Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server

Published: 2023-11-06

Last Updated: 2023-11-06 13:40:13 UTC

by Johannes Ullrich (Version: 1)

Last week, Atlassian published an advisory for CVE-2023-22518. The vulnerability is a trivial to exploit authentication bypass vulnerability. Atlassian emphasized the importance of the advisory with a quote from its CISO: "There are no reports of active exploitation at this time; customers must take immediate action to protect their instances." On Friday, Atlassian confirmed that attackers are actively exploiting the vulnerability.

The vulnerability is rated with a CVSS score of 9.1. Three different URLs are affected according to the advisory ...

I went back through our data to see how much exploitation we see for these URLs. We started seeing the first attempts on November 2nd (Thursday), just as Atlassian reported seeing these exploits being used against customers.

Read the full entry:

https://isc.sans.edu/diary/Exploit+Activity+for+CVE202322518+Atlassian+Confluence+Data+Center+and+Server/30376/

Example of Phishing Campaign Project File

Published: 2023-11-08

Last Updated: 2023-11-08 06:37:08 UTC

by Xavier Mertens (Version: 1)

We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily... Good luck! Of course, tools have been developed to organize marketing campaigns. From marketing to spam or phishing, there is only one step. Bad guys started to use the same programs for malicious purpose.

Yesterday, I found on VT an interesting file. It triggered one of my hunting rules because the file contained a reference to one of my customer’s domain. I had a look at the file named “EwoExcel (1)<dot>mmp’ (SHA256:0e016a41b6df3dc7daf076805e3cbb21df1ff33712b615d38ecf066cd25b6e06).

I was not aware of the file extension “.mmp” (it’s not a “.mpp” used by Microsoft Project). But it seems to be a project file.

Read tech full entry:

https://isc.sans.edu/diary/Example+of+Phishing+Campaign+Project+File/30384/

Internet Storm Center Entries


What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) (2023.11.07)

https://isc.sans.edu/diary/Whats+Normal+New+uses+of+DNS+Discovery+of+Designated+Resolvers+DDR/30380/

Quick Tip For Artificially Inflated PE Files (2023.11.02)

https://isc.sans.edu/diary/Quick+Tip+For+Artificially+Inflated+PE+Files/30370/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2023-22518 - Confluence Data Center and Server versions are vulnerable, but Atlassian Cloud sites are not affected.

Product: Atlassian  Confluence Data Center and Server

CVSS Score: 0

** KEV since 2023-11-07 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22518

ISC Diary: https://isc.sans.edu/diary/30376

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8726

NVD References: 

- https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907

- https://jira.atlassian.com/browse/CONFSERVER-93142




CVE-2023-46604 - Apache ActiveMQ is vulnerable to Remote Code Execution through manipulation of serialized class types in the OpenWire protocol, allowing an attacker to run arbitrary shell commands on the broker.

Product: Apache ActiveMQ

CVSS Score: 0

** KEV since 2023-11-02 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46604

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8730




CVE-2023-27846 - PrestaShop themevolty v.4.0.8 and before allows remote attackers to gain privileges through SQL injection in various components.

Product: Themevolty CMS Blog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27846

NVD References: https://security.friendsofpresta.org/modules/2023/10/25/tvcmsblog.html




CVE-2023-45378 - PrestaBlog (prestablog) version 4.4.7 and before from HDclic for PrestaShop allows for SQL injection through a trivial http call in the script ajax slider_positions.php.

Product: HDclic Prestablog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45378

NVD References: https://security.friendsofpresta.org/modules/2023/10/26/prestablog.html




CVE-2023-46356 - CSV Feeds PRO (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop allows guest users to perform SQL injection via a trivial http call to the method `SearchApiCsv::getProducts()`.

Product: Blmodules Csv Feeds Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46356

NVD References: https://security.friendsofpresta.org/modules/2023/10/26/csvfeeds-89.html




CVE-2023-24000 - GamiPress 2.5.7 and lower versions allow SQL Injection.

Product: GamiPress 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24000

NVD References: https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-7-unauthenticated-sql-injection-vulnerability?_s_id=cve




CVE-2023-46976 - TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

Product: TOTOLINK A3300R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46976

NVD References: https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md




CVE-2023-46977 - TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

Product: TOTOLINK LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46977

NVD References: https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20LR1200GB/1/README.md




CVE-2023-46979 - TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.

Product: TOTOLINK X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46979

NVD References: https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/2/README.md




CVE-2023-40050 - Chef Automate prior to and including version 4.10.29 allows remote code execution when a maliciously crafted profile is uploaded through API or user interface using InSpec check command.

Product: Chef Automate InSpec

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40050

NVD References: 

- https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050

- https://docs.chef.io/automate/profiles/

- https://docs.chef.io/release_notes_automate/




CVE-2023-46248 - The Cody AI VSCode extension versions 0.10.0 through 0.14.0 allows arbitrary code execution if a user opens a malicious repository with the extension loaded.

Product: Cody AI VSCode extension 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46248

NVD References: 

- https://github.com/sourcegraph/cody/pull/1414

- https://github.com/sourcegraph/cody/security/advisories/GHSA-8wmq-fwv7-xmwq




CVE-2023-46249 - authentik, an open-source Identity Provider, allows an attacker to set the password of the default admin user without authentication in versions prior to 2023.8.4 and 2023.10.2.

Product: authentik Identity Provider

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46249

NVD References: 

- https://github.com/goauthentik/authentik/commit/261879022d25016d58867cf1f24e90b81ad618d0

- https://github.com/goauthentik/authentik/commit/ea75741ec22ecef34bc7073f1163e17a8a2bf9fc

- https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.2

- https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.4

- https://github.com/goauthentik/authentik/security/advisories/GHSA-rjvp-29xq-f62w




CVE-2023-1715 - Bitrix24 22.0.300 allows XSS bypass through a logic error in mb_strpos() due to HTML tags placed at the beginning of the payload.

Product: Bitrix24 22.0.300

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1715

NVD References: https://starlabs.sg/advisories/23/23-1715/




CVE-2023-1716 - Bitrix24 22.0.300 allows arbitrary execution of JavaScript code in a victim's browser via a XSS vulnerability in the Invoice Edit Page, potentially leading to execution of PHP code on the server if victim has admin privilege.

Product: Bitrix24 22.0.300

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1716

NVD References: https://starlabs.sg/advisories/23/23-1716/




CVE-2023-1717 - Bitrix24 22.0.300 is vulnerable to prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js, allowing remote attackers to execute arbitrary JavaScript code in the victim’s browser and potentially execute arbitrary PHP code on the server if the victim has administrator privilege.

Product: Bitrix24 22.0.300

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1717

NVD References: https://starlabs.sg/advisories/23/23-1717/




CVE-2023-1720 - Bitrix24 22.0.300 lacks a mime type response header, allowing attackers to execute arbitrary JavaScript code in the victim's browser and potentially execute arbitrary PHP code on the server, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile if the victim has administrator privilege.

Product: Bitrix24 22.0.300

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1720

NVD References: https://starlabs.sg/advisories/23/23-1720/




CVE-2023-20048 - The vulnerable product, Cisco Firepower Management Center (FMC) Software, allows an attacker to execute unauthorized configuration commands on a managed Firepower Threat Defense (FTD) device.

Product: Cisco Firepower Management Center (FMC) Software

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20048

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN




CVE-2023-45111 - Online Examination System v1.0 is vulnerable to Unauthenticated SQL Injection due to improper validation of the 'email' parameter in feed.php, allowing unfiltered characters to be sent to the database.

Product: Online Examination System v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45111

NVD References: 

- https://fluidattacks.com/advisories/pires

- https://projectworlds.in/




CVE-2023-45112 - The Online Examination System v1.0 is susceptible to multiple Unauthenticated SQL Injection vulnerabilities due to inadequate validation of characters in the 'feedback' parameter.

Product: Online Examination System v1.0 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45112

NVD References: 

- https://fluidattacks.com/advisories/pires

- https://projectworlds.in/




CVE-2023-45113 & CVE-2023-45114 - Online Examination System v1.0 multiple unauthenticated SQL Injection vulnerabilities

Product: Online Examination System v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45113

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45114

NVD References: https://fluidattacks.com/advisories/pires

NVD References: https://projectworlds.in/




CVE-2023-45012 through CVE-2023-45019 - Online Bus Booking System v1.0 multiple unauthenticated SQL injection vulnerabilities

Product: Online Bus Booking System v1.0 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45012

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45013

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45014

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45015

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45016

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45017

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45018

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45019

NVD References: https://fluidattacks.com/advisories/oconnor

NVD References: https://projectworlds.in/




CVE-2023-42802 - GLPI is vulnerable to an unverified object instantiation leading to the upload of malicious PHP files to unauthorized directories, allowing for potential execution by a web server request; workaround involves removing write access on specific files.

Product: GLPI  free asset and IT management software package

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42802

NVD References: 

- https://github.com/glpi-project/glpi/releases/tag/10.0.10

- https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m




CVE-2023-45323 through CVE-2023-45347 - Online Food Ordering System v1.0 multiple unauthenticated SQL Injection vulnerabilities

Product: Online Food Ordering System v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45323

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45324

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45325

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45326

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45327

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45328

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45329

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45330

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45331

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45332

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45333

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45334

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45335

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45336

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45337

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45338

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45339

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45340

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45341

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45342

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45343

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45344

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45345

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45346

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45347

NVD References: https://fluidattacks.com/advisories/hann

NVD References: https://projectworlds.in/




CVE-2023-41351 - Chunghwa Telecom NOKIA G-040W-Q allows unauthenticated remote attackers to bypass authentication and gain unauthorized access to perform system operations or disrupt service.

Product: Chunghwa Telecom NOKIA G-040W-Q

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41351

NVD References: https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html




CVE-2023-41355 - Chunghwa Telecom NOKIA G-040W-Q Firewall suffers from an input validation vulnerability in its ICMP redirect message handling, allowing remote unauthorized attackers to disrupt network routing or disclose sensitive information.

Product: Chunghwa Telecom NOKIA G-040W-Q

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41355

NVD References: https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html




CVE-2023-46846 - SQUID is vulnerable to HTTP request smuggling due to lenient chunked decoder, enabling remote attackers to bypass firewall and frontend security systems.

Product: SQUID HTTP request smuggling

CVSS Score: 9.

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46846

NVD References: 

- https://bugzilla.redhat.com/show_bug.cgi?id=2245910

- https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh




CVE-2023-46847 - Squid is prone to a remote Denial of Service caused by a buffer overflow vulnerability triggered by writing excessive arbitrary data to heap memory during configuration of HTTP Digest Authentication.

Product: Squid

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46847

NVD References: 

- https://bugzilla.redhat.com/show_bug.cgi?id=2245916

- https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g




CVE-2023-5824 - Squid is vulnerable to Denial of Service attack due to an Improper Handling of Structural Elements bug impacting HTTP and HTTPS clients.

Product: Squid

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5824

NVD References: 

- https://bugzilla.redhat.com/show_bug.cgi?id=2245914

- https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255




CVE-2023-3277 - The MStore API plugin for WordPress allows unauthenticated attackers to gain unauthorized access and escalate their privileges by exploiting the improper implementation of the Apple login feature in versions up to 4.10.7.

Product: MStore API plugin WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3277

NVD References: 

- https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve




CVE-2023-25960 - Zendrop – Global Dropshipping allows SQL Injection from version n/a through 1.0.0.

Product: Zendrop – Global Dropshipping

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25960

NVD References: https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution?_s_id=cve




CVE-2023-23368 - QNAP operating system versions are vulnerable to OS command injection, allowing users to execute commands via a network.

Product: QNAP QTS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23368

NVD References: https://www.qnap.com/en/security-advisory/qsa-23-31




CVE-2023-23369 - QNAP operating system versions are vulnerable to an OS command injection, enabling remote command execution.

Product: QNAP Multimedia Console

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23369

NVD References: https://www.qnap.com/en/security-advisory/qsa-23-35




CVE-2023-4699 - Mitsubishi Electric Corporation MELSEC-F and MELSEC iQ-F Series modules allow a remote attacker to reset product memory to default state and cause DoS by sending specific packets.

Product: Mitsubishi Electric Corporation  MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4699

NVD References: 

- https://jvn.jp/vu/JVNVU94620134/

- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03

- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-013_en.pdf




CVE-2023-45161 - The Network product pack on the 1E Exchange allows for arbitrary code execution with SYSTEM permissions due to improper validation in the 1E-Exchange-URLResponseTime instruction.

Product: 1E Network product pack

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45161

NVD References: 

- https://exchange.1e.com/product-packs/network/

- https://www.1e.com/trust-security-compliance/cve-info/




CVE-2023-45163 - The 1E-Exchange-CommandLinePing instruction in the 1E Network product pack allows arbitrary code execution with SYSTEM permissions due to lack of input parameter validation.

Product: 1E Network product pack

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45163

NVD References: 

- https://https://exchange.1e.com/product-packs/network/

- https://www.1e.com/trust-security-compliance/cve-info/




CVE-2023-5964 - The End-User Interaction product pack's 1E-Exchange-DisplayMessage instruction allows arbitrary code execution with SYSTEM permissions due to improper validation of Caption and Message parameters.

Product: 1E End-User Interaction

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5964

NVD References: 

- https://exchange.1e.com/product-packs/end-user-interaction/

- https://www.1e.com/trust-security-compliance/cve-info/




CVE-2023-46731 - XWiki Platform allows remote code execution via an improperly escaped section URL parameter in the administration sections, compromising the confidentiality, integrity, and availability of the system.

Product: XWiki Platform

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46731

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a

- https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89

- https://jira.xwiki.org/browse/XWIKI-21110




CVE-2023-46732 - XWiki platform is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter, allowing an attacker to execute arbitrary actions and compromise the confidentiality, integrity, and availability of the entire installation, but this vulnerability has been patched in XWiki 15.6 RC1, 15.5.1, and 14.10.14.

Product: XWiki Platform

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46732

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62

- https://jira.xwiki.org/browse/XWIKI-21095




CVE-2023-46242 - XWiki Platform allows the execution of unauthorized content by any user with programming privileges via a manipulated URL, which has been patched in versions 14.10.7 and 15.2RC1, requiring users to upgrade as there are no workarounds available.

Product: XWiki Platform

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46242

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5

- https://jira.xwiki.org/browse/XWIKI-20386




CVE-2023-46243 - XWiki Platform allows execution of arbitrary groovy code by crafting a specific URL, potentially compromising the server.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46243

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w

- https://jira.xwiki.org/browse/XWIKI-20385




CVE-2023-46244 - XWiki Platform allows execution of unauthorized scripts leading to potential extraction of XWiki.superadmin privilege.

Product: XWiki Platform

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46244

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6

- https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5

- https://jira.xwiki.org/browse/XWIKI-20624

- https://jira.xwiki.org/browse/XWIKI-20625




CVE-2023-5777 - Weintek EasyBuilder Pro exposes the private key to the public, potentially leading to remote control of the crash report server.

Product: Weintek EasyBuilder Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5777

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05




CVE-2023-21671 - Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

Product: Sectools Core

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21671

NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin




CVE-2023-22388 - Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Product: No vendor name or product name is mentioned in the given vulnerability description. 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22388

NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin




CVE-2023-28574 - Memory corruption in core services when Diag handler receives a command to configure event listeners.

Product: No vendor name or product name is mentioned in the vulnerability description provided. 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28574

NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin




CVE-2023-33045 - Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

Product: WLAN Firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33045

NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin




CVE-2023-42659 - WS_FTP Server versions prior to 8.7.6 and 8.8.4 allow authenticated Ad Hoc Transfer users to upload files to the underlying operating system using a crafted API call.

Product: WS_FTP Server 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42659

NVD References: 

- https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023

- https://www.progress.com/ws_ftp




CVE-2023-4295 - A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. 

Product: Arm Mali GPU Driver 

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4295

NVD References: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities




CVE-2023-46253 - Squidex, an open source headless CMS and content management hub, is vulnerable to arbitrary file write leading to remote code execution.

Product: Squidex Content Management Hub

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46253

NVD References: https://github.com/Squidex/squidex/security/advisories/GHSA-phqq-8g7v-3pg5




CVE-2023-46676 through CVE-2023-46680 - Online Job Portal v1.0 multiple unauthenticated SQL injection vulnerabilities

Product: Online Job Portal v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46676

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46677

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46678

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46680

NVD References: https://fluidattacks.com/advisories/netrebko

NVD References: https://projectworlds.in




CVE-2023-46785 through CVE-2023-46790, CVE-2023-46792 through CVE-2023-46800 - Multiple unauthenticated SQL injection vulnerabilities in The Online Matrimonial Project v1.0

Product: Online Matrimonial Project v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46785

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46786

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46787

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46788

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46789

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46790

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46792

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46793

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46794

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46795

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46796

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46797

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46798

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46799

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46800

NVD References: https://fluidattacks.com/advisories/ros

NVD References: https://projectworlds.in