SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 38
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Releases MacOS Sonoma Including Numerous Security Patches
Published: 2023-09-26
Last Updated: 2023-09-26 20:30:09 UTC
by Johannes Ullrich (Version: 1)
As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today's release of macOS 14, Apple revealed the security content of these prior updates.
The table below includes the updates released on September 21st and today (26th). It does not include CVSS scores. My ChatGPT-driven script to calculate them had too many issues with this set of updates to be helpful.
Also note that some of the "Exploited" vulnerabilities receives specific updates not included in this table...
Read the full entry:
https://isc.sans.edu/diary/Apple+Releases+MacOS+Sonoma+Including+Numerous+Security+Patches/30252/
A new spin on the ZeroFont phishing technique
Published: 2023-09-26
Last Updated: 2023-09-26 09:13:25 UTC
by Jan Kopriva (Version: 1)
Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
The technique of embedding text with zero font size in phishing e-mails to break up text written in normal, visible way, in order to make detection of suspicious messages by automated means more difficult has been with us for quite some time now. In fact, all the way back in 2018, the team at Avanan coined the term “ZeroFont Phishing” for it.
Nevertheless, the “invisible” text in the e-mail which was delivered to our handler e-mail address last Friday did not serve the usual purpose – it wasn’t intended to hinder automated scanners from identifying the message as potentially fraudulent/malicious, but instead to make the message appear more trustworthy to the recipient.
Before we get to how it did this, let us quickly set the stage.
Modern e-mail clients commonly display received e-mail messages in a layout containing two side-by-side windows – one showing the list of received (or sent, drafted, etc.) messages and the other showing the body of a selected message. As you may see in the following image, Microsoft Outlook displays the name of a sender, its subject and the beginning of a text of each message in the left window, as do many other MUAs...
Read the full entry:
https://isc.sans.edu/diary/A+new+spin+on+the+ZeroFont+phishing+technique/30248/
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS
Published: 2023-09-21
Last Updated: 2023-09-21 18:37:59 UTC
by Johannes Ullrich (Version: 1)
This update patches three already exploited vulnerabilities:
(1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
(2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
(3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability
Patches are available for all currently supported operating systems and Safari to address the WebKit vulnerability.
iOS 17 (just released this week), as well as iOS 16, is vulnerable...
Read the full entry:
Internet Storm Center Entries
YARA Support for .LNK Files (2023.09.24)
https://isc.sans.edu/diary/YARA+Support+for+LNK+Files/30244/
Scanning for Laravel - a PHP Framework for Web Artisants (2023.09.23)
https://isc.sans.edu/diary/Scanning+for+Laravel+a+PHP+Framework+for+Web+Artisants/30242/
What's Normal? DNS TTL Values (2023.09.20)
https://isc.sans.edu/diary/Whats+Normal+DNS+TTL+Values/30234/
Recent CVEs
CVE-2023-41993 - iOS, iPadOS, and Safari versions before 16.7, 17.0.1, and 16.6.1 respectively allow arbitrary code execution during web content processing, potentially exploited prior to iOS 16.7.
CVE-2023-41992 - iOS, iPadOS, watchOS, macOS Ventura, macOS Monterey: A local attacker may be able to elevate their privileges in certain versions before iOS 16.7.
CVE-2023-41991 - iOS, iPadOS, watchOS, macOS Ventura, and watchOS are vulnerable to a certificate validation issue that allows a malicious app to bypass signature validation, and an active exploitation has been reported in versions before iOS 16.7.
CVE-2021-3129 - Laravel before 8.4.2 allows unauthenticated remote attackers to execute arbitrary code due to insecure usage of file_get_contents() and file_put_contents().
CVE-2023-41179 - Trend Micro Apex One, Worry-Free Business Security, and Worry-Free Business Security Services allow an attacker to execute arbitrary commands through the manipulation of their 3rd party AV uninstaller module, but only after obtaining administrative console access.
CVE-2021-26837 - Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18 is vulnerable to SQL Injection, enabling attackers to execute code, escalate privileges, and gain sensitive information.
CVE-2022-28357 - NATS nats-server versions 2.2.0 through 2.7.4 allow directory traversal due to an unintended management action path accessible by a management account.
CVE-2023-26143 - Blamer versions before 1.0.4 allow Arbitrary Argument Injection via the blameByFile() API, bypassing input sanitization and validation of file paths, and mishandling command-line flags.
CVE-2023-5009 - GitLab EE versions before 16.3.4 allowed an attacker to run pipeline jobs as an arbitrary user through scheduled security scan policies.
CVE-2023-41387 - The flutter_downloader component in iOS allows for SQL injection, enabling remote attackers to steal session tokens and overwrite files within the app's container.
CVE-2023-0773 - Uniview IP Camera is vulnerable to remote attackers gaining complete control of the device due to identification and authentication failure at its web-based management interface.
CVE-2022-47558 - ekorCCP and ekorRCI devices are vulnerable to unauthorized access via FTP service default credentials, enabling an attacker to tamper with critical files and execute various malicious actions.
CVE-2023-4092 - Arconte Áurea 1.5.0.0 version is vulnerable to SQL injection, allowing an attacker to read sensitive data, modify database records, and execute commands on the operating system.
CVE-2023-42793 - In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVE-2023-25528 - NVIDIA DGX H100 baseboard management controller (BMC) is vulnerable to a stack overflow through a specially crafted network packet, allowing unauthorized remote attackers to achieve arbitrary code execution, denial of service, information disclosure, and data tampering.
CVE-2023-25530 - NVIDIA DGX H100 BMC KVM service vulnerability allows an attacker to exploit improper input validation, potentially leading to code execution, denial of service, privileges escalation, and information disclosure.
CVE-2023-25531 - NVIDIA DGX H100 BMC allows an attacker to compromise credentials, potentially leading to code execution, denial of service, information disclosure, and privilege escalation.
CVE-2023-25533 - NVIDIA DGX H100 BMC web UI vulnerability allows attackers to execute code, disclose information, and escalate privileges due to improper input validation.
CVE-2023-25534 - NVIDIA DGX H100 BMC IPMI vulnerability allows an attacker to execute code, cause denial of service, escalate privileges, and tamper with data via improper input validation.
CVE-2023-31009 - NVIDIA DGX H100 BMC is vulnerable to improper input validation in its REST service, enabling attackers to execute code, deny service, escalate privileges, or disclose information.
CVE-2023-38888 - Dolibarr ERP CRM v.17.0.1 and before is vulnerable to cross-site scripting, leading to information disclosure and arbitrary code execution through the REST API module.
CVE-2023-4853 - Quarkus allows attackers to bypass security policies, enabling unauthorized endpoint access and potential denial of service.
Product: Quarkus CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4853NVD References: - https://access.redhat.com/errata/RHSA-2023:5170- https://access.redhat.com/errata/RHSA-2023:5310- https://access.redhat.com/errata/RHSA-2023:5337- https://access.redhat.com/security/cve/CVE-2023-4853- https://access.redhat.com/security/vulnerabilities/RHSB-2023-002- https://bugzilla.redhat.com/show_bug.cgi?id=2238034CVE-2023-0829 - Plesk versions 17.0 through 18.0.31 are vulnerable to Cross-Site Scripting, allowing a malicious subscription owner to compromise the server by tricking an administrator into visiting a specific page.Product: Plesk CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0829NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-pleskCVE-2019-19450 - ReportLab before 3.5.31, a paraparser vulnerability, enables remote code execution through untrusted user input in a crafted XML document.Product: ReportLab CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-19450NVD References: - https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md- https://pastebin.com/5MicRrr4CVE-2023-0118 - Foreman allows admin users to execute arbitrary code through a flaw in safe mode bypass and template execution.Product: ForemanCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0118NVD References: - https://access.redhat.com/errata/RHSA-2023:4466- https://access.redhat.com/security/cve/CVE-2023-0118- https://bugzilla.redhat.com/show_bug.cgi?id=2159291CVE-2023-0462 - Foreman is vulnerable to arbitrary code execution due to a YAML payload in global parameter settings by an admin user.Product: ForemanCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0462NVD References: - https://access.redhat.com/security/cve/CVE-2023-0462- https://bugzilla.redhat.com/show_bug.cgi?id=2162970CVE-2022-3874 - Foreman is susceptible to command injection, enabling an authorized admin user to execute arbitrary commands on the underlying OS through CoreOS and Fedora CoreOS configurations in templates.Product: Redhat SatelliteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3874NVD References: - https://access.redhat.com/security/cve/CVE-2022-3874- https://bugzilla.redhat.com/show_bug.cgi?id=2140577CVE-2022-4039 - Red Hat Single Sign-On for OpenShift container images allows an attacker to deploy malicious code and access sensitive information via an unsecured management interface.Product: Red Hat Single Sign-OnCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4039NVD References: - https://access.redhat.com/errata/RHSA-2023:1047- https://access.redhat.com/security/cve/CVE-2022-4039- https://bugzilla.redhat.com/show_bug.cgi?id=2143416CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43196NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.mdCVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43197NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.mdCVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43198NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.mdCVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-captu…
CVE-2023-0829 - Plesk versions 17.0 through 18.0.31 are vulnerable to Cross-Site Scripting, allowing a malicious subscription owner to compromise the server by tricking an administrator into visiting a specific page.
CVE-2019-19450 - ReportLab before 3.5.31, a paraparser vulnerability, enables remote code execution through untrusted user input in a crafted XML document.
CVE-2023-0118 - Foreman allows admin users to execute arbitrary code through a flaw in safe mode bypass and template execution.
Product: ForemanCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0118NVD References: - https://access.redhat.com/errata/RHSA-2023:4466- https://access.redhat.com/security/cve/CVE-2023-0118- https://bugzilla.redhat.com/show_bug.cgi?id=2159291CVE-2023-0462 - Foreman is vulnerable to arbitrary code execution due to a YAML payload in global parameter settings by an admin user.Product: ForemanCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0462NVD References: - https://access.redhat.com/security/cve/CVE-2023-0462- https://bugzilla.redhat.com/show_bug.cgi?id=2162970CVE-2022-3874 - Foreman is susceptible to command injection, enabling an authorized admin user to execute arbitrary commands on the underlying OS through CoreOS and Fedora CoreOS configurations in templates.Product: Redhat SatelliteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3874NVD References: - https://access.redhat.com/security/cve/CVE-2022-3874- https://bugzilla.redhat.com/show_bug.cgi?id=2140577CVE-2022-4039 - Red Hat Single Sign-On for OpenShift container images allows an attacker to deploy malicious code and access sensitive information via an unsecured management interface.Product: Red Hat Single Sign-OnCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4039NVD References: - https://access.redhat.com/errata/RHSA-2023:1047- https://access.redhat.com/security/cve/CVE-2022-4039- https://bugzilla.redhat.com/show_bug.cgi?id=2143416CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43196NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.mdCVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43197NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.mdCVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43198NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.mdCVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43202NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.mdCVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43203NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.mdCVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43204NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.mdCVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43206NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.mdCVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to c…
CVE-2023-0462 - Foreman is vulnerable to arbitrary code execution due to a YAML payload in global parameter settings by an admin user.
Product: ForemanCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0462NVD References: - https://access.redhat.com/security/cve/CVE-2023-0462- https://bugzilla.redhat.com/show_bug.cgi?id=2162970CVE-2022-3874 - Foreman is susceptible to command injection, enabling an authorized admin user to execute arbitrary commands on the underlying OS through CoreOS and Fedora CoreOS configurations in templates.Product: Redhat SatelliteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3874NVD References: - https://access.redhat.com/security/cve/CVE-2022-3874- https://bugzilla.redhat.com/show_bug.cgi?id=2140577CVE-2022-4039 - Red Hat Single Sign-On for OpenShift container images allows an attacker to deploy malicious code and access sensitive information via an unsecured management interface.Product: Red Hat Single Sign-OnCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4039NVD References: - https://access.redhat.com/errata/RHSA-2023:1047- https://access.redhat.com/security/cve/CVE-2022-4039- https://bugzilla.redhat.com/show_bug.cgi?id=2143416CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43196NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.mdCVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43197NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.mdCVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43198NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.mdCVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43202NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.mdCVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43203NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.mdCVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43204NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.mdCVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43206NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.mdCVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to command injection through the configRestore parameter, enabling arbitrary command execution by attackers.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43207NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.mdCVE-2023-5074 - D-Link D-View 8 v2.0.1.28 suffers from an authentication bypass due to the use of a st…
CVE-2022-3874 - Foreman is susceptible to command injection, enabling an authorized admin user to execute arbitrary commands on the underlying OS through CoreOS and Fedora CoreOS configurations in templates.
Product: Redhat SatelliteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3874NVD References: - https://access.redhat.com/security/cve/CVE-2022-3874- https://bugzilla.redhat.com/show_bug.cgi?id=2140577CVE-2022-4039 - Red Hat Single Sign-On for OpenShift container images allows an attacker to deploy malicious code and access sensitive information via an unsecured management interface.Product: Red Hat Single Sign-OnCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4039NVD References: - https://access.redhat.com/errata/RHSA-2023:1047- https://access.redhat.com/security/cve/CVE-2022-4039- https://bugzilla.redhat.com/show_bug.cgi?id=2143416CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43196NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.mdCVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43197NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.mdCVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43198NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.mdCVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43202NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.mdCVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43203NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.mdCVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43204NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.mdCVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43206NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.mdCVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to command injection through the configRestore parameter, enabling arbitrary command execution by attackers.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43207NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.mdCVE-2023-5074 - D-Link D-View 8 v2.0.1.28 suffers from an authentication bypass due to the use of a static key for JWT token protection.Product: D-Link D-View 8CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5074NVD References: https://www.tenable.com/security/research/tra-2023-32CVE-2023-43235 - D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.Product: D-Link DIR-823G_Firmware 1.0.2b05CVSS Score: 9.8NVD: https://nvd…
CVE-2022-4039 - Red Hat Single Sign-On for OpenShift container images allows an attacker to deploy malicious code and access sensitive information via an unsecured management interface.
Product: Red Hat Single Sign-OnCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-4039NVD References: - https://access.redhat.com/errata/RHSA-2023:1047- https://access.redhat.com/security/cve/CVE-2022-4039- https://bugzilla.redhat.com/show_bug.cgi?id=2143416CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43196NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.mdCVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43197NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.mdCVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43198NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.mdCVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43202NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.mdCVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43203NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.mdCVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43204NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.mdCVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43206NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.mdCVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to command injection through the configRestore parameter, enabling arbitrary command execution by attackers.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43207NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.mdCVE-2023-5074 - D-Link D-View 8 v2.0.1.28 suffers from an authentication bypass due to the use of a static key for JWT token protection.Product: D-Link D-View 8CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5074NVD References: https://www.tenable.com/security/research/tra-2023-32CVE-2023-43235 - D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.Product: D-Link DIR-823G_Firmware 1.0.2b05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43235NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWifiDownSettings/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43236 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.Product: D-Link DIR-816 A2_Firmware 1.10cnb05CVSS Score: 9.8NVD: …
CVE-2023-43196 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.
CVE-2023-43197 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.
CVE-2023-43198 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.
CVE-2023-43199 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.
Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43199NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.mdCVE-2023-43200 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43200NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.mdCVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.Product: D-Link DI-7200GCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43201NVD References: - https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43202NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.mdCVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43203NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.mdCVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43204NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.mdCVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43206NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.mdCVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to command injection through the configRestore parameter, enabling arbitrary command execution by attackers.Product: D-LINK DWL-6610APCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43207NVD References: https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.mdCVE-2023-5074 - D-Link D-View 8 v2.0.1.28 suffers from an authentication bypass due to the use of a static key for JWT token protection.Product: D-Link D-View 8CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5074NVD References: https://www.tenable.com/security/research/tra-2023-32CVE-2023-43235 - D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.Product: D-Link DIR-823G_Firmware 1.0.2b05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43235NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWifiDownSettings/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43236 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.Product: D-Link DIR-816 A2_Firmware 1.10cnb05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43236NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/dir_setWanWifi/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43237 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.Product: D-Link DIR-816 A2_Firmware 1.10cnb05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43237NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/setMAC/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43238 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.Product: D-Link DIR-816 A2_Firmware 1.10cnb05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43238NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2Dhcpip_cgi/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43239 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.Product: D-Link DIR-816 A2_Firmware 1.10cnb05CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43239NVD References: - https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/showMACfilterMAC/1.md- https://www.dlink.com/en/security-bulletin/CVE-2023-43240 - D-Link DIR-816 A2 v1.10CNB05 was discovere…
CVE-2023-43201 - D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.
CVE-2023-43202 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.
CVE-2023-43203 - D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.
CVE-2023-43204 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is vulnerable to command injection through the manual-time-string parameter, enabling execution of arbitrary commands.
CVE-2023-43206 - D-LINK DWL-6610 FW_v_4.3.0.8B003C allows attackers to execute arbitrary commands through a command injection vulnerability in the function web_cert_download_handler.
CVE-2023-43207 - D-LINK DWL-6610 FW_v_4.3.0.8B003C is susceptible to command injection through the configRestore parameter, enabling arbitrary command execution by attackers.
CVE-2023-5074 - D-Link D-View 8 v2.0.1.28 suffers from an authentication bypass due to the use of a static key for JWT token protection.
CVE-2023-43235 - D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.
CVE-2023-43236 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
CVE-2023-43237 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
CVE-2023-43238 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.
CVE-2023-43239 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
CVE-2023-43240 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
CVE-2023-43241 - D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.
CVE-2023-43242 - D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
CVE-2023-43128 - D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.
CVE-2023-43129 - D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.
CVE-2023-43130 - D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.
CVE-2023-5143 - D-Link DAR-7000 up to 20151231 is vulnerable to an unsupported vulnerability when assigned.
CVE-2023-43478 - The Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, potentially enabling them to modify the firmware or configuration, leading to code execution as root.
CVE-2023-42464 - Netatalk's afpd in versions 3.1.x before 3.1.17 is susceptible to a Type Confusion vulnerability in the Spotlight RPC functions, which may lead to potential Remote Code Execution by allowing control of the pointer's value.
CVE-2023-2262 - Rockwell Automation select 1756-EN* communication devices are susceptible to a buffer overflow vulnerability allowing threat actors to execute remote code by sending a malicious CIP request to the device.
CVE-2023-40619 - phpPgAdmin 7.14.4 and earlier is vulnerable to remote code execution due to untrusted data deserialization in multiple places, including the 'ma[]' POST parameter in 'tables.php'.
CVE-2023-43371, CVE-2023-43373, CVE-2023-43374, CVE-2023-43375 - Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities.
CVE-2023-43134 - Netis 360RAC1200 v1.3.4517 has an unauthorized access vulnerability that enables attackers to retrieve sensitive information, exploit user tokens, and gain unauthorized access to the device backend management.
CVE-2023-42322 - Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
CVE-2023-34575 - PrestaShop opartsavecart through 2.0.7 is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands.
CVE-2023-36109 - Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
CVE-2023-39675 - SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
CVE-2023-43135 - TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n allows unauthorized access, leading to the retrieval of sensitive information, user tokens, and back-end management login.
CVE-2015-5467 - Yii2 before 2.0.5 allows attackers to execute local .php files through relative path manipulation in the view parameter.
CVE-2023-4291 - Frauscher Sensortechnik GmbH FDS101 is vulnerable to a remote code execution (RCE) vulnerability, allowing a full compromise of the device without authentication, through manipulated parameters of the web interface.
CVE-2023-4760 - Eclipse RAP versions from 3.0.0 up to and including 3.25.0 are vulnerable to Remote Code Execution on Windows due to insecure extraction of file names in the FileUpload component.
CVE-2023-43632 - The "VTPM" server in EVE is vulnerable to a stack overflow vulnerability, allowing an attacker to crash the system or gain control over the highly privileged "vtpm_server" process.
CVE-2023-34577 - QL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.
CVE-2023-42807 - Frappe LMS before version 1.0.0 had an SQL Injection vulnerability on the People Page, which has been resolved in the latest main branch.
CVE-2023-42279 - Dreamer CMS 4.1.3 is vulnerable to SQL Injection.
CVE-2023-42810 - Systeminformation is vulnerable to a SSID Command Injection in versions 5.0.0 through 5.21.6, but the issue is resolved in version 5.21.7; to mitigate, validate or sanitize input strings for `wifiConnections()` and `wifiNetworks()` functions.
CVE-2023-34576 - PrestaShop opartfaq through 1.0.3 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary SQL commands.
CVE-2023-31719 - FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
Product: Frangoteam FUXACVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31719NVD References: - https://github.com/MateusTesser/CVE-2023-31719- https://github.com/frangoteam/FUXA- https://youtu.be/cjb2KYpV6dYCVE-2023-23363 - QNAP operating system is vulnerable to a buffer copy without checking size of input vulnerability, which could allow remote code execution via unspecified vectors; however, the vulnerability has been fixed in QTS 4.3.6.2441 build 20230621 and later, QTS 4.3.3.2420 build 20230621 and later, QTS 4.2.6 build 20230621 and later, and QTS 4.3.4.2451 build 20230621 and later.Product: QNAP QTSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23363NVD References: https://www.qnap.com/en/security-advisory/qsa-23-25CVE-2023-23364 - QNAP operating systems are vulnerable to a buffer copy without size checking, possibly enabling remote code execution, with fixes available in Multimedia Console versions 2.1.1 (2023/03/29) and 1.4.7 (2023/03/20) onwards.Product: QNAP Multimedia ConsoleCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23364NVD References: https://www.qnap.com/en/security-advisory/qsa-23-29CVE-2023-43762 - WithSecure's Policy Manager 15 and Policy Manager Proxy 15 allow Unauthenticated Remote Code Execution via the web server (backend).Product: WithSecure F-Secure Policy ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43762NVD References: - https://www.withsecure.com/en/support/security-advisories- https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511CVE-2023-43764 - WithSecure Policy Manager 15 on Windows and Linux allows unauthenticated remote code execution via the web server backend.Product: WithSecure F-Secure Policy ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43764NVD References: - https://www.withsecure.com/en/support/security-advisories- https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511CVE-2023-43144 - Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.Product: Projectworlds Asset Management System Project In PhpCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43144NVD References: https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2CVE-2023-42798 - AutomataCI versions 1.4.1 and below allow a release job to reset the git root repository to the first commit, but version 1.5.0 has a patch and a temporary workaround is to manually clone `PROJECT_PATH_RELEASE` directory as a separate git repository.Product: Hollowaykeanho AutomataciCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42798NVD References: - https://github.com/ChewKeanHo/AutomataCI/issues/93- https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89CVE-2023-43270 - dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.Product: Dst-Admin Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43270NVD References: https://github.com/Libestor/someCVE/tree/main/dst-admin-RCECVE-2023-40989 - Jeecgboot jeecg-boot versions 3.0 and 3.5.3 are vulnerable to SQL injection, allowing remote attackers to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.Product: Jeecg BootCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40989NVD References: https://github.com/Zone1-Z/CVE-2023-40989/blob/main/CVE-2023-40989CVE-2023-43338 - Cesanta mjs v2.20.0 allows arbitrary code execution via function pointer hijacking in mjs_get_ptr().Product: Cesanta MjsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43338NVD References: https://github.com/cesanta/mjs/issues/250CVE-2023-43468 - janobe Online Job Portal v.2020 is vulnerable to a remote SQL injection attack allowing the execution of arbitrary code via login.php.Product: Online Job Portal Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43468NVD References: - https://gist.github.com/ae6e361b/30d56c116d9f727b91c418d044f42fd3- https://github.com/ae6e361b/Online-Job-Portal- https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.htmlCVE-2023-43469 - Janobe Online Job Portal v.2020 is vulnerable to SQL injection, allowing remote attackers to execute arbitrary code through the ForPass.php component.Product: Online Job Portal Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43469NVD References: - https://gist.github.com/ae6e361b/28ffc44d39e406ce1bc627c0c5c3a7de- https://github.com/ae6e361b/Online-Job-Portal-Forget- https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.htmlCVE-2023-43470 - Janobe Online Voting System v.1.0 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary code through the checklogin.php component.Product: Ja…
CVE-2023-23363 - QNAP operating system is vulnerable to a buffer copy without checking size of input vulnerability, which could allow remote code execution via unspecified vectors; however, the vulnerability has been fixed in QTS 4.3.6.2441 build 20230621 and later, QTS 4.3.3.2420 build 20230621 and later, QTS 4.2.6 build 20230621 and later, and QTS 4.3.4.2451 build 20230621 and later.
CVE-2023-23364 - QNAP operating systems are vulnerable to a buffer copy without size checking, possibly enabling remote code execution, with fixes available in Multimedia Console versions 2.1.1 (2023/03/29) and 1.4.7 (2023/03/20) onwards.
CVE-2023-43762 - WithSecure's Policy Manager 15 and Policy Manager Proxy 15 allow Unauthenticated Remote Code Execution via the web server (backend).
CVE-2023-43764 - WithSecure Policy Manager 15 on Windows and Linux allows unauthenticated remote code execution via the web server backend.
CVE-2023-43144 - Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
CVE-2023-42798 - AutomataCI versions 1.4.1 and below allow a release job to reset the git root repository to the first commit, but version 1.5.0 has a patch and a temporary workaround is to manually clone `PROJECT_PATH_RELEASE` directory as a separate git repository.
CVE-2023-43270 - dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
CVE-2023-40989 - Jeecgboot jeecg-boot versions 3.0 and 3.5.3 are vulnerable to SQL injection, allowing remote attackers to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
CVE-2023-43338 - Cesanta mjs v2.20.0 allows arbitrary code execution via function pointer hijacking in mjs_get_ptr().
CVE-2023-43468 - janobe Online Job Portal v.2020 is vulnerable to a remote SQL injection attack allowing the execution of arbitrary code via login.php.
CVE-2023-43469 - Janobe Online Job Portal v.2020 is vulnerable to SQL injection, allowing remote attackers to execute arbitrary code through the ForPass.php component.
CVE-2023-43470 - Janobe Online Voting System v.1.0 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary code through the checklogin.php component.
CVE-2023-1260 - Kube-apiserver allows a remote, authenticated attacker to bypass authentication and gain control of a privileged pod by exploiting an authentication bypass vulnerability.
Product: Kubernetes Kube-apiserverCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1260NVD References: - https://access.redhat.com/errata/RHSA-2023:3976- https://access.redhat.com/errata/RHSA-2023:4093- https://access.redhat.com/errata/RHSA-2023:4312- https://access.redhat.com/errata/RHSA-2023:4898- https://access.redhat.com/security/cve/CVE-2023-1260- https://bugzilla.redhat.com/show_bug.cgi?id=2176267CVE-2023-39407 - The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.Product: Huawei Harmonyos 2.0.0CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39407NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158CVE-2023-41294 - The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.Product: Huawei Harmonyos 2.1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41294NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158CVE-2023-41296 - Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.Product: Huawei Harmonyos 4.0.0CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41296NVD References: - https://consumer.huawei.com/en/support/bulletin/2023/9/- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158CVE-2023-41297 - The HiviewTunner module is vulnerable to defects in its design process, potentially leading to service hijacking.Product: Huawei Harmonyos 2.0.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41297NVD References: - https://consumer.huawei.com/en/support/bulletin/2023/9/- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158CVE-2023-41419 - Gevent Gevent before version 23.9.1 allows privilege escalation via a crafted script to the WSGIServer component.Product: Gevent Gevent CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41419NVD References: - https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c- https://github.com/gevent/gevent/issues/1989CVE-2022-48605 - Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.Product: Huawei EmuiCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48605NVD References: - https://consumer.huawei.com/en/support/bulletin/2023/9/- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158CVE-2023-43131 - General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.Product: Maxiguvenlik General Device ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43131NVD References: https://www.exploit-db.com/exploits/51641CVE-2023-0625 - Docker Desktop before 4.12.0 allows remote code execution through a manipulated extension description or changelog.Product: Docker Desktop CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0625NVD References: https://docs.docker.com/desktop/release-notes/#4120CVE-2023-0626 - Docker Desktop before 4.12.0 allows remote code execution (RCE) via query parameters in the message-box route.Product: Docker Desktop CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0626NVD References: https://docs.docker.com/desktop/release-notes/#4120CVE-2023-32284 - Accusoft ImageGear 20.1 is vulnerable to an out-of-bounds write vulnerability in the tiff_planar_adobe functionality, enabling memory corruption via a specially crafted file.Product: Accusoft ImageGear 20.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32284NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1750CVE-2023-32614 - Accusoft ImageGear 20.1 is susceptible to a heap-based buffer overflow vulnerability through a specially crafted file, causing memory corruption when the file is opened, enabling remote code execution by an attacker.Product: Accusoft ImageGear 20.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32614NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749CVE-2023-35002 - Accusoft ImageGear 20.1 is vulnerable to a heap-based buffer overflow, allowing arbitrary code execution via a specially crafted file.Product: Accusoft ImageGear 20.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35002NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760CVE-2023-39453 - Accusoft ImageGear 20.1 has a use-after-free vulnerability in tif_parse_sub_IFD, allowing arbitrary code execution through a specially crafted file.Product: Accusoft ImageGear 20.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39453NVD References: h…
CVE-2023-39407 - The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
CVE-2023-41294 - The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.
CVE-2023-41296 - Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
CVE-2023-41297 - The HiviewTunner module is vulnerable to defects in its design process, potentially leading to service hijacking.
CVE-2023-41419 - Gevent Gevent before version 23.9.1 allows privilege escalation via a crafted script to the WSGIServer component.
CVE-2022-48605 - Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2023-43131 - General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.
CVE-2023-0625 - Docker Desktop before 4.12.0 allows remote code execution through a manipulated extension description or changelog.
CVE-2023-0626 - Docker Desktop before 4.12.0 allows remote code execution (RCE) via query parameters in the message-box route.
CVE-2023-32284 - Accusoft ImageGear 20.1 is vulnerable to an out-of-bounds write vulnerability in the tiff_planar_adobe functionality, enabling memory corruption via a specially crafted file.
CVE-2023-32614 - Accusoft ImageGear 20.1 is susceptible to a heap-based buffer overflow vulnerability through a specially crafted file, causing memory corruption when the file is opened, enabling remote code execution by an attacker.
CVE-2023-35002 - Accusoft ImageGear 20.1 is vulnerable to a heap-based buffer overflow, allowing arbitrary code execution via a specially crafted file.
CVE-2023-39453 - Accusoft ImageGear 20.1 has a use-after-free vulnerability in tif_parse_sub_IFD, allowing arbitrary code execution through a specially crafted file.
CVE-2023-40163 - Accusoft ImageGear 20.1 allows an attacker to achieve memory corruption through a specially crafted malformed file, due to an out-of-bounds write vulnerability in the allocate_buffer_for_jpeg_decoding functionality.
CVE-2023-3550 - Mediawiki v1.40.0 allows remote attackers to gain administrator privileges by exploiting the lack of namespace validation in XML file uploads.
CVE-2023-43141 - TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
CVE-2023-4490 - The WP Job Portal WordPress plugin through 2.0.3 is susceptible to unauthenticated SQL injection due to inadequate sanitization of a parameter used in a SQL statement.
CVE-2023-4521 - The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to perform remote code execution due to the presence of a web shell.
CVE-2023-39640 - UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().
CVE-2023-43644 - Sing-box, an open source proxy system, is vulnerable to an authentication bypass when crafted requests are sent, allowing attackers to bypass authentication on all SOCKS5 inbounds with user authentication; users are recommended to update to versions 1.4.4 or 1.5.0-rc.4, and if unable to update, SOCKS5 inbound should not be exposed to insecure environments.
CVE-2023-43457 - Service Provider Management System v.1.0 allows remote attackers to gain privileges by exploiting the /php-spms/admin/?page=user/ endpoint.
CVE-2023-5129 - libwebp allows an out-of-bounds write vulnerability to occur in ReplicateValue when processing a specially crafted WebP lossless file.
CVE-2023-36805 - Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-36792 - Visual Studio Remote Code Execution Vulnerabilities
CVE-2023-36788 - .NET Framework Remote Code Execution Vulnerability
cve-2023-40477 - poc-hides-venomrat/
cve-2023-40477-poc-hides-venomrat/">https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Sponsors
Dragos
*********** Sponsored By Dragos, Inc. ***********EXCLUSIVE WEBINAR | Rockwell Automation & Dragos CEOs Tackle Manufacturing Cybersecurity Challenges Don’t miss this exclusive webinar on October 6 @ 10am CT / 11am ET as visionary leaders, Robert M. Lee, CEO of Dragos, and Blake Moret, Chairman & CEO of Rockwell Automation discuss manufacturing threat landscape insights and supply chain risks. Reshape the way you approach cybersecurity in manufacturing. Register now:
Palo Alto Networks
Take the SANS Future of Network Security Technology Survey today to help us better understand spending habits, priorities, and decision-making processes when it comes to security technology. Share your thoughts with us for a chance to win a $250 Amazon gift card! | Take the Survey:
Vectra®
Free Virtual Event on Wed, October 4 | Join Matt Bromiley and invited speakers to step into the shoes of an attacker as we break down real-world attack scenarios. Join the action and the conversation, register here:
Axonius
Upcoming Webcast on Thu, October 5 at 1:00pm ET | No More Acronyms – Let’s Solve Problems: Putting CAASM and SSPM Aside to Talk Real Use Cases | Learn more and register now: