SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 48
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday December 2023
Published: 2023-12-12
Last Updated: 2023-12-12 18:25:35 UTC
by Johannes Ullrich (Version: 1)
Microsoft had a rather light patch Tuesday for us today. Today's set includes 4 critical, 30 important, and one moderate vulnerability. In addition, Microsoft included five Chromium patches that are part of Edge. Only one vulnerability was made public before today. No exploited vulnerabilities are patched today.
This will hopefully make for a not-too-stressful holiday patch month.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+December+2023/30480/
Apple Patches Everything
Published: 2023-12-11
Last Updated: 2023-12-11 19:14:53 UTC
by Johannes Ullrich (Version: 1)
Apple today released updates for iOS, macOS, tvOS and watchOS. This updates 43 vulnerabilities. Two of the vulnerabilities are already being exploited. Last week, these two vulnerabilities received patches for current versions of iOS and macOS. This new update covers older iOS and macOS versions as well.
Read the full entry:
https://isc.sans.edu/diary/Apple+Patches+Everything/30474/
IPv4-mapped IPv6 Address Used For Obfuscation
Published: 2023-12-09
Last Updated: 2023-12-12 15:17:28 UTC
by Didier Stevens (Version: 1)
A reader submitted an unusual URL...
Notice the format of the hostname: ::ffff:a.b.c.d
I had to look this up: this is a IPv4-mapped IPv6 address. It is a format to describe an IPv4 address using a IPv6 address format.
Read the full entry:
https://isc.sans.edu/diary/IPv4mapped+IPv6+Address+Used+For+Obfuscation/30466/
Internet Storm Center Entries
Malicious Python Script with a TCL/TK GUI (2023.12.13)
https://isc.sans.edu/diary/Malicious+Python+Script+with+a+TCLTK+GUI/30478/
What is sitemap.xml, and Why a Pentester Should Care (2023.12.11)
https://isc.sans.edu/diary/What+is+sitemapxml+and+Why+a+Pentester+Should+Care/30472/
Honeypots: From the Skeptical Beginner to the Tactical Enthusiast (2023.12.10)
https://isc.sans.edu/diary/Honeypots+From+the+Skeptical+Beginner+to+the+Tactical+Enthusiast/30468/
5Ghoul: Impacts, Implications and Next Steps (2023.12.07)
https://isc.sans.edu/diary/5Ghoul+Impacts+Implications+and+Next+Steps/30462/
Revealing the Hidden Risks of QR Codes [Guest Diary] (2023.12.06)
https://isc.sans.edu/diary/Revealing+the+Hidden+Risks+of+QR+Codes+Guest+Diary/30458/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-50164 - Apache Struts is vulnerable to file upload parameter manipulation leading to Remote Code Execution, and users should upgrade to Struts 2.5.33 or Struts 6.3.0.2 or newer versions for a fix.
CVE-2023-35618 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-6448 - Unitronics Vision Series PLCs and HMIs have default administrative passwords, allowing an unauthenticated attacker to gain administrative control over the system.
CVE-2023-45866 - BlueZ Bluetooth HID Hosts allow unauthenticated HID Devices to establish encrypted connections and inject HID messages without user authorization.
CVE-2023-36019 - Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-33063 - Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33106 - Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33107 - Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2023-6248 - The Syrus4 IoT gateway allows remote unauthenticated attackers to execute arbitrary code on any connected device and access sensitive data, including location, video, and diagnostic information, through an unsecured MQTT server.
CVE-2023-49291 - The `tj-actions/branch-names` Github Action improperly references context variables, allowing for arbitrary code execution and potential theft of secrets.
CVE-2023-48315, CVE-2023-48316, CVE-2023-48692 - Azure RTOS NetX Duo is vulnerable to remote code execution due to memory overflow vulnerabilities
CVE-2023-48691 - Azure RTOS NetX Duo is vulnerable to an out-of-bounds write leading to remote code execution in versions 6.2.1 and below, with no known workarounds available; users should upgrade to NetX Duo release 6.3.0.
CVE-2023-48693 - Azure RTOS ThreadX allows arbitrary read and write access and potential privilege escalation due to a vulnerability in its parameter checking mechanism, affecting versions 6.2.1 and below, with no known workarounds.
CVE-2023-48694 - Azure RTOS USBX is vulnerable to remote code execution due to expired pointer dereference and type confusion vulnerabilities in versions 6.2.1 and below, and users are advised to upgrade to USBX release 6.3.0 to address the issue.
CVE-2023-48695 - Azure RTOS USBX is vulnerable to remote code execution due to out of bounds write vulnerabilities in functions/processes related to CDC ECM and RNDIS in RTOS v6.2.1 and below.
CVE-2023-48696 - Azure RTOS USBX is vulnerable to remote code execution due to expired pointer dereference vulnerabilities in the host class, related to CDC ACM in RTOS v6.2.1 and below, with no known workarounds.
CVE-2023-48697 - Azure RTOS USBX is vulnerable to remote code execution due to memory buffer and pointer vulnerabilities in various components, and the issue has been fixed in USBX release 6.3.0, requiring users to upgrade.
CVE-2023-48698 - Azure RTOS USBX is vulnerable to remote code execution due to expired pointer dereference vulnerabilities.
CVE-2023-33054 - Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
CVE-2023-33082 - Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
CVE-2023-33083 - Memory corruption in WLAN Host while processing RRM beacon on the AP.
CVE-2023-42580 - Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store through Improper URL validation from MCSLaunch deeplink.
CVE-2023-49070 - Apache OFBiz 18.12.09 is vulnerable to pre-auth remote code execution due to a still present and unpatched XML-RPC component, impacting versions before 18.12.10.
CVE-2023-6269 - Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02 are vulnerable to argument injection, allowing unauthenticated attackers to gain root access and bypass authentication for administrative access.
CVE-2023-48930 - xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
CVE-2023-6508, CVE-2023-6509, CVE-2023-6510 - Chromium Use after free vulnerabilities
CVE-2023-6511 - Chromium:
CVE-2023-6512 - Chromium:
CVE-2023-41268 - The Samsung Open Source Escargot allows stack overflow and segmentation fault due to an improper input validation vulnerability in versions 3.0.0 through 4.0.0.
CVE-2023-22524 - Atlassian Companion App for MacOS is vulnerable to remote code execution through WebSockets, bypassing blocklist and MacOS Gatekeeper.
Product: Atlassian CompanionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22524NVD References: - https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html- https://jira.atlassian.com/browse/CONFSERVER-93518CVE-2023-48849 - Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.Product: Ruijie RG-EG1000CCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48849NVD References: https://github.com/delsploit/CVE-2023-48849CVE-2023-46773 - Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.Product: Huawei EmuiCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46773NVD References: - https://consumer.huawei.com/en/support/bulletin/2023/12/- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202312-0000001758430245CVE-2023-6458 - Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.Product: Mattermost ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6458NVD References: https://mattermost.com/security-updatesCVE-2023-36655 - ProLion CryptoSpike 3.0.15P2 allows a remote blocked user to login and obtain an authentication token by exploiting case sensitivity in the username.Product: ProLion CryptoSpikeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36655NVD References: - https://prolion.com/cryptospike/- https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655CVE-2023-46353 - Ticons before 1.8.4 from MyPresta.eu for PrestaShop allows guest users to perform SQL injection via sensitive SQL calls in the TiconProduct::getTiconByProductAndTicon() method, easily exploitable with a trivial http call.Product: Mypresta Product Tag Icons ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46353NVD References: https://security.friendsofpresta.org/modules/2023/11/28/ticons.htmlCVE-2023-41913 - strongSwan before 5.9.12 is vulnerable to buffer overflow and potential remote code execution through a crafted IKE_SA_INIT message, due to a DH public value exceeding the internal buffer in charon-tkm's DH proxy.Product: StrongSwan CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41913NVD References: - https://github.com/strongswan/strongswan/releases- https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.htmlCVE-2023-48823 - GaatiTrack Courier Management System 1.0 allows unauthenticated attackers to exploit an Blind SQL injection vulnerability via the email parameter during login.Product: Mayurik Courier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48823NVD References: http://packetstormsecurity.com/files/176030CVE-2023-48860 - TOTOLINK N300RT version 3.2.4-B20180730.0906 allows post-authentication remote code execution (RCE) due to incorrect access control, enabling bypass of front-end security and execution of arbitrary code.Product: Totolink N300RTCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48860NVD References: https://github.com/xieqiang11/security_research/blob/main/TOTOLINK-N300RT-RCE.mdCVE-2023-35039 - Be Devious Web Development Password Reset with Code for WordPress REST API allows authentication abuse due to improper restriction of excessive authentication attempts.Product: Be Devious Password Reset With Code For Wordpress Rest APICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35039NVD References: https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cveCVE-2023-39172 - The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.Product: EnBW SENEC Storage BoxCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39172NVD References: https://seclists.org/fulldisclosure/2023/Nov/4CVE-2023-39169 - The affected devices use publicly available default credentials with administrative privileges.Product: EnBW SENEC Storage BoxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39169NVD References: https://seclists.org/fulldisclosure/2023/Nov/3CVE-2023-49424 through CVE-2023-49426, CVE-2023-49428, CVE-2023-49437 - Tenda AX12 V22.03.01.46 was discovered to contain multiple stack overflow and command injection vulnerabilitiesProduct: Tenda AX12CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49424NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49425NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49426NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49428NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49437NVD References: https://git…
CVE-2023-48849 - Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.
CVE-2023-46773 - Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2023-6458 - Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
CVE-2023-36655 - ProLion CryptoSpike 3.0.15P2 allows a remote blocked user to login and obtain an authentication token by exploiting case sensitivity in the username.
Product: ProLion CryptoSpikeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36655NVD References: - https://prolion.com/cryptospike/- https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655CVE-2023-46353 - Ticons before 1.8.4 from MyPresta.eu for PrestaShop allows guest users to perform SQL injection via sensitive SQL calls in the TiconProduct::getTiconByProductAndTicon() method, easily exploitable with a trivial http call.Product: Mypresta Product Tag Icons ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46353NVD References: https://security.friendsofpresta.org/modules/2023/11/28/ticons.htmlCVE-2023-41913 - strongSwan before 5.9.12 is vulnerable to buffer overflow and potential remote code execution through a crafted IKE_SA_INIT message, due to a DH public value exceeding the internal buffer in charon-tkm's DH proxy.Product: StrongSwan CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41913NVD References: - https://github.com/strongswan/strongswan/releases- https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.htmlCVE-2023-48823 - GaatiTrack Courier Management System 1.0 allows unauthenticated attackers to exploit an Blind SQL injection vulnerability via the email parameter during login.Product: Mayurik Courier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48823NVD References: http://packetstormsecurity.com/files/176030CVE-2023-48860 - TOTOLINK N300RT version 3.2.4-B20180730.0906 allows post-authentication remote code execution (RCE) due to incorrect access control, enabling bypass of front-end security and execution of arbitrary code.Product: Totolink N300RTCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48860NVD References: https://github.com/xieqiang11/security_research/blob/main/TOTOLINK-N300RT-RCE.mdCVE-2023-35039 - Be Devious Web Development Password Reset with Code for WordPress REST API allows authentication abuse due to improper restriction of excessive authentication attempts.Product: Be Devious Password Reset With Code For Wordpress Rest APICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35039NVD References: https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cveCVE-2023-39172 - The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.Product: EnBW SENEC Storage BoxCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39172NVD References: https://seclists.org/fulldisclosure/2023/Nov/4CVE-2023-39169 - The affected devices use publicly available default credentials with administrative privileges.Product: EnBW SENEC Storage BoxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39169NVD References: https://seclists.org/fulldisclosure/2023/Nov/3CVE-2023-49424 through CVE-2023-49426, CVE-2023-49428, CVE-2023-49437 - Tenda AX12 V22.03.01.46 was discovered to contain multiple stack overflow and command injection vulnerabilitiesProduct: Tenda AX12CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49424NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49425NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49426NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49428NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49437NVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetVirtualServerCfg.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX12/setMacFilterCfg.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetStaticRouteCfg.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetOnlineDevName.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList-3.mdCVE-2023-49429 through CVE-2023-49436 - Tenda AX9 V22.03.01.46 is susceptible to multiple SQL command injection and stack overflow vulnerabilitiesProduct: Tenda AX9CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49429NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49430NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49431NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49432NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49433NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49434NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49435NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49436NVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.mdNVD References: https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.mdNVD References: https://github.com/ef4tless/vuln…
CVE-2023-41913 - strongSwan before 5.9.12 is vulnerable to buffer overflow and potential remote code execution through a crafted IKE_SA_INIT message, due to a DH public value exceeding the internal buffer in charon-tkm's DH proxy.
CVE-2023-48823 - GaatiTrack Courier Management System 1.0 allows unauthenticated attackers to exploit an Blind SQL injection vulnerability via the email parameter during login.
CVE-2023-48860 - TOTOLINK N300RT version 3.2.4-B20180730.0906 allows post-authentication remote code execution (RCE) due to incorrect access control, enabling bypass of front-end security and execution of arbitrary code.
CVE-2023-35039 - Be Devious Web Development Password Reset with Code for WordPress REST API allows authentication abuse due to improper restriction of excessive authentication attempts.
CVE-2023-39172 - The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
CVE-2023-39169 - The affected devices use publicly available default credentials with administrative privileges.
CVE-2023-49424 through CVE-2023-49426, CVE-2023-49428, CVE-2023-49437 - Tenda AX12 V22.03.01.46 was discovered to contain multiple stack overflow and command injection vulnerabilities
CVE-2023-49429 through CVE-2023-49436 - Tenda AX9 V22.03.01.46 is susceptible to multiple SQL command injection and stack overflow vulnerabilities
CVE-2023-49402, CVE-2023-49403, CVE-2023-49410, CVE-2023-49999 through CVE-2023-50002 - Tenda W30E V16.01.0.12(4843) was discovered to contain multiple stack overflow and command injection vulnerabilities
CVE-2023-39909 - Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
CVE-2023-40300 - NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.
CVE-2023-40301 - NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.
CVE-2023-40302 - NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability
CVE-2023-49404 - Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
CVE-2023-49405 - Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
CVE-2023-49406 - Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVE-2023-49408 - Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
CVE-2023-49409 - Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVE-2023-49411 - Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
CVE-2023-6579 - osCommerce 4 is affected by a critical vulnerability in the POST Parameter Handler component, allowing remote SQL injection via manipulation of the estimate[country_id] argument (VDB-247160).
CVE-2023-6581 - D-Link DAR-7000 up to 20231126 is vulnerable to critical SQL injection in the file /user/inc/workidajax.php (CVE-20231126, VDB-247162).
CVE-2023-5008 - Student Information System v1.0 is vulnerable to unauthenticated SQL Injection on the 'regno' parameter, enabling an attacker to fetch database records and bypass login control.
CVE-2023-48929 - Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 allows an attacker to escalate privileges and obtain sensitive information through the 'sid' parameter in the group_status.asp resource.
CVE-2023-49007 - In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
CVE-2023-49443 - DoraCMS v2.1.8 allows attackers to gain application access via a bruteforce attack due to reusing the same code for username and password verification.
CVE-2023-6612 - Totolink X5000R 9.1.0cu.2300_B20230112 is vulnerable to a critical os command injection in multiple functions of the file /cgi-bin/cstecgi.cgi, allowing exploitation and posing a potential risk as the vendor did not respond to the disclosure.
CVE-2023-6617 - SourceCodester Simple Student Attendance System 1.0 is vulnerable to SQL injection through the manipulation of the class_id argument in the attendance.php file (CVE VDB-247254).
CVE-2023-6619 - SourceCodester Simple Student Attendance System 1.0 is vulnerable to SQL injection via the id parameter in the /modals/class_form.php file, allowing for potential remote exploit.
CVE-2023-46498 - EverShop NPM versions before v.1.0.0-rc.8 is vulnerable to sensitive information disclosure and arbitrary code execution via the /deleteCustomer/route.json file.
CVE-2023-6394 - Quarkus allows unauthorized access to information and functionality outside of granted API permissions when receiving a request over websocket without role-based permission specified on the GraphQL operation.
Product: Quarkus CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6394NVD References: - https://access.redhat.com/security/cve/CVE-2023-6394- https://bugzilla.redhat.com/show_bug.cgi?id=2252197CVE-2023-46932 - GPAC version 2.3-DEV-rev617-g671976fcc-master experiences a heap buffer overflow vulnerability in the str2ulong class in src/media_tools/avilib.c, enabling attackers to execute arbitrary code and cause a denial of service (DoS) in gpac/MP4Box.Product: GPAC CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46932NVD References: https://github.com/gpac/gpac/issues/2669CVE-2023-47254 - DrayTek Vigor167 version 5.2.2 suffers from an OS Command Injection vulnerability, enabling remote attackers to execute system commands and elevate privileges through the web interface account.Product: DrayTek Vigor167CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47254NVD References: - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt- https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023CVE-2023-6648 - PHPGurukul Nipah Virus Testing Management System 1.0 is susceptible to remote SQL injection via manipulation of the argument username in the password-recovery.php file.Product: Phpgurukul Nipah Virus Testing Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6648NVD References: - https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md- https://vuldb.com/?ctiid.247341- https://vuldb.com/?id.247341CVE-2023-6651 - Matrimonial Site 1.0 is vulnerable to remote SQL injection via username parameter in /auth/auth.php?user=1, allowing attackers to exploit the vulnerability disclosed publicly as VDB-247344.Product: Carmelogarcia Matrimonial SiteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6651NVD References: - https://github.com/850362564/BugHub/blob/main/Matrimonial%20Site%20System%20auth.php%20has%20Sqlinjection.pdf- https://vuldb.com/?ctiid.247344- https://vuldb.com/?id.247344CVE-2023-6652 - The Matrimonial Site 1.0 is vulnerable to remote sql injection in the register function of the register.php file, posing a critical threat with the disclosure of an exploit.Product: Carmelogarcia Matrimonial SiteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6652NVD References: - https://github.com/sweatxi/BugHub/blob/main/Matrimonial%20Site%20System%20functions.php%20%20has%20Sqlinjection.pdf- https://vuldb.com/?ctiid.247345- https://vuldb.com/?id.247345CVE-2023-50245 - OpenEXR-viewer prior to version 0.6.1 allows a memory overflow vulnerability.Product: OpenEXR-viewerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50245NVD References: - https://github.com/afichet/openexr-viewer/commit/d0a7e85dfeb519951fb8a8d70f73f30d41cdd3d9- https://github.com/afichet/openexr-viewer/security/advisories/GHSA-99jg-r3f4-rpxjCVE-2023-49583 - The SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) versions < 3.6.0 allow an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.Product: SAP BTP Security Services Integration LibraryCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49583NVD References: - https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-50422 - The SAP BTP Security Services Integration Library (cloud-security-services-integration-library) below version 2.17.0 and from version 3.0.0 to before 3.3.0 allows an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.Product: SAP BTP Security Services Integration LibraryCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50422NVD References: - https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-50423 - The SAP BTP Security Services Integration Library ([Python] sap-xssec) versions < 4.1.0 allows unauthenticated attackers to escalate privileges and obtain arbitrary permissions within the application.Product: SAP BTP Security Services Integration LibraryCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50423NVD References: - https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-50424 - The SAP BTP Security Services Integration Library allows an unauthenticated attacker to escalate privileges and obtain arbitrary permissions within the application in versions < 0.17.0.Product: SAP BTP Security Services Integration LibraryCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50424NVD References: - https://blogs.sap.com/2023/12/12/unveiling-crit…
CVE-2023-46932 - GPAC version 2.3-DEV-rev617-g671976fcc-master experiences a heap buffer overflow vulnerability in the str2ulong class in src/media_tools/avilib.c, enabling attackers to execute arbitrary code and cause a denial of service (DoS) in gpac/MP4Box.
CVE-2023-47254 - DrayTek Vigor167 version 5.2.2 suffers from an OS Command Injection vulnerability, enabling remote attackers to execute system commands and elevate privileges through the web interface account.
CVE-2023-6648 - PHPGurukul Nipah Virus Testing Management System 1.0 is susceptible to remote SQL injection via manipulation of the argument username in the password-recovery.php file.
CVE-2023-6651 - Matrimonial Site 1.0 is vulnerable to remote SQL injection via username parameter in /auth/auth.php?user=1, allowing attackers to exploit the vulnerability disclosed publicly as VDB-247344.
CVE-2023-6652 - The Matrimonial Site 1.0 is vulnerable to remote sql injection in the register function of the register.php file, posing a critical threat with the disclosure of an exploit.
CVE-2023-50245 - OpenEXR-viewer prior to version 0.6.1 allows a memory overflow vulnerability.
CVE-2023-49583 - The SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) versions < 3.6.0 allow an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.
CVE-2023-50422 - The SAP BTP Security Services Integration Library (cloud-security-services-integration-library) below version 2.17.0 and from version 3.0.0 to before 3.3.0 allows an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.
CVE-2023-50423 - The SAP BTP Security Services Integration Library ([Python] sap-xssec) versions < 4.1.0 allows unauthenticated attackers to escalate privileges and obtain arbitrary permissions within the application.
CVE-2023-50424 - The SAP BTP Security Services Integration Library allows an unauthenticated attacker to escalate privileges and obtain arbitrary permissions within the application in versions < 0.17.0.
CVE-2023-21740 - Windows Media Remote Code Execution Vulnerability
CVE-2023-35621 - Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
CVE-2023-35622 - Windows DNS Spoofing Vulnerability
CVE-2023-35624 - Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2023-35628 - Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-35630 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-35631 - Win32k Elevation of Privilege Vulnerability
CVE-2023-35632 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-35633 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35634 - Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-35638 - DHCP Server Service Denial of Service Vulnerability
CVE-2023-35639 - Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-35641 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-35643 - DHCP Server Service Information Disclosure Vulnerability
CVE-2023-35644 - Windows Sysmain Service Elevation of Privilege
CVE-2023-36004 - Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
CVE-2023-36005 - Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2023-36006 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36010 - Microsoft Defender Denial of Service Vulnerability
CVE-2023-36011 - Win32k Elevation of Privilege Vulnerability
CVE-2023-36020 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36391 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2023-36696 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-20588 - AMD:
Sponsors
Corelight, Inc.
Sponsored By CorelightWebcast: Charting the New Frontier of Incident ResponseAs cyber threats grow in sophistication, traditional defenses are becoming increasingly inadequate. Hear what tech elite responders are using to defend their organizations from sophisticated adversary tactics and techniques in this Corelight and Mandiant webcast. Watch now:
Expel
The Journey to Operational Security Effectiveness and Maturity: Frameworks, Tools and Techniques | Join Dave Shackleford on Dec 20 at 1:00pm ET to discuss the frameworks, tools, and other techniques that organizations use to measure and assess their security programs. | Register now:
PAS, part of Hexagon
Identify, Evaluate & Prioritize Industrial Cyber Risk | Join Dean Parsons on Jan 10 at 1:00pm ET as he evaluates PAS Cyber Integrity, a new offering from PAS Hexagon designed to harden OT assets against cyber-threats, identify critical endpoint vulnerabilities and risks, enable rapid recovery, and more. | Register now:
SANS
Free Virtual Event on Tue, Jan 30 at 10am ET: CTI Summit Solutions Track 2024 | SANS Senior Instructor Ismael Valenzuela and invited guest speakers will dive into cutting-edge CTI case studies while highlighting how the integration of AI technologies can provide unprecedented insights and advantages. Register now: