SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 41
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Are typos still relevant as an indicator of phishing?
Published: 2023-10-16
Last Updated: 2023-10-16 07:17:38 UTC
by Jan Kopriva (Version: 1)
I was recently asked by a customer whether it still makes sense to cover “typos” as a potential indicator that an e-mail message may be malicious in the context of security awareness courses.
One might not expect typos to be relevant anymore, given the prevalence of automated language proofing solutions and the availability of modern LLMs, which threat actors may avail themselves of, coupled with advanced capabilities of modern security solutions used to automatically identify and filter out spam and malicious messages… Nevertheless, the truth is that although the aforementioned indicator may not be as useful as it once was, it may still point a recipient in the right direction.
One good example of why this is so was provided by a phishing campaign we saw last week, when several messages, which were trying to masquerade as e-mails from the WeTransfer service, were delivered to our ISC inbox ...
Read the full entry:
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316/
Changes to SMS Delivery and How it Effects MFA and Phishing
Published: 2023-10-17
Last Updated: 2023-10-17 14:02:19 UTC
by Johannes Ullrich (Version: 1)
Spam and phishing SMS messages (sometimes called "smishing") have been problematic in recent years. These messages often bypass security controls and are more challenging to identify as malicious by users. Moreover, they can be just simply annoying.
This post does apply to US telecom companies. Let me know how this is being dealt with in other countries.
Here is a simple "stupid" one I just received yesterday ...
But often, you will now see "smishing" that asks you to reply. For example, an attack I wrote about recently ...
Initially, I figured it might be required to reply to the message to "activate" the phishing page. This would certainly make analysis of these messages more difficult. But the phishing page was accessible even without replying. So there must be another reason for this.
My best guess is that these messages are asking for replies to fool anti-spam techniques put in place by carriers. Over the last few years, carriers in the US have implemented more and more anti-spam measures for SMS. This is partly driven by regulations that initially allowed carriers to filter messages, and now, more and more require them to implement filters. T-Mobile, for example, uses a detailed "code of conduct" to inform customers what T-Mobile considers appropriate behavior.
Red the full entry:
https://isc.sans.edu/diary/Changes+to+SMS+Delivery+and+How+it+Effects+MFA+and+Phishing/30320/
Internet Storm Center Entries
Hiding in Hex (2023.10.18)
https://isc.sans.edu/diary/Hiding+in+Hex/30322/
Domain Name Used as Password Captured by DShield Sensor (2023.10.15)
https://isc.sans.edu/diary/Domain+Name+Used+as+Password+Captured+by+DShield+Sensor/30312/
What's Normal: MAC Addresses (2023.10.13)
https://isc.sans.edu/diary/Whats+Normal+MAC+Addresses/30310/
Recent CVEs
CVE-2023-22515 - Confluence Data Center and Server instances allowed external attackers to create unauthorized administrator accounts and access Confluence instances.
CVE-2023-20198 - Cisco IOS XE Software is vulnerable to remote attackers creating privileged accounts and gaining control of the affected system.
CVE-2023-21608 - Adobe Acrobat Reader versions 22.003.20282, 22.003.20281, and 20.005.30418 have a Use After Free vulnerability allowing arbitrary code execution when a user opens a malicious file.
CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-41763 - Skype for Business Elevation of Privilege Vulnerability
CVE-2023-44487 - MITRE:
CVE-2023-44487 HTTP/2 Rapid Reset AttackProduct: IETF HTTPCVSS Score: 0** KEV since 2023-10-10 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44487MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487NVD References: - https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.Product: Citrix NetScaler Application Delivery ControllerCVSS Score: 7.5** KEV since 2023-10-18 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4966NVD References: https://support.citrix.com/article/CTX579459CVE-2023-35349 - Microsoft Message Queuing Remote Code Execution VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35349MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349CVE-2023-36434 - Windows IIS Server Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36434MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434CVE-2023-38545 - Curl's heap based buffer in the SOCKS5 proxy handshake overflows when passing a host name longer than 255 bytes.Product: Vendor: curlProduct: curl CVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38545ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8698NVD References: https://curl.se/docs/CVE-2023-38545.htmlCVE-2023-43261 - An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.Product: Milesight UR5XCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43261ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8706CVE-2023-43625 - Simcenter Amesim (All versions < V2021.1) allows unauthenticated remote attackers to perform DLL injection and execute arbitrary code via a SOAP endpoint.Product: Siemens Simcenter AmesimCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43625NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-386812.pdfCVE-2023-41373 - The BIG-IP Configuration Utility has a directory traversal vulnerability that allows authenticated attackers to execute commands and potentially bypass security boundaries in Appliance mode.Product: F5 BIG-IP Access Policy ManagerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41373NVD References: https://my.f5.com/manage/s/article/K000135689CVE-2023-30801 - qBittorrent client through 4.5.5 allows remote attackers to execute arbitrary commands via default credentials in the web user interface.Product: qbittorrent CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30801NVD References: - https://github.com/qbittorrent/qBittorrent/issues/18731- https://vulncheck.com/advisories/qbittorrent-default-credsCVE-2023-30803 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 allows remote and unauthenticated attackers to access administrative functionality through an authentication bypass vulnerability.Product: Sangfor Next-Gen Application FirewallCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30803NVD References: - https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/- https://vulncheck.com/advisories/sangfor-ngaf-auth-bypassCVE-2023-30805 - Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection through mishandling of shell meta-characters in the "un" parameter, allowing remote and unauthenticated attackers to execute arbitrary commands via a crafted HTTP POST request to the /LogInOut.php endpoint.Product: Sangfor Next-Gen Application FirewallCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30805NVD References: - https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/- https://vulncheck.com/advisories/sangfor-ngaf-username-rceCVE-2023-30806 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection via crafted HTTP POST request to the /cgi-bin/login.cgi endpoint, allowing remote unauthenticated attackers to execute arbitrary commands due to mishandling of shell meta-characters in the PHPSESSID cookie.Product: Sangfor Next-Gen Application FirewallCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30806NVD References: - https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/- https://vulncheck.com/advisories/sangfor-ngaf…
CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.
CVE-2023-35349 - Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36434 - Windows IIS Server Elevation of Privilege Vulnerability
CVE-2023-38545 - Curl's heap based buffer in the SOCKS5 proxy handshake overflows when passing a host name longer than 255 bytes.
CVE-2023-43261 - An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
CVE-2023-43625 - Simcenter Amesim (All versions < V2021.1) allows unauthenticated remote attackers to perform DLL injection and execute arbitrary code via a SOAP endpoint.
CVE-2023-41373 - The BIG-IP Configuration Utility has a directory traversal vulnerability that allows authenticated attackers to execute commands and potentially bypass security boundaries in Appliance mode.
CVE-2023-30801 - qBittorrent client through 4.5.5 allows remote attackers to execute arbitrary commands via default credentials in the web user interface.
CVE-2023-30803 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 allows remote and unauthenticated attackers to access administrative functionality through an authentication bypass vulnerability.
CVE-2023-30805 - Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection through mishandling of shell meta-characters in the "un" parameter, allowing remote and unauthenticated attackers to execute arbitrary commands via a crafted HTTP POST request to the /LogInOut.php endpoint.
CVE-2023-30806 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection via crafted HTTP POST request to the /cgi-bin/login.cgi endpoint, allowing remote unauthenticated attackers to execute arbitrary commands due to mishandling of shell meta-characters in the PHPSESSID cookie.
CVE-2020-27630 - In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
CVE-2020-27631 - In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
CVE-2020-27633 - In FNET 4.6.3, TCP ISNs are improperly random.
CVE-2020-27634 - In Contiki 4.5, TCP ISNs are improperly random.
CVE-2020-27635 - In PicoTCP 1.7.0, TCP ISNs are improperly random.
CVE-2020-27636 - In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
CVE-2023-34992 - Fortinet FortiSIEM versions 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allow OS command injection, enabling attackers to execute unauthorized code or commands via crafted API requests.
CVE-2023-34993 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-36547 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-36548 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-36549 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-36550 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.
CVE-2023-41679 - FortiManager management interface in versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, and 6.0 all versions improperly allows remote and authenticated attackers to add and delete CLI scripts on other ADOMs with "device management" permission in a specific ADOM.
CVE-2023-4309 - The ESC Internet Election Service is vulnerable to SQL injection, allowing an attacker to read or modify data for multiple elections sharing the same backend database.
CVE-2023-44106 - API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44105 - Windows Manager module in the operating system allows abnormal behavior due to lack of strict permission verification.
CVE-2023-44107 - Screen projection module is vulnerable to defects introduced in the design process, which can be exploited to affect service availability and integrity.
CVE-2023-44116 - APPWidget module has a vulnerability of weak access permissions verification, enabling unauthorized apps to run.
CVE-2023-44118 - Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-5521 - Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.
CVE-2023-37538 - HCL Digital Experience is vulnerable to reflected XSS, requiring a victim to click on a crafted URL from a delivery mechanism.
CVE-2023-24479 - Yifan YF325 v1.0_20221108 is vulnerable to an authentication bypass in the nvram.cgi functionality, allowing arbitrary command execution through a specially crafted network request.
CVE-2023-31272 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd do_wds functionality, allowing an attacker to remotely trigger the vulnerability through a specially crafted network request.
Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31272NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765CVE-2023-32632 - Yifan YF325 v1.0_20221108 is vulnerable to command execution due to a flaw in the validate.so diag_ping_start functionality when processing a specially crafted network request. Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32632NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767CVE-2023-32645 - Yifan YF325 v1.0_20221108 is vulnerable to authentication bypass via a specially crafted network request in its httpd debug credentials functionality.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32645NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752CVE-2023-34346 - Yifan YF325 v1.0_20221108 is susceptible to a stack-based buffer overflow vulnerability in its httpd gwcfg.cgi get functionality, allowing for command execution through a specially crafted network packet.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34346NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764CVE-2023-34365 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in libutils.so nvram_restore, which can be exploited by an attacker through a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34365NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763CVE-2023-34426 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd manage_request function, allowing an attacker to exploit it by sending a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34426NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766CVE-2023-35055 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in the next_page parameter of the gozila_cgi function, allowing remote attackers to execute arbitrary commands by sending a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35055NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761CVE-2023-35056 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in its httpd next_page functionality, allowing command execution via a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35056NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761CVE-2023-35965 - Yifan YF325 v1.0_20221108 is prone to two heap-based buffer overflow vulnerabilities in its httpd manage_post functionality, that can be exploited by an attacker sending a specially crafted network request, leading to a heap buffer overflow due to an integer overflow.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35965NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787CVE-2023-35966 - Yifan YF325 v1.0_20221108 httpd manage_post functionality has two heap-based buffer overflow vulnerabilities that can be exploited by sending a specially crafted network request to trigger a heap buffer overflow, due to an integer overflow used as an argument for the realloc function.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35966NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787CVE-2023-35967 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, allowing an attacker to trigger the flaws via a specially crafted network request, leading to a heap buffer overflow due to an integer overflow in the malloc function argument.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35967NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788CVE-2023-35968 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in the gwcfg_cgi_set_manage_post_data functionality, which can be triggered by a specially crafted network request causing a heap buffer overflow due to an integer overflow in the argument for the realloc function.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35968NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788CVE-2023-35646 - TBD in TBD has a stack buffer overflow vulnerability, enabling remote code execution without additional privileges or user interaction.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/deta…
CVE-2023-32645 - Yifan YF325 v1.0_20221108 is vulnerable to authentication bypass via a specially crafted network request in its httpd debug credentials functionality.
CVE-2023-34346 - Yifan YF325 v1.0_20221108 is susceptible to a stack-based buffer overflow vulnerability in its httpd gwcfg.cgi get functionality, allowing for command execution through a specially crafted network packet.
Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34346NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764CVE-2023-34365 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in libutils.so nvram_restore, which can be exploited by an attacker through a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34365NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763CVE-2023-34426 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd manage_request function, allowing an attacker to exploit it by sending a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34426NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766CVE-2023-35055 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in the next_page parameter of the gozila_cgi function, allowing remote attackers to execute arbitrary commands by sending a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35055NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761CVE-2023-35056 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in its httpd next_page functionality, allowing command execution via a specially crafted network request.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35056NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761CVE-2023-35965 - Yifan YF325 v1.0_20221108 is prone to two heap-based buffer overflow vulnerabilities in its httpd manage_post functionality, that can be exploited by an attacker sending a specially crafted network request, leading to a heap buffer overflow due to an integer overflow.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35965NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787CVE-2023-35966 - Yifan YF325 v1.0_20221108 httpd manage_post functionality has two heap-based buffer overflow vulnerabilities that can be exploited by sending a specially crafted network request to trigger a heap buffer overflow, due to an integer overflow used as an argument for the realloc function.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35966NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787CVE-2023-35967 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, allowing an attacker to trigger the flaws via a specially crafted network request, leading to a heap buffer overflow due to an integer overflow in the malloc function argument.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35967NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788CVE-2023-35968 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in the gwcfg_cgi_set_manage_post_data functionality, which can be triggered by a specially crafted network request causing a heap buffer overflow due to an integer overflow in the argument for the realloc function.Product: Yifanwireless YF325CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35968NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788CVE-2023-35646 - TBD in TBD has a stack buffer overflow vulnerability, enabling remote code execution without additional privileges or user interaction.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35646NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01CVE-2023-35647 - ProtocolEmbmsGlobalCellIdAdapter in protocolembmsadapter.cpp allows for a possible out of bounds read, potentially enabling remote information disclosure and requiring baseband firmware compromise with no user interaction needed.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35647NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01CVE-2023-35648 - ProtocolMiscLceIndAdapter in protocolmiscadapter.cpp allows remote information disclosure due to a missing bounds check in GetConfLevel().Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35648NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01CVE-2023-35662 - The vulnerable product experiences an out of bounds write caused by buffer overflow, leading to remote code execution without requiring additional privileges or user interaction.Product: Google AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35662NV…
CVE-2023-34426 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd manage_request function, allowing an attacker to exploit it by sending a specially crafted network request.
CVE-2023-35055 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in the next_page parameter of the gozila_cgi function, allowing remote attackers to execute arbitrary commands by sending a specially crafted network request.
CVE-2023-35056 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in its httpd next_page functionality, allowing command execution via a specially crafted network request.
CVE-2023-35965 - Yifan YF325 v1.0_20221108 is prone to two heap-based buffer overflow vulnerabilities in its httpd manage_post functionality, that can be exploited by an attacker sending a specially crafted network request, leading to a heap buffer overflow due to an integer overflow.
CVE-2023-35966 - Yifan YF325 v1.0_20221108 httpd manage_post functionality has two heap-based buffer overflow vulnerabilities that can be exploited by sending a specially crafted network request to trigger a heap buffer overflow, due to an integer overflow used as an argument for the realloc function.
CVE-2023-35967 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, allowing an attacker to trigger the flaws via a specially crafted network request, leading to a heap buffer overflow due to an integer overflow in the malloc function argument.
CVE-2023-35968 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in the gwcfg_cgi_set_manage_post_data functionality, which can be triggered by a specially crafted network request causing a heap buffer overflow due to an integer overflow in the argument for the realloc function.
CVE-2023-35646 - TBD in TBD has a stack buffer overflow vulnerability, enabling remote code execution without additional privileges or user interaction.
CVE-2023-35647 - ProtocolEmbmsGlobalCellIdAdapter in protocolembmsadapter.cpp allows for a possible out of bounds read, potentially enabling remote information disclosure and requiring baseband firmware compromise with no user interaction needed.
CVE-2023-35648 - ProtocolMiscLceIndAdapter in protocolmiscadapter.cpp allows remote information disclosure due to a missing bounds check in GetConfLevel().
CVE-2023-35662 - The vulnerable product experiences an out of bounds write caused by buffer overflow, leading to remote code execution without requiring additional privileges or user interaction.
CVE-2023-45132 - NAXSI, an open-source maintenance web application firewall for NGINX, allows bypass of its protections when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules prior to version 1.6.
CVE-2023-29453 - Go Templates do not properly consider backticks (`) as Javascript string delimiters, allowing arbitrary Javascript code injection in Go templates.
CVE-2023-40833 - Thecosy IceCMS v.1.0.0 allows remote attackers to gain privileges through improper handling of Id and key parameters in getCosSetting.
CVE-2023-32723 - Request to LDAP is sent before user permissions are checked.
CVE-2023-5554 - Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
CVE-2023-23737 - Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.
CVE-2023-5045 - Kayisi before 1286 is vulnerable to SQL Injection and Command Line Execution.
CVE-2023-5046 - Procost by Biltay Technology before 1390 allows SQL Injection, Command Line Execution.
CVE-2023-27395 - SoftEther VPN is vulnerable to a heap-based buffer overflow that allows arbitrary code execution via a crafted network packet, which can be triggered by a man-in-the-middle attack.
CVE-2023-45133 - Babel compiler versions prior to 7.23.2 and 8.0.0-alpha.4, as well as all versions of babel-traverse, are vulnerable to arbitrary code execution during compilation if attacker-crafted code is used with specific plugins.
CVE-2023-45138 - Change Request application prior to version 1.9.2 allows script injection and remote code execution by users without any specific right, by inserting an appropriate title when creating a new Change Request, which has been fixed in version 1.9.2.
CVE-2023-41262 - Plixer Scrutinizer before 19.3.1 is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements.
CVE-2023-4562 - Mitsubishi Electric Corporation MELSEC-F Series main modules have an improper authentication vulnerability that enables remote attackers to retrieve or manipulate sequence programs without authentication.
CVE-2023-5572 - Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.
CVE-2023-45162 - The 1E Platform is vulnerable to Blind SQL Injection, allowing for arbitrary code execution, which can be remediated by applying the relevant hotfix.
CVE-2023-45466 - Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.
CVE-2023-21413 - Axis devices using ACAP applications are vulnerable to remote code execution due to a flaw in the application handling service, allowing attackers to run arbitrary code during installation.
CVE-2023-3991 - FreshTomato 2023.3 is vulnerable to OS command injection, allowing arbitrary command execution through a specially crafted HTTP request.
CVE-2023-45128 - Fiber, an express inspired web framework written in Go, is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to inject arbitrary values and forge malicious requests, compromising application security and integrity.
CVE-2023-45144 - The com.xwiki.identity-oauth:identity-oauth-ui package is vulnerable to cross site scripting (XSS) and XWiki syntax injection, allowing remote code execution via the groovy macro and affecting the confidentiality, integrity, and availability of the XWiki installation, which has been fixed in Identity OAuth version 1.6 with no known workarounds, requiring users to upgrade.
CVE-2023-34207 - EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to execute arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege through a crafted ZIP archive.
CVE-2023-42497 - Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
CVE-2023-42629 - Liferay Portal 7.4.2 through 7.4.3.87 and Liferay DXP 7.4 before update 88 have a stored XSS vulnerability where an attacker can inject malicious web script or HTML through a crafted payload in the 'description' text field of a Vocabulary on the manage vocabulary page.
CVE-2023-44309 - Liferay Portal and Liferay DXP versions 7.4.2 through 7.4.3.53 and version 7.4 before update 54 are vulnerable to multiple stored cross-site scripting (XSS) attacks, where remote attackers can inject arbitrary web script or HTML into non-HTML fields of a linked source asset.
CVE-2023-44310 - Page Tree menu in Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
CVE-2023-44311 - Liferay Portal 7.4.3.41 through 7.4.3.89 and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the code or error parameter, due to multiple reflected XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class, caused by an incomplete fix in
CVE-2023-42628 - Liferay Portal and Liferay DXP are vulnerable to stored cross-site scripting (XSS) attacks, allowing remote attackers to inject malicious web script or HTML into a parent wiki page via a crafted payload in the wiki page's 'Content' text field.
CVE-2023-42627 - The Liferay Portal and Liferay DXP versions 7.3.5 through 7.4.3.91, and 7.3 update 33 and earlier, and 7.4 before update 92 are susceptible to multiple stored XSS vulnerabilities, allowing remote attackers to inject arbitrary web script or HTML through various input fields.
CVE-2023-22069, CVE-2023-22089 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to easily exploitable vulnerabilities that allow unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.
CVE-2023-22072 - Oracle WebLogic Server in Oracle Fusion Middleware (Core component) version 12.2.1.3.0 is vulnerable to takeover by an unauthenticated attacker with network access via T3, IIOP, leading to severe impacts on confidentiality, integrity, and availability, with a CVSS 3.1 Base Score of 9.8.
Sponsors
Corelight, Inc.
*********** Sponsored By Corelight ***********[Webinar] Charting the New Frontier of Incident Response | As cyber threats grow in sophistication, traditional defenses are becoming increasingly inadequate. Hear what tech elite responders are using to defend their organizations from sophisticated adversary tactics and techniques in Corelight and Mandiant’s live panel on November 14.
Expel
SANS Research | Take the Operational Security Maturity Survey for a chance to win a $250 Amazon gift card! In this survey, we hope to better understand questions such as: Should compliance drive an organization's security strategy, or should the security strategy enable compliance? | Complete the survey:
Legit Security
Protecting the SDLC: Modernizing Secure Software Delivery with ASPM - Thu, October 19 at 1:00pm ET | During this upcoming webcast, we will discuss the ins and outs of ASPM and how it delivers holistic security and true value. | Register now:
PAS, part of Hexagon
Upcoming Webcast on Tue, October 24 at 1:00pm ET | Identify, Evaluate, and Prioritize Industrial Cyber Risk - Join this webcast with Dean Parsons as he evaluates PAS Cyber Integrity, a new offering from PAS Hexagon designed to harden OT assets against cyber-threats, identify critical endpoint vulnerabilities and risks, enable rapid recovery, and more. | Register now: