SEC536: Adversarial AI - Penetration Testing AI Systems
SEC536Offensive Operations, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 40
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?
Published: 2023-10-11
Last Updated: 2023-10-11 12:29:24 UTC
by Johannes Ullrich (Version: 1)
Last week, Daniel Stenberg announced that he would release a new version of the curl library and command line tool today, fixing a significant vulnerability. Curl is the de-facto standard library to create HTTP requests unless you still use Perl (good old LWP..). A significant vulnerability in curl will affect pretty much anything connecting to a web server. With everything becoming an HTTP-based API, code using curl is probably written faster than ever, and Daniel's work is more important than ever.
Today, we got the promised fix for CVE-2023-38545. So here is a quick overview of how severe it is:
The vulnerability is a heap-based buffer overflow, which may lead to arbitrary code execution. Modern operating systems should make exploitation of heap-based buffer overflows more difficult, but exploitation is possible.
To exploit this vulnerability, the attacker has to be able to supply an oversized hostname to curl. Host names passed to curl should be validated, and I do not believe such an oversized hostname would pass input validation. Sure, an attacker can run "curl" on the command line, but if they can do so, they already have code execution capabilities. A valid exploit would require an attacker to trigger code execution by, for example, passing a hostname to a web app that would trigger the code execution in curl.
Next, the exploit only exists if curl is used to connect to a SOCKS5 proxy. This is another dependency, making exploitation less likely.
Read the full entry: https://isc.sans.edu/diary/CVE202338545+curl+SOCKS5+oversized+hostname+vulnerability+How+bad+is+it/30304/
October 2023 Microsoft Patch Tuesday Summary
Published: 2023-10-10
Last Updated: 2023-10-10 18:03:47 UTC
by Johannes Ullrich (Version: 1)
For October, Microsoft released patches for 105 different vulnerabilities. This count includes one Chromium vulnerability that was patched earlier this month.
There are a total of three already exploited vulnerabilities:
CVE-2023-44487 HTTP/2 Rapid Reset Attack: This vulnerability was disclosed by Cloudflare in a blog post earlier today. Cloudflare started to see these attacks late in August. This issue led to unprecedented DoS attacks. An attacker will set an HTTP/2 stream and immediately "cancel" it with a reset stream. This avoids limits on the number of streams accepted and can lead to CPU exhaustion on the server attempting to clean up the canceled streams. This is not a TCP RST but an application layer (HTTP/2) feature. On the other hand, it does look a bit like a SYN flood attack, maybe? HTTP/2 often appears to re-implement some of the features found in TCP, so it is no surprise to see similar vulnerabilities.
CVE-2023-36563 Wordpad Information Disclosure: Yet another problem with linked resources that may cause the client (Wordpad in this case) to initiate an SMB connection and in the process, automatically pass along weakly hashed credentials. See this blog post for details: https://support.microsoft.com/en-us/topic/kb5032314-how-to-manage-the-ole-object-conversion-vulnerability-in-wordpad-associated-with-cve-2023-36563-98d95ae9-2f9e-4f65-9231-46363c31cf07
CVE-2023-41763: Skype for Business elevation of privileges. This is a vulnerability in the Skype for Business server product. IP addresses and port numbers may be disclosed.
Noteworthy are the nine critical vulnerabilities in the Layer 2 Tunneling protocol and the vulnerabilities in the Microsoft Message Queue (one with a CVSS score of 9.8). These two components received numerous patches for the last couple of months.
Overall, I would rate this patch Tuesday as "average." There are no "outrageously important" vulnerabilities to patch.
Read the full entry: https://isc.sans.edu/diary/October+2023+Microsoft+Patch+Tuesday+Summary/30300/
Apple fixes vulnerabilities in iOS and iPadOS.
Published: 2023-10-04
Last Updated: 2023-10-04 19:53:02 UTC
by Johannes Ullrich (Version: 1)
Apple today released iOS/iPadOS 17.0.3. These updates fix two vulnerabilities. A WebRTC vulnerability that could be used to execute arbitrary code, establishing initial access to the device, and a Kernel vulnerability used to elevate privileges. The privilege escalation vulnerability has been exploited against older versions of iOS. See Apple's page about these vulnerabilities: https://support.apple.com/en-us/HT213961.
Read the full entry: https://isc.sans.edu/diary/Apple+fixes+vulnerabilities+in+iOS+and+iPadOS/30280/
Internet Storm Center Entries
ZIP's DOSTIME & DOSDATE Formats (2023.10.09)
https://isc.sans.edu/diary/ZIPs+DOSTIME+DOSDATE+Formats/30296/
Wireshark 4.2.0 First Release Candidate (2023.10.08)
https://isc.sans.edu/diary/Wireshark+420+First+Release+Candidate/30292/
Binary IPv6 Addresses (2023.10.07)
https://isc.sans.edu/diary/Binary+IPv6+Addresses/30290/
Wireshark releases 2 updates in one day. Mac users especially will want the latest. (2023.10.07)
New tool: le-hex-to-ip.py (2023.10.05)
https://isc.sans.edu/diary/New+tool+lehextoippy/30284/
What's Normal? Connection Sizes (2023.10.04)
https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-44487 - MITRE:
CVE-2023-36780, CVE-2023-36786, CVE-2023-36789 - Skype for Business Remote Code Execution Vulnerability
CVE-2023-41763 - Skype for Business Elevation of Privilege Vulnerability
CVE-2023-22515 - Confluence Data Center and Server instances allowed external attackers to create unauthorized administrator accounts and access Confluence instances.
Product: Atlassian Confluence Data CenterCVSS Score: 9.8** KEV since 2023-10-05 ** NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22515NVD References: - https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515- https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276- https://jira.atlassian.com/browse/CONFSERVER-92457CVE-2023-4911 - GNU C Library's dynamic loader ld.so is vulnerable to a buffer overflow during the processing of the GLIBC_TUNABLES environment variable, enabling a local attacker to execute code with elevated privileges via maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission.Product: GNU GlibcCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4911ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8688NVD References: https://www.qualys.com/cve-2023-4911/CVE-2023-35349, CVE-2023-36570 through CVE-2023-36575, CVE-2023-36577, CVE-2023-36578, CVE-2023-36582, CVE-2023-36583, CVE-2023-36589 through CVE-2023-36593 - Microsoft Message Queuing Remote Code Execution VulnerabilitiesProduct: Microsoft Message QueuingCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35349NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36570NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36571NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36572NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36573NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36574NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36575NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36577NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36578NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36582NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36583NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36589NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36590NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36591NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36592NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36593ISC Diary: https://isc.sans.edu/diary/30300MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434 CVE-2023-36431, CVE-2023-36579, CVE-2023-36581, CVE-2023-36606 - Microsoft Message Queuing Denial of Service VulnerabilitiesProduct: Microsoft Message QueuingCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36431NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36579NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36581NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36606ISC Diary: https://isc.sans.edu/diary/30300MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606 CVE-2023-42824 - iOS and iPadOS versions before 17.0.3 allow local attackers to elevate privileges, possibly with active exploitation in earlier iOS versions.Product: Apple iPadOSCVSS Score: 7.8** KEV since 2023-10-05 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42824NVD References: - https://support.apple.com/en-us/HT213961- https://support.apple.com/en-us/HT213972- https://support.apple.com/kb/HT213972CVE-2023-22385 - Memory Corruption in Data Modem while making a MO call or MT VOLTE call.Product: Qualcomm 315 5G Iot ModemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22385NVD References: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletinCVE-2023-24855 - Memory corruption in Modem while processing security related configuration before AS Security Exchange.Product:…
CVE-2023-35349, CVE-2023-36570 through CVE-2023-36575, CVE-2023-36577, CVE-2023-36578, CVE-2023-36582, CVE-2023-36583, CVE-2023-36589 through CVE-2023-36593 - Microsoft Message Queuing Remote Code Execution Vulnerabilities
CVE-2023-36431, CVE-2023-36579, CVE-2023-36581, CVE-2023-36606 - Microsoft Message Queuing Denial of Service Vulnerabilities
CVE-2023-42824 - iOS and iPadOS versions before 17.0.3 allow local attackers to elevate privileges, possibly with active exploitation in earlier iOS versions.
CVE-2023-22385 - Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-24855 - Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE-2023-33028 - Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
CVE-2023-3656 - cashIT! - serving solutions is affected by an unauthenticated remote code execution vulnerability that can be triggered by an exposed HTTP endpoint.
CVE-2023-3654 - cashIT! - serving solutions, devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are vulnerable to origin bypass via the host header in an HTTP request when exposed to the network.
CVE-2022-47893 - NetMan 204 is vulnerable to remote code execution, permitting remote attackers to upload a firmware file with a webshell and gain root access.
CVE-2023-5350 - SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-40830 - Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.
CVE-2023-33268 through CVE-2023-33273 - Multiple OS command injection vulnerabilities in DTS Monitoring 3.57.0
CVE-2023-44973 - Emlog Pro v2.2.0 arbitrary file upload vulnerabilities in the component /content/templates/ that permits attackers to execute code by uploading a manipulated PHP file.
CVE-2023-39645 - Theme Volty CMS Payment Icon module for PrestaShop allows SQL injection by a guest user.
CVE-2023-39646 - Theme Volty CMS Category Chain Slider module for PrestaShop is vulnerable to SQL injection in versions up to 4.0.1, allowing guest users to exploit this vulnerability.
CVE-2023-39648 - Theme Volty CMS Testimonial module for PrestaShop allows for SQL injection in affected versions when a guest performs certain actions.
CVE-2023-39649 - Theme Volty CMS Category Slider module for PrestaShop allows SQL injection in guest mode.
CVE-2023-39651 - Theme Volty CMS BrandList module for PrestaShop allows SQL injection in affected versions.
CVE-2023-39647 - The "Theme Volty CMS Category Product" module for PrestaShop (tvcmscategoryproduct) up to version 4.0.1 allows SQL injection by a guest user.
CVE-2023-37404 - IBM Observability with Instana 1.0.243 through 1.0.254 allows execution of arbitrary code on host following successful DNS poisoning attack.
CVE-2023-30733 - Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.
CVE-2023-2809 - Sage 200 Spain 2023.38.001 version is vulnerable to plaintext credential usage, allowing remote extraction of SQL database credentials, potentially leading to remote execution of MS SQL commands and privilege escalation on Windows systems.
CVE-2023-44208 - Acronis Cyber Protect Home Office (Windows) before build 40713 allows sensitive information disclosure and manipulation due to missing authorization.
CVE-2023-4491 - The Easy Address Book Web Server 1.6 version is vulnerable to a buffer overflow attack through a POST request to /searchbook.ghp, leading to remote arbitrary code execution.
CVE-2023-4494 - Easy Chat Server 3.1 is susceptible to a stack-based buffer overflow vulnerability when an attacker sends an excessively long username string via a GET request to the register.ghp file, enabling arbitrary code execution on the remote machine.
CVE-2023-5373 - SourceCodester Online Computer and Laptop Store 1.0 is susceptible to a remote SQL injection attack through the manipulation of the email argument in the register function of Master.php (VDB-241254).
CVE-2023-5374 - SourceCodester Online Computer and Laptop Store 1.0 is susceptible to remote SQL injection (CVE: VDB-241255) via the manipulation of the 'c' argument in the 'products.php' file.
CVE-2022-36276 - TCMAN GIM v8.0.1 is vulnerable to SQL injection, enabling remote attackers to directly interact with the database via the 'SqlWhere' parameter in the 'BuscarESM' function.
CVE-2023-20101 - Cisco Emergency Responder contains a vulnerability that allows an unauthenticated attacker to log in remotely using the root account's default, unchangeable credentials.
CVE-2023-5402 - A CWE-269: Improper Privilege Management vulnerability exists that could cause a local privilege escalation when the transfer command is used.
CVE-2023-38701 - Hydra, a layer-two scalability solution for Cardano, has a vulnerability in versions prior to 0.12.0 that allows an attacker to steal funds committed into the Hydra head validator and prevent successful opening of Hydra heads.
CVE-2023-5391 - The vulnerability allows arbitrary code execution in the vulnerable product through deserialization of untrusted data.
CVE-2023-5399 - The File Command is vulnerable to a path traversal issue caused by improper limitation of a pathname to a restricted directory.
CVE-2023-36619 - Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.
CVE-2023-41094 - The Ember ZNet 7.1.x, 7.2.x, and versions 7.3 and later are vulnerable to the issue allowing unauthorized addition of devices outside of valid TouchLink range or pairing duration.
CVE-2023-35803 - IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
CVE-2023-45160 - The 1E Client vulnerability allows ordinary users to replace resource script files with malicious scripts, but has been fixed in patch Q23094 by securing the temporary directory.
CVE-2023-2306 - Qognify NiceVision versions 3.1 and prior expose sensitive information through hard-coded credentials, allowing attackers to access camera info, user data, and manipulate database records.
CVE-2023-5346 - Chromium:
CVE-2023-32485 - Dell SmartFabric Storage Software version 1.3 and lower allows remote unauthenticated attackers to escalate privileges through improper input validation, posing a critical severity risk to user authentication.
CVE-2023-43981 - Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.
CVE-2023-43983 - Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-44024 - KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before is vulnerable to remote code execution through a crafted request to the supercheckout.php component.
CVE-2023-4530 - Turna Advertising Administration Panel before 1.1 is vulnerable to SQL Injection.
CVE-2023-36465 - Decidim allows any logged-in user to access and manipulate templates of surveys within its administration panel due to incorrect permissions enforcement.
CVE-2023-38703 - PJSIP, a free and open source multimedia communication library, has a vulnerability that can result in unexpected termination of applications or control flow hijack/memory corruption if they have SRTP capability and use a media transport other than UDP.
CVE-2023-43058 - IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. BM X-Force ID: 247527.
CVE-2023-44807 - D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.
CVE-2023-5214 - In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
cve-2023-5255 - denial-service-revocation-auto-renewed-certificates
cve-2023-5255-denial-service-revocation-auto-renewed-certificates">https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates
CVE-2023-3725 - Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVE-2023-44393 - Piwigo, an open source photo gallery application, is vulnerable to a reflected cross-site scripting (XSS) attack prior to version 14.0.0beta4, allowing an attacker to inject malicious HTML and JS code into the HTML page.
CVE-2023-36380 - CP-8031 and CP-8050 MASTER MODULEs (All versions < CPCI85 V05.11 (only with activated debug support)) allow an attacker with the corresponding private key knowledge to login via SSH due to a hard-coded ID in the SSH `authorized_keys` configuration file.
CVE-2023-43625 - Simcenter Amesim (All versions < V2021.1) allows unauthenticated remote attackers to perform DLL injection and execute arbitrary code via a SOAP endpoint.
CVE-2023-41373 - The BIG-IP Configuration Utility has a directory traversal vulnerability that allows authenticated attackers to execute commands and potentially bypass security boundaries in Appliance mode.
CVE-2023-30801 - qBittorrent client through 4.5.5 allows remote attackers to execute arbitrary commands via default credentials in the web user interface.
CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.
CVE-2023-30803 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 allows remote and unauthenticated attackers to access administrative functionality through an authentication bypass vulnerability.
CVE-2023-30805 - Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection through mishandling of shell meta-characters in the "un" parameter, allowing remote and unauthenticated attackers to execute arbitrary commands via a crafted HTTP POST request to the /LogInOut.php endpoint.
CVE-2023-30806 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection via crafted HTTP POST request to the /cgi-bin/login.cgi endpoint, allowing remote unauthenticated attackers to execute arbitrary commands due to mishandling of shell meta-characters in the PHPSESSID cookie.
CVE-2023-34992 - Fortinet FortiSIEM versions 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allow OS command injection, enabling attackers to execute unauthorized code or commands via crafted API requests.
CVE-2023-34993, CVE-2023-36547, CVE-2023-36548 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-36414, CVE-2023-36415 - Azure Identity SDK Remote Code Execution Vulnerabilities
CVE-2023-36418 - Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2023-36419 - Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability
CVE-2023-36561 - Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36417 - Microsoft SQL OLE DB Remote Code Execution Vulnerability
CVE-2023-36420, CVE-2023-36785 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilities
CVE-2023-36435 - Microsoft QUIC Denial of Service Vulnerability
CVE-2023-36436 - Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-36438 - Windows TCP/IP Information Disclosure Vulnerability
CVE-2023-36557 - PrintHTML API Remote Code Execution Vulnerability
CVE-2023-36565 - Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36567 - Windows Deployment Services Information Disclosure Vulnerability
CVE-2023-36568 - Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36569 - Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36585 - Active Template Library Denial of Service Vulnerability
CVE-2023-36594 - Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-36598 - Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2023-36602, CVE-2023-36603 - Windows TCP/IP Denial of Service Vulnerabilities
CVE-2023-36605 - Windows Named Pipe Filesystem Elevation of Privilege Vulnerability
CVE-2023-36701 - Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-36702 - Microsoft DirectMusic Remote Code Execution Vulnerability
CVE-2023-36703 - DHCP Server Service Denial of Service Vulnerability
CVE-2023-36704 - Windows Setup Files Cleanup Remote Code Execution Vulnerability
CVE-2023-36709 - Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2023-36710 - Windows Media Foundation Core Remote Code Execution Vulnerability
CVE-2023-36711 - Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2023-36712 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36718 - Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
CVE-2023-36720 - Windows Mixed Reality Developer Tools Denial of Service Vulnerability
CVE-2023-36721 - Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36723 - Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2023-36725 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36726 - Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
CVE-2023-36729 - Named Pipe File System Elevation of Privilege Vulnerability
CVE-2023-36730 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-41772 - Win32k Elevation of Privilege Vulnerability
CVE-2023-36778 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36737 - Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2023-38171 - Microsoft QUIC Denial of Service Vulnerability
CVE-2023-41766 - Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2023-4309 - The ESC Internet Election Service is vulnerable to SQL injection, allowing an attacker to read or modify data for multiple elections sharing the same backend database.
CVE-2023-36790 - Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
CVE-2023-36902 - Windows Runtime Remote Code Execution Vulnerability
CVE-2023-38159 - Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-38165 through CVE-2023-41771, CVE-2023-41773, CVE-2023-41774 - Layer 2 Tunneling Protocol Remote Code Execution Vulnerabilities
CVE-2023-28229 - Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
CVE-2023-38545 - SOCKS5 heap buffer overflow
Sponsors
Devo Technology Inc.
Sponsored By Devo Technology, Inc.Celebrate SOC Analyst Appreciation Day | Devo is hosting its third annual SOC Analyst Appreciation Day on October 18. In this free virtual event, you’ll hear from some of the world’s most influential cybersecurity leaders and obtain insights on how to manage your mental well-being and fast-track your SOC career. Don’t miss out. Register today!
SANS
This year's CloudSecNext Summit Solutions Track kicks off in just 5 days! Join AJ Yawn and invited guest speakers on Tue, October 17, as we explore various cloud security topics that align with the 5 NIST CSF functions, while showcasing capabilities to implement for each function. Walk away from this free virtual event with a better understanding of how to improve your organization's cloud security environment. | Register now:
CardinalOps
SANS Research | In our SANS Detection Engineering Survey, we're asking the cyber community to share their insights on the state of practice in “detection engineering." Share your thoughts with us to be entered into our drawing for a chance to win a $250 Amazon gift card! | Complete the survey:
Zero Networks
Microsegmentation in a Click - Tue, October 17 at 10:30am ET | In this short and sweet 30-min webcast, Matt Bromiley and Nicolas DiCola from Zero Networks, will explore how Segment by Zero Networks centrally manages host-based firewalls and automates policy implementation in real time. | Register now: