)

https://isc.sans.edu/diary/FleezewareScareware+Advertised+via+Facebook+Tags+Available+in+Apple+App+Store/30198/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-36802 - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Product: Microsoft Streaming Service Proxy

CVSS Score: 7.8

** KEV since 2023-09-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36802

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802




CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability

Product: Microsoft Word

CVSS Score: 6.2

** KEV since 2023-09-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36761

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761




CVE-2023-4863 - Chromium: CVE-2023-4863 Heap buffer overflow in WebP

Product: Google Chrome

CVSS Score: 0

** KEV since 2023-09-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4863

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

NVD References: 

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

- https://crbug.com/1479274




CVE-2023-41064 - macOS Ventura, iOS, and iPadOS versions 13.5.2, 16.6.1 are susceptible to arbitrary code execution due to a buffer overflow issue involving image processing, potentially being actively exploited.

Product: Apple macOS, iOS, and iPadOS

CVSS Score: 7.8

** KEV since 2023-09-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41064

ISC Diary: https://isc.sans.edu/diary/30210

NVD References: 

- https://support.apple.com/en-us/HT213905

- https://support.apple.com/en-us/HT213906

- https://support.apple.com/en-us/HT213913

- https://support.apple.com/en-us/HT213914

- https://support.apple.com/en-us/HT213915




CVE-2023-36793 - Visual Studio Remote Code Execution Vulnerability

Product: Microsoft Visual Studio

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36793

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793




CVE-2023-38148 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Product: Microsoft Internet Connection Sharing (ICS)

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38148

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38148




CVE-2023-41061 - watchOS, iOS, and iPadOS versions 9.6.2, 16.6.1, and 16.6.1 allow for arbitrary code execution through a malicious attachment, with reports of active exploitation.

Product: Apple watchOS, iOS, and iPadOS

CVSS Score: 7.8

** KEV since 2023-09-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41061

NVD References: 

- http://seclists.org/fulldisclosure/2023/Sep/4

- http://seclists.org/fulldisclosure/2023/Sep/5

- https://support.apple.com/en-us/HT213905

- https://support.apple.com/en-us/HT213907

- https://support.apple.com/kb/HT213905

- https://support.apple.com/kb/HT213907




CVE-2023-20269 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software have a vulnerability that allows remote attackers to conduct brute force attacks or establish unauthorized SSL VPN sessions.

Product: Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software CVSS Score: 5.0

** KEV since 2023-09-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20269

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC




CVE-2023-20238 - The vulnerability in Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform allows an unauthenticated, remote attacker to forge credentials and gain unauthorized access to the system.

Product: Cisco BroadWorks Application Delivery Platform

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20238

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX




CVE-2023-35892 - IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XXE attack, allowing remote attackers to expose sensitive information or consume memory resources.

Product: IBM Financial Transaction Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35892

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/258786

- https://www.ibm.com/support/pages/node/7030359




CVE-2023-28543 - SNPE library is vulnerable to memory corruption due to out of bounds read triggered by a malformed DLC, exposing it to potential attacks when loading untrusted models.

Product: Qualcomm SD855

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28543

NVD References: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin




CVE-2023-28562 - Memory corruption while handling payloads from remote ESL.

Product: Qualcomm AQT1000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28562

NVD References: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin




CVE-2023-28581 - Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.

Product: Qualcomm FastConnect 6800

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28581

NVD References: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin




CVE-2023-41910 - lldpd before 1.0.17 allows remote attackers to cause an out-of-bounds read on heap memory by crafting a CDP PDU packet.

Product: Lldpd Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41910

NVD References: 

- https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b

- https://github.com/lldpd/lldpd/releases/tag/1.0.17




CVE-2023-40743 - Apache Axis 1.x allows for potentially dangerous lookup mechanisms when using "ServiceFactory.getService" to integrate into an application, exposing it to DoS, SSRF, RCE, and should be replaced with a different SOAP engine or patched.

Product: Apache Axis

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40743

NVD References: 

- https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210

- https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82




CVE-2023-36361 - Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

Product: Web-Audimex Audimexee

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36361

NVD References: 

- http://audimex.com

- http://audimexee.com

- https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b




CVE-2023-41012 - China Mobile Intelligent Home Gateway v.HG6543C4 allows remote code execution through the authentication mechanism.

Product: China Mobile Intelligent Home Gateway

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41012

NVD References: https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4-Identity-verification-has-design-flaws




CVE-2023-31242 - Open Automation Software OAS Platform v18.00.0072 is vulnerable to an authentication bypass through a specially-crafted series of network requests.

Product: Openautomationsoftware OAS Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31242

NVD References: 

- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769

- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769




CVE-2023-3374 - Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

Product: Bookreen 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3374

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0489




CVE-2017-9453 - BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.

Product: BMC Server Automation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-9453

NVD References: https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html




CVE-2023-35065 - Osoft Paint Production Management before 2.1 is vulnerable to SQL Injection.

Product: Osoft Dyeing - Printing - Finishing Production Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35065

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0490




CVE-2023-35068 - BMA Personnel Tracking System before 20230904 is vulnerable to SQL Injection.

Product: BMA Personnel Tracking System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35068

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0491




CVE-2023-35072 - Coyav Travel Proagent before 20230904 allows SQL Injection.

Product: Coyavtravel Proagent

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35072

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0492




CVE-2023-39681 - Cuppa CMS v1.0 is affected by a remote code execution (RCE) vulnerability when the email_outgoing parameter at /Configuration.php is manipulated with a crafted payload.

Product: CuppaCMS 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39681

NVD References: https://github.com/yanbochen97/CuppaCMS_RCE




CVE-2023-3616 - Mava Software Hotel Management System before 2.0 allows SQL Injection.

Product: Mava Hotel Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3616

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0493




CVE-2023-4034 - Smartrise Document Management System before Hvl-2.0 allows SQL Injection.

Product: Digita Tek Smartrise Document Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4034

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0494




CVE-2023-4178 - Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.

Product: Neutron Smart VMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4178

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0496




CVE-2023-4531 - Mestav Software E-commerce Software before 20230901 is vulnerable to SQL Injection.

Product: Mestav E-Commerce Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4531

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0495




CVE-2023-39654 - abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict.

Product: Abuquant Abupy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39654

NVD References: 

- https://github.com/Leeyangee/leeya_bug/blob/main/%5BWarning%5DSQL%20Injection%20in%20abupy%20%3C=%20v0.4.0.md

- https://github.com/bbfamily/abu




CVE-2023-41009 - The adlered bolo-solo v.2.6 file upload vulnerability allows remote code execution via a crafted script to the authorization field in the header.

Product: Adlered Bolo-Solo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41009

NVD References: 

- http://adlered.com

- https://github.com/Rabb1tQ/HillstoneCVEs/blob/main/CVE-2023-41009/CVE-2023-41009.md

- https://github.com/adlered/bolo-solo




CVE-2023-39361 - Cacti is vulnerable to a SQL injection in graph_view.php, allowing remote attackers to potentially gain administrative privileges or execute remote code.

Product: Cacti 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39361

NVD References: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg




CVE-2023-41508 - A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

Product: Superstorefinder Super Store Finder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41508

NVD References: 

- https://github.com/redblueteam/CVE-2023-41508/

- https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/




CVE-2023-4310 - BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 allow unauthenticated remote attackers to execute commands with site user context via a malicious HTTP request, fixed in version 23.2.3.

Product: BeyondTrust Privileged Remote Access

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4310

NVD References: 

- https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

- https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access




CVE-2023-41507 - Super Store Finder v3.6 is vulnerable to SQL injection via the products, distance, lat, and lng parameters in the store locator component.

Product: Super Store Finder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41507

NVD References: 

- https://github.com/redblueteam/CVE-2023-41507/

- https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/




CVE-2023-4761 - Chromium: CVE-2023-4761 Out of bounds memory access in FedCM

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4761

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761

NVD References: 

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

- https://crbug.com/1476403

- https://www.debian.org/security/2023/dsa-5491




CVE-2023-4762 - Chromium: CVE-2023-4762 Type Confusion in V8

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4762

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762

NVD References: 

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

- https://crbug.com/1473247

- https://www.debian.org/security/2023/dsa-5491




CVE-2023-4763 - Chromium: CVE-2023-4763 Use after free in Networks

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4763

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763

NVD References: 

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

- https://crbug.com/1469928

- https://www.debian.org/security/2023/dsa-5491




CVE-2023-4764 - Chromium: CVE-2023-4764 Incorrect security UI in BFCache

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4764

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764

NVD References: 

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

- https://crbug.com/1447237

- https://www.debian.org/security/2023/dsa-5491




CVE-2023-4485 - ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page is vulnerable to unauthenticated blind SQL injection allowing unauthorized access, data leakage, and disruption of critical industrial processes.

Product: Ardereg Sistemas Scada

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4485

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01




CVE-2023-30723 - Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary files with Samsung Health privilege due to an improper input validation vulnerability.

Product: Samsung Health

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30723

NVD References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09




CVE-2023-4634 - The Media Library Assistant plugin for WordPress up to and including version 3.09 is vulnerable to Local File Inclusion and Remote Code Execution.

Product: Davidlingren Media Library Assistant

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4634

NVD References: 

- https://github.com/Patrowl/CVE-2023-4634/

- https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz

- https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4

- https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve




CVE-2023-41149 - F-RevoCRM versions 7.3.7 and 7.3.8 have an OS command injection vulnerability, allowing an attacker to execute arbitrary OS commands on the server.

Product: F-RevoCRM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41149

NVD References: 

- http://jvn.jp/en/jp/JVN78113802/

- https://f-revocrm.jp/2023/08/9394/




CVE-2023-37941 - Apache Superset versions 1.5.0 up to and including 2.1.0 allow an attacker with write access to the metadata database to execute remote code on the web backend through a malicious Python object.

Product: Apache Superset

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37941

NVD References: https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h




CVE-2023-41330 - The knplabs/knp-snappy PHP library is vulnerable to remote code execution through PHAR deserialization due to a bypass in the fix for CVE-2023-28115, allowing execution of arbitrary code and access to the underlying filesystem for users able to control the second parameter of the generateFromHtml() function.

Product: Knplabs Snappy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41330

NVD References: 

- https://github.com/KnpLabs/snappy/commit/d3b742d61a68bf93866032c2c0a7f1486128b67e

- https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj

- https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc




CVE-2020-10131 - SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

Product: SearchBlox 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-10131

NVD References: https://developer.searchblox.com/v9.2/changelog/version-921




CVE-2023-23623 - Electron framework does not respect Content-Security-Policy when sandbox is disabled, allowing unexpected usage of eval() and new Function methods, creating an expanded attack surface.

Product: Electronjs 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23623

NVD References: https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr




CVE-2023-39956 - Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability

Product: Electronjs 

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39956

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956

NVD References: https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5




CVE-2023-39967 - WireMock allows for arbitrary service forwarding when certain request URLs are used in its configuration fields, potentially exposing three attack vectors and allowing for unauthorized access to the WireMock instance.

Product: WireMock Studio

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39967

NVD References: https://github.com/wiremock/wiremock/security/advisories/GHSA-676j-xrv3-73vc




CVE-2023-40397 - macOS Ventura 13.5 allows remote attackers to execute arbitrary JavaScript code due to inadequate checks.

Product: Apple macOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40397

NVD References: 

- http://www.openwall.com/lists/oss-security/2023/09/11/1

- https://support.apple.com/en-us/HT213843




CVE-2023-39238 - ASUS RT-AX56U V2 allows unauthenticated remote attackers to perform remote arbitrary code execution and disrupt service due to a format string vulnerability in its set_iperf3_svr.cgi module.

Product: ASUS RT-AX56U V2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39238

NVD References: https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html




CVE-2023-39239 - ASUS RT-AX56U V2's General function API allows unauthenticated remote attackers to execute remote arbitrary code, perform arbitrary system operations, or disrupt service due to a format string vulnerability in its apply.cgi module.

Product: ASUS RT-AX56U V2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39239

NVD References: https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html




CVE-2023-39240 - ASUS RT-AX56U V2’s iperf client function API allows an unauthenticated remote attacker to execute arbitrary code or disrupt service through a format string vulnerability in its set_iperf3_cli.cgi module.

Product: ASUS RT-AX56U V2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39240

NVD References: https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html




CVE-2023-39422 - Next Generation booking engine's /irmdata/api/ endpoints expose HMAC tokens in a client-side JavaScript file, rendering the authentication mechanism useless.

Product: Resortdata Internet Reservation Module Next Generation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39422

NVD References: https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained




CVE-2023-39423 - RDPData.dll in the vulnerable product exposes an endpoint which can be exploited to leak session IDs and impersonate logged-in users using a UNION SQL operator.

Product: Resortdata Internet Reservation Module Next Generation

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39423

NVD References: https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained




CVE-2023-40942 - Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.

Product: AC9 V3.0BR_V15.03.06.42_multi_TD01

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40942

NVD References: https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md




CVE-2023-30908 - Hewlett Packard Enterprise OneView Software is vulnerable to remote exploitation, enabling unauthorized access, sensitive information disclosure, and denial of service.

Product: HP OneView

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30908

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us




CVE-2023-40029 - Argo CD is vulnerable to an information disclosure issue due to the storage of sensitive information in the `kubectl.kubernetes.io/last-applied-configuration` annotation of cluster secrets.

Product: Argo CD

product name, Kubernetes

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40029

NVD References: 

- https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4

- https://github.com/argoproj/argo-cd/pull/7139

- https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9m




CVE-2021-27715 - MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass authentication and execute arbitrary code via crafted HTTP request.

Product: MoFi Network MOFI4500-4GXeLTE-V2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-27715

NVD References: 

- http://mofi.com

- https://www.nagarro.com/services/security/mofi-cve-security-advisory




CVE-2023-37759 - Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

Product: Trendylogics Crypto Currency Tracker

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37759

NVD References: 

- https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008

- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html

- https://tregix.com/




CVE-2023-41615 - Zoo Management System v1.0 is vulnerable to SQL injection via the username and password fields in the Admin sign-in page.

Product: Zoo Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41615

NVD References: 

- https://medium.com/@guravtushar231/sql-injection-in-login-field-a9073780f7e8

- https://phpgurukul.com/student-management-system-using-php-and-mysql/

- https://portswigger.net/web-security/sql-injection




CVE-2023-39320 - Go versions 1.21 and earlier allow execution of scripts and binaries relative to the root of the module when "go" command is used within the module, regardless of whether downloaded from module proxy or VCS software.

Product: Golang 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39320

NVD References: 

- https://go.dev/cl/526158

- https://go.dev/issue/62198

- https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ

- https://pkg.go.dev/vuln/GO-2023-2042




CVE-2023-42268 - Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.

Product: Jeecg Boot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42268

NVD References: https://github.com/jeecgboot/jeecg-boot/issues/5311




CVE-2022-33164 - IBM Security Directory Server 7.2.0 allows remote attackers to traverse directories and view or write arbitrary files on the system by sending a specially crafted URL request.

Product: IBM Security Directory Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33164

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/228579

- https://www.ibm.com/support/pages/node/7031021




CVE-2023-42276 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.

Product: Hutool 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42276

NVD References: https://github.com/dromara/hutool/issues/3286




CVE-2023-42277 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

Product: Hutool 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42277

NVD References: https://github.com/dromara/hutool/issues/3285




CVE-2023-4845 - SourceCodester Simple Membership System 1.0 is vulnerable to remote SQL injection via the admin_id parameter in account_edit_query.php (VDB-239254).

Product: Simple Membership System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4845

NVD References: 

- https://github.com/BigBaos/MemShipVul/blob/main/Simple-Membership-System%20account_edit_query.php%20has%20Sqlinjection.pdf

- https://vuldb.com/?ctiid.239254

- https://vuldb.com/?id.239254




CVE-2023-4848 - SourceCodester Simple Book Catalog App 1.0 is vulnerable to remote SQL injection through the delete_book.php functionality (CVE-2021-XXXXX).

Product: Simple Book Catalog App Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4848

NVD References: 

- https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/

- https://vuldb.com/?ctiid.239257

- https://vuldb.com/?id.239257




CVE-2023-4871 - SourceCodester Contact Manager App 1.0 is susceptible to remote SQL injection via manipulated argument contact/contactName in delete.php (VDB-239356).

Product: Contact Manager App Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4871

NVD References: 

- https://skypoc.wordpress.com/2023/09/05/vuln1/

- https://vuldb.com/?ctiid.239356

- https://vuldb.com/?id.239356




CVE-2023-4872 - SourceCodester Contact Manager App 1.0 is vulnerable to remote SQL injection via the contactName parameter in add.php, allowing attackers to exploit the application's security.

Product: Contact Manager App Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4872

NVD References: 

- https://skypoc.wordpress.com/2023/09/05/vuln1/

- https://vuldb.com/?ctiid.239357

- https://vuldb.com/?id.239357




CVE-2023-36140 - PHPJabbers Cleaning Business Software 1.0 lacks encryption on user passwords, enabling attackers to infiltrate all user accounts.

Product: PHPJabbers Cleaning Business Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36140

NVD References: 

- https://medium.com/@blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb

- https://www.phpjabbers.com/cleaning-business-software/




CVE-2020-19319 - Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.

Product: DLINK Dir-619L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-19319

NVD References: https://github.com/hhhhu8045759/dir_619l-buffer-overflow




CVE-2020-19320 - Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.

Product: DLINK Dir-619L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-19320

NVD References: 

- https://github.com/hhhhu8045759/dlink-619l-buffer_overflow

- https://www.dlink.com/en/security-bulletin/




CVE-2023-31067 - TSplus Remote Access through 16.0.2.14 allows Full Control permissions for Everyone on directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.

Product: TSplus Remote Access

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31067

NVD References: 

- http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html

- https://www.exploit-db.com/exploits/51679




CVE-2023-31068 - TSplus Remote Access through 16.0.2.14 grants Full Control permissions for Everyone on certain directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.

Product: TSplus Remote Access

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31068

NVD References: 

- http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html

- https://www.exploit-db.com/exploits/51680




CVE-2023-41256 - Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 allow an unauthorized attacker to obtain user access through an authentication bypass vulnerability.

Product: Dover Fueling Solutions MAGLINK LX Web Console Configuration

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41256

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01




CVE-2023-40150 - Softneta MedDream PACS v7.2.8.810 and prior allows unauthenticated remote code execution due to lack of authentication checks and unsafe functionality.

Product: Softneta MedDream PACS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40150

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-248-01




CVE-2023-40944 - Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.

Product: Schoolmate Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40944

NVD References: https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40944




CVE-2023-40945 - Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.

Product: Doctor Appointment System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40945

NVD References: https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-40945




CVE-2023-40946 - Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.

Product: Schoolmate Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40946

NVD References: https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40946




CVE-2023-35674 - The vulnerable product, WindowState.java, allows for a logic error in the onCreate function that can enable the launch of a background activity, potentially resulting in local escalation of privilege without requiring extra execution privileges or user interaction.

Product: WindowState.java

CVSS Score: 0

** KEV since 2023-09-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35674

NVD References: 

- https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e

- https://source.android.com/security/bulletin/2023-09-01




CVE-2023-40309 - SAP CommonCryptoLib lacks authentication checks, enabling an authenticated user to exploit restricted functionality and access, modify, or erase restricted data.

Product: SAP CommonCryptoLib

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40309

NVD References: 

- https://me.sap.com/notes/3340576

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-40622 - SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430 allow authenticated attackers to view restricted sensitive information, compromising the application's confidentiality, integrity, and availability.

Product: SAP BusinessObjects Business Intelligence Platform (Promotion Management)

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40622

NVD References: 

- https://me.sap.com/notes/3320355

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2022-24093 - Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are susceptible to post-authentication arbitrary code execution due to an improper input validation vulnerability.

Product: Adobe Commerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24093

NVD References: https://helpx.adobe.com/security/products/magento/apsb22-13.html




CVE-2023-2071 - Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus allows an unauthenticated attacker to achieve remote code execution by uploading a self-made library and bypassing the security check.

Product: Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2071

NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724




CVE-2023-29332 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Product: Microsoft Azure Kubernetes Service

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29332

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332




CVE-2023-33136 - Azure DevOps Server Remote Code Execution Vulnerability

Product: Azure DevOps Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33136

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136




CVE-2023-35355 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Cloud Files Mini Filter Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35355

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355




CVE-2023-36742 - Visual Studio Code Remote Code Execution Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36742

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742




CVE-2023-36744, CVE-2023-36745, CVE-2023-36756 - Microsoft Exchange Server Remote Code Execution Vulnerabilities

Product: Microsoft Exchange Server

CVSS Score: 8.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36744

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36745

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36756

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756




CVE-2023-36757 - Microsoft Exchange Server Spoofing Vulnerability

Product: Microsoft Exchange Server

CVSS Score: 8.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36757

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757




CVE-2023-36758 - Visual Studio Elevation of Privilege Vulnerability

Product: Microsoft Visual Studio

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36758

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758




CVE-2023-36762 - Microsoft Word Remote Code Execution Vulnerability

Product: Microsoft Word

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36762

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762




CVE-2023-36763 - Microsoft Outlook Information Disclosure Vulnerability

Product: Microsoft Outlook

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36763

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763




CVE-2023-36764 - Microsoft SharePoint Server Elevation of Privilege Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36764

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764




CVE-2023-36765 - Microsoft Office Elevation of Privilege Vulnerability

Product: Microsoft Office

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36765

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765

 



CVE-2023-36766 - Microsoft Excel Information Disclosure Vulnerability

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36766

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766




CVE-2023-36739, CVE-2023-36740, CVE-2023-36760 - 3D Viewer Remote Code Execution Vulnerabilities

Product: 3D Viewer Remote Code Execution

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36739

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36740

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36760

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740




CVE-2023-36770, CVE-2023-36771, CVE-2023-36772, CVE-2023-36773 - 3D Builder Remote Code Execution Vulnerabilities

Product: 3D Builder Microsoft

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36770

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36771

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36772

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36773

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773

  



CVE-2023-36788 - .NET Framework Remote Code Execution Vulnerability

Product: Microsoft .NET Framework

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36788

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788




CVE-2023-36792, CVE-2023-36794, CVE-2023-36796 - Visual Studio Remote Code Execution Vulnerabilities

Product: Microsoft Visual Studio

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36792

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36794

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36796

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796




CVE-2023-36800 - Dynamics Finance and Operations Cross-site Scripting Vulnerability

Product: Dynamics Finance and Operations

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36800

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800




CVE-2023-36804, CVE-2023-38161 - Windows GDI Elevation of Privilege Vulnerabilities

Product: Microsoft Windows

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36804

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38161

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38161




CVE-2023-36805 - Windows MSHTML Platform Security Feature Bypass Vulnerability

Product: Microsoft Windows MSHTML Platform

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36805

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805




CVE-2023-36886 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Product: Microsoft Dynamics 365

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36886

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886




CVE-2023-38139, CVE-2023-38141, CVE-2023-38142 - Windows Kernel Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Kernel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38139

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38141

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38142

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142




CVE-2023-38143, CVE-2023-38144 - Windows Common Log File System Driver Elevation of Privilege Vulnerabilities

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38143

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38144

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38144




CVE-2023-38146 - Windows Themes Remote Code Execution Vulnerability

Product: Microsoft Windows Themes

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38146

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146




CVE-2023-38147 - Windows Miracast Wireless Display Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38147

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147




CVE-2023-38149 - Windows TCP/IP Denial of Service Vulnerability

Product: Microsoft Windows

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38149

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38149




CVE-2023-38150 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 7.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38150

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38150




CVE-2023-38155 - Azure DevOps Server Remote Code Execution Vulnerability

Product: Microsoft Azure DevOps Server and Team Foundation Server

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38155

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155




CVE-2023-38156 - Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability

Product: Azure HDInsight Apache Ambari

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38156

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156




CVE-2023-38162 - DHCP Server Service Denial of Service Vulnerability

Product: DHCP Server Service

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38162

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38162




CVE-2023-38163 - Windows Defender Attack Surface Reduction Security Feature Bypass

Product: Microsoft Windows Defender

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38163

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163




CVE-2023-38164 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Product: Microsoft Dynamics 365

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38164

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164




CVE-2023-4501 - OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server versions 7.0 patch updates 19-20, 8.0 patch updates 8-9, and 9.0 patch update 1 are vulnerable to user authentication bypass via LDAP-based authentication, allowing any valid username to be used regardless of the password entered, potentially enabling impersonation by an attacker.

Product: OpenText Visual COBOL

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4501

NVD References: https://portal.microfocus.com/s/article/KM000021287




CVE-2023-3710 - Honeywell PM43 on 32 bit, ARM (Printer web page modules) is vulnerable to Command Injection due to improper input validation.

Product: Honeywell PM43

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3710

NVD References: 

- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004

- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A

- https://www.honeywell.com/us/en/product-security




CVE-2023-41331 -  SOFARPC, a Java RPC framework, is vulnerable to remote command execution in versions prior to 5.11.0, allowing for JNDI injection or system command execution through crafted payloads.

Product: SOFARPC Java RPC framework

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41331

NVD References: 

- https://github.com/sofastack/sofa-rpc/releases/tag/v5.11.0

- https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86




CVE-2022-41303 - AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior

Product: Autodesk FBX_Software_Development_Kit 2020.0

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-41303

ISC Diary: https://isc.sans.edu/diary/30214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303