SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 02
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft January 2024 Patch Tuesday
Published: 2024-01-10
Last Updated: 2024-01-10 00:38:10 UTC
by Johannes Ullrich (Version: 1)
Microsoft today surprised with a light patch Tuesday. We only received 48 patches for Microsoft products and four for Chromium, affecting Microsoft Edge. Only two of the 48 patches are rated critical; none had been disclosed or exploited before today. The update also includes an SQLite patch affecting Microsoft products. This issue fixed the "Stranger Strings" vulnerability, patched in 2022 in the open-source version of SQLite.
The critical Kerberos vulnerability is interesting and should be patched quickly. It may allow an attacker with a MitM position to impersonate a Kerberos server and bypass authentication. Kerberos weaknesses have been abused in these scenarios in the past, and obtaining a MitM position is typically not that difficult after the perimeter of a network has been breached.
Read the full entry: https://isc.sans.edu/diary/Microsoft+January+2024+Patch+Tuesday/30548
Jenkins Brute Force Scans
Published: 2024-01-09
Last Updated: 2024-01-09 17:17:36 UTC
by Johannes Ullrich (Version: 1)
Our honeypots saw a number of scans for "/j_acegi_security_check" the last two days. This URL has not been hit much lately, but was hit pretty hard last March. The URL is associated with Jenkins, and can be used to brute force passwords.
A typical request seen by our honeypots ...
The body of the request URL decodes to ...
The Chinese characters at the end translate to "Log in," indicating that this request may have been originally based on a Chinese language version of Jenkins. I have observed usernames like admin, 1, 123, adminadmin, root. The intent of this particular query may be to test if the server is running Jenkins and not an actual brute-force attempt. But it is always difficult to guess a particular attack's intent. The honeypot is not attempting to emulate Jenkins at this point (something we may need to add to our agile honeypots soon).
Read the full entry: https://isc.sans.edu/diary/Jenkins+Brute+Force+Scans/30546/
Suspicious Prometei Botnet Activity
Published: 2024-01-07
Last Updated: 2024-01-07 20:23:34 UTC
by Guy Bruneau (Version: 1)
On the 31 Dec 2023, after trying multiple username/password combination, actor using IP 194.30.53.68 successfully loging to the honeypot and uploaded eight files where 2 of them are protected with a 7zip password (updates1.7z & updates2.7z). Some of these files have been identified to be related to the Prometei trojan by Virustotal. The file sqhost.exe was last found by Talos used with the Prometei botnet as a trojan coin miner.
Read the full entry: https://isc.sans.edu/diary/Suspicious+Prometei+Botnet+Activity/30538/
Internet Storm Center Entries
What is that User Agent? (2024.01.08)
https://isc.sans.edu/diary/What+is+that+User+Agent/30536/
Are you sure of your password? (2024.01.06)
https://isc.sans.edu/diary/Are+you+sure+of+your+password/30534/
Netstat, but Better and in PowerShell (2024.01.05)
https://isc.sans.edu/diary/Netstat+but+Better+and+in+PowerShell/30532/
Wireshark updates (2024.01.04)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-0057 - NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2024-20674 - Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-0193 - Linux kernel is vulnerable to a use-after-free flaw in the netfilter subsystem, potentially enabling a local unprivileged user to escalate their privileges.
Product: Linux KernelCVSS Score: 6.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0193ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8802NVD References: - https://access.redhat.com/security/cve/CVE-2024-0193- https://bugzilla.redhat.com/show_bug.cgi?id=2255653CVE-2023-32874 - The Modem IMS Stack is vulnerable to an out of bounds write, allowing remote code execution without additional privileges or user interaction.Product: Mediatek LR13CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32874NVD References: https://corp.mediatek.com/product-security-bulletin/January-2024CVE-2023-33025 - Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.Product: Qualcomm AR8035CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33025NVD References: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletinCVE-2023-6436 - Ekol Informatics Website Template is vulnerable to SQL injection.Product: Ekolbilisim Web Sablonu YazilimiCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6436NVD References: https://www.usom.gov.tr/bildirim/tr-24-0001CVE-2023-4280 - Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows unauthorized access to trusted memory.Product: Silabs Gecko Software Development KitCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4280NVD References: - https://community.silabs.com/069Vm0000004NinIAE- https://github.com/SiliconLabs/gecko_sdkCVE-2023-48419 - Google Home devices in the wifi vicinity of an attacker can be exploited to spy on users, leading to Elevation of Privilege.Product: Google Nest AudioCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48419NVD References: https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA#zippy=%2CspeakersCVE-2023-50711 - vmm-sys-util versions 0.5.0 to 0.12.0 allow out of bounds memory accesses in the `FamStructWrapper::deserialize` implementation due to a lack of length verification in the header.Product: Rust-Vmm Vmm-Sys-UtilCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50711NVD References: - https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167- https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9CVE-2023-47458 - SpringBlade v.3.7.0 and before lacks permissions control framework, enabling remote attackers to escalate privileges.Product: Bladex SpringbladeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47458NVD References: - http://springblade.com- https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a- https://gitee.com/smallc/SpringBladeCVE-2024-0194 - CodeAstro Internet Banking System up to 1.0 allows remote attackers to upload arbitrary files due to unrestricted upload capabilities in the Profile Picture Handler component.Product: Codeastro Internet Banking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0194NVD References: - https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing- https://vuldb.com/?ctiid.249509- https://vuldb.com/?id.249509CVE-2024-0195 - Spider-flow 0.4.3 is vulnerable to a critical code injection attack in the FunctionService.saveFunction function of the file src/main/java/org/spiderflow/controller/FunctionController.java, allowing remote exploitation; the vulnerability has been publicly disclosed and assigned the identifier VDB-249510.Product: Ssssssss Spider-FlowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0195NVD References: - https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md- https://vuldb.com/?ctiid.249510- https://vuldb.com/?id.249510CVE-2024-21623 - OTClient is vulnerable to expression injection in Actions, allowing an attacker to run remote commands, leak secrets, and alter the repository.Product: Mehah OTClientCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21623NVD References: - https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104- https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254- https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/- https://securitylab.github.com/research/github-actions-untrusted-input/CVE-2023-6339 - Google Nest WiFi Pro root code-execution & user-data compromiseProduct: Google Nest WiFi ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6339NVD References: - https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA- https://vuldb.com/?id.249563CVE-2024-21632 - "Omniauth-microsoft_graph version prior to 2.0.0 allows for account takeover due to lack of validation of the `email` attribute, posing a ris…
CVE-2023-32874 - The Modem IMS Stack is vulnerable to an out of bounds write, allowing remote code execution without additional privileges or user interaction.
CVE-2023-33025 - Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.
CVE-2023-6436 - Ekol Informatics Website Template is vulnerable to SQL injection.
CVE-2023-4280 - Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows unauthorized access to trusted memory.
CVE-2023-48419 - Google Home devices in the wifi vicinity of an attacker can be exploited to spy on users, leading to Elevation of Privilege.
CVE-2023-50711 - vmm-sys-util versions 0.5.0 to 0.12.0 allow out of bounds memory accesses in the `FamStructWrapper::deserialize` implementation due to a lack of length verification in the header.
CVE-2023-47458 - SpringBlade v.3.7.0 and before lacks permissions control framework, enabling remote attackers to escalate privileges.
CVE-2024-0194 - CodeAstro Internet Banking System up to 1.0 allows remote attackers to upload arbitrary files due to unrestricted upload capabilities in the Profile Picture Handler component.
Product: Codeastro Internet Banking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0194NVD References: - https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing- https://vuldb.com/?ctiid.249509- https://vuldb.com/?id.249509CVE-2024-0195 - Spider-flow 0.4.3 is vulnerable to a critical code injection attack in the FunctionService.saveFunction function of the file src/main/java/org/spiderflow/controller/FunctionController.java, allowing remote exploitation; the vulnerability has been publicly disclosed and assigned the identifier VDB-249510.Product: Ssssssss Spider-FlowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0195NVD References: - https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md- https://vuldb.com/?ctiid.249510- https://vuldb.com/?id.249510CVE-2024-21623 - OTClient is vulnerable to expression injection in Actions, allowing an attacker to run remote commands, leak secrets, and alter the repository.Product: Mehah OTClientCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21623NVD References: - https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104- https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254- https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/- https://securitylab.github.com/research/github-actions-untrusted-input/CVE-2023-6339 - Google Nest WiFi Pro root code-execution & user-data compromiseProduct: Google Nest WiFi ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6339NVD References: - https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA- https://vuldb.com/?id.249563CVE-2024-21632 - "Omniauth-microsoft_graph version prior to 2.0.0 allows for account takeover due to lack of validation of the `email` attribute, posing a risk when used as a trusted user identifier in nOAuth configuration."Product: Recognizeapp Omniauth\\CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21632NVD References: - https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1- https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj- https://www.descope.com/blog/post/noauthCVE-2023-50351 - HCL DRYiCE MyXalytics is affected by an insecure key rotation mechanism that enables attackers to compromise data confidentiality or integrity.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50351NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45722 - HCL DRYiCE MyXalytics is vulnerable to path traversal arbitrary file read, allowing potential exploits to disrupt or take over the application by accessing files outside of the restricted directory.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45722NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45723 - HCL DRYiCE MyXalytics is affected by a path traversal vulnerability enabling unauthorized file uploads and manipulation of file storage location on the server.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45723NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45724 - HCL DRYiCE MyXalytics product is vulnerable to unauthenticated file upload, allowing the upload of a specific file without requiring user authentication.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45724NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-46308 - In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.Product: Plotly.JsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46308NVD References: - https://github.com/plotly/plotly.js/releases/tag/v2.25.2- https://plotly.com/javascript/CVE-2023-52304, CVE-2023-52307, CVE-2023-52309 through CVE-2023-52311, CVE-2023-52314 - Multiple Vulnerabilities in PaddlePaddle before 2.6.0Product: PaddlePaddle CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52304NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52307NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52309NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52310NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52311NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52314NVD References: - https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md- https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md- https://github.…
CVE-2024-21623 - OTClient is vulnerable to expression injection in Actions, allowing an attacker to run remote commands, leak secrets, and alter the repository.
CVE-2023-6339 - Google Nest WiFi Pro root code-execution & user-data compromise
CVE-2024-21632 - "Omniauth-microsoft_graph version prior to 2.0.0 allows for account takeover due to lack of validation of the `email` attribute, posing a risk when used as a trusted user identifier in nOAuth configuration."
CVE-2023-50351 - HCL DRYiCE MyXalytics is affected by an insecure key rotation mechanism that enables attackers to compromise data confidentiality or integrity.
CVE-2023-45722 - HCL DRYiCE MyXalytics is vulnerable to path traversal arbitrary file read, allowing potential exploits to disrupt or take over the application by accessing files outside of the restricted directory.
CVE-2023-45723 - HCL DRYiCE MyXalytics is affected by a path traversal vulnerability enabling unauthorized file uploads and manipulation of file storage location on the server.
CVE-2023-45724 - HCL DRYiCE MyXalytics product is vulnerable to unauthenticated file upload, allowing the upload of a specific file without requiring user authentication.
CVE-2023-46308 - In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
CVE-2023-52304, CVE-2023-52307, CVE-2023-52309 through CVE-2023-52311, CVE-2023-52314 - Multiple Vulnerabilities in PaddlePaddle before 2.6.0
CVE-2023-51784 - Apache InLong before 1.10.0 allows attackers to remotely execute code due to improper control of code generation, which is fixed by upgrading to 1.10.0 or cherry-picking the patch.
CVE-2023-39655 - The NPM package @perfood/couch-auth versions <= 0.20.0 is vulnerable to host header injection, allowing an attacker to reset other users' passwords and take over their accounts.
Product: Perfood CouchauthCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39655NVD References: - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655- https://www.npmjs.com/package/%40perfood/couch-authCVE-2023-50253 - Laf cloud development platform versions 1.0.0-beta.13 and prior allow authenticated users to obtain any pod logs under the same namespace, resulting in unauthorized access to sensitive information.Product: Laf cloud development platformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50253NVD References: - https://github.com/labring/laf/pull/1468- https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75fCVE-2023-50090 - Ureport2 2.2.9 and earlier versions allow arbitrary file writing and command execution through a crafted POST request in the saveReportFile method.Product: Ureport2 Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50090NVD References: - https://github.com/advisories/GHSA-445x-c8qq-qfr9- https://lemono.fun/thoughts/UReport2-RCE.htmlCVE-2024-0222 - Chromium: CVE-2024-0222 Use after free in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0222ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1501798- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0223 - Chromium: CVE-2024-0223 Heap buffer overflow in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0223ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1505009- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0224 - Chromium: CVE-2024-0224 Use after free in WebAudioProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0224ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1505086- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0225 - Chromium: CVE-2024-0225 Use after free in WebGPUProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0225ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1506923- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2023-49622, CVE-2023-49624, CVE-2023-49625, CVE-2023-49633, CVE-2023-49639, CVE-2023-49658, CVE-2023-49665, CVE-2023-49666 - Multiple unauthenticated SQL Injection vulnerabilities in Billing Software v1.0.Product: Kashipara Billing SoftwareCVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49622NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49624NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49625NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49633NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49639NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49658NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49665NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49666NVD References: - https://fluidattacks.com/advisories/zimerman/- https://www.kashipara.com/CVE-2023-50743, CVE-2023-50752, CVE-2023-50753 - Multiple unauthenticated SQL Injection vulnerabilities in Online Notice Board System v1.0. Product: Kashipara Online Notice Board SystemCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50743NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50752NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50753NVD References: - https://fluidattacks.com/advisories/perahia/- https://www.kashipara.com/CVE-2023-50862 through CVE-2023-50867 - Multiple una…
CVE-2023-50253 - Laf cloud development platform versions 1.0.0-beta.13 and prior allow authenticated users to obtain any pod logs under the same namespace, resulting in unauthorized access to sensitive information.
CVE-2023-50090 - Ureport2 2.2.9 and earlier versions allow arbitrary file writing and command execution through a crafted POST request in the saveReportFile method.
CVE-2024-0222 - Chromium:
CVE-2024-0223 - Chromium:
CVE-2024-0224 - Chromium:
CVE-2024-0225 - Chromium:
CVE-2023-49622, CVE-2023-49624, CVE-2023-49625, CVE-2023-49633, CVE-2023-49639, CVE-2023-49658, CVE-2023-49665, CVE-2023-49666 - Multiple unauthenticated SQL Injection vulnerabilities in Billing Software v1.0.
CVE-2023-50743, CVE-2023-50752, CVE-2023-50753 - Multiple unauthenticated SQL Injection vulnerabilities in Online Notice Board System v1.0.
CVE-2023-50862 through CVE-2023-50867 - Multiple unauthenticated SQL Injection vulnerabilities in Travel Website v1.0.
CVE-2023-51673 - Stylish Price List – Price Table Builder & QR Code Restaurant Menu is vulnerable to a Cross-Site Request Forgery (CSRF) issue from n/a through 7.0.17.
CVE-2022-46839 - JS Help Desk – Best Help Desk & Support Plugin allows unrestricted uploading of files with dangerous types, potentially leading to arbitrary code execution.
CVE-2024-0287 - Kashipara Food Management System 1.0 is vulnerable to remote SQL injection in the file itemBillPdf.php via manipulation of the printid argument (CVE-ID: VDB-249848).
CVE-2024-0288 - Kashipara Food Management System 1.0 is vulnerable to SQL injection via the product_name parameter in the rawstock_used_damaged_submit.php file, allowing remote attackers to exploit this and disclosing the vulnerability to the public, with identifier VDB-249849.
CVE-2024-0289 - Kashipara Food Management System 1.0 is vulnerable to remote SQL injection via manipulation of the itemype argument in stock_entry_submit.php (VDB-249850).
CVE-2024-0290 - Kashipara Food Management System 1.0 is vulnerable to remote SQL injection via manipulation of the item_type argument in stock_edit.php (CVE: VDB-249851).
CVE-2023-6921 - PrestaShow Google Integrator, a PrestaShop addon, is vulnerable to Blind SQL Injection, enabling extraction and modification of data by inserting commands through cookies.
CVE-2023-47211 - ManageEngine OpManager 12.7.258 allows arbitrary file creation through a directory traversal vulnerability in the uploadMib functionality, triggered by a specially crafted HTTP request with a malicious MiB file.
CVE-2024-21650 - XWiki Platform is vulnerable to remote code execution (RCE) through user registration, allowing attackers to execute arbitrary code via crafted payloads in the "first name" or "last name" fields, affecting installations with guest registration enabled, and is patched in XWiki versions 14.10.17, 15.5.3, and 15.8 RC1.
CVE-2023-52215 - UkrSolution Simple Inventory Management - SQL Injection vulnerability in WooCommerce plugin allows for unauthorized access to the database.
CVE-2023-52218 - The Anton Bond Woocommerce Tranzila Payment Gateway before version 1.0.9 is vulnerable to Deserialization of Untrusted Data.
CVE-2023-52219 - Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.
CVE-2023-52225 - Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics is vulnerable to a Deserialization of Untrusted Data vulnerability.
CVE-2023-52207 - SVNLabs Softwares HTML5 MP3 Player with Playlist Free is vulnerable to a Deserialization of Untrusted Data flaw affecting versions from n/a through 3.0.0.
CVE-2023-50982 - Stud.IP 5.x through 5.3.3 allows XSS and enables the upload of executable files, resulting in remote code execution with www-data user privileges.
Product: Stud.IP 5.x through 5.3.3CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50982NVD References: - https://gitlab.studip.de/studip/studip/-/tags- https://rehmeinfosec.de/labor/cve-2023-50982- https://sourceforge.net/projects/studip/files/Stud.IP/5.4/CVE-2023-52200 - ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup is vulnerable to Cross-Site Request Forgery (CSRF) and Deserialization of Untrusted Data.Product: Repute Infosystems ARMember – Membership PluginCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52200NVD References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cveCVE-2023-52205 - SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free before 2.8.0 suffers from a deserialization vulnerability when processing untrusted data.Product: SVNLabs Softwares HTML5 SoundCloud Player with Playlist FreeCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52205NVD References: https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cveCVE-2023-52202 - HTML5 MP3 Player with Folder Feedburner Playlist Free is vulnerable to a Deserialization of Untrusted Data vulnerability from n/a through 2.8.0.Product: SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist FreeCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52202NVD References: https://patchstack.com/database/vulnerability/html5-mp3-player-with-mp3-folder-feedburner-playlist/wordpress-html5-mp3-player-with-folder-feedburner-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cveCVE-2024-21663 - Discord-Recon is vulnerable to remote code execution, allowing attackers to execute shell commands in the server without admin privileges, but this has been fixed in version 0.0.8.Product: Discord-Recon CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21663NVD References: - https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a- https://github.com/DEMON1A/Discord-Recon/issues/23- https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01. Product: Microsoft Azure uAMQPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21646NVD References: - https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe- https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpvCVE-2023-7220 - Totolink NR1800X 9.1.0u.6279_B20210910 is vulnerable to a critical stack-based buffer overflow in the loginAuth function of the file /cgi-bin/cstecgi.cgi, allowing for remote attacks via manipulation of the password argument, with the exploit publicly disclosed as VDB-249854.Product: Totolink NR1800XCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7220NVD References: - https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md- https://vuldb.com/?ctiid.249854- https://vuldb.com/?id.249854CVE-2023-49621 - SIMATIC CN 4100 (All versions < V2.7) uses default admin credentials, allowing an attacker to gain complete control of the device.Product: SIMATIC vulnerablityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49621NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdfCVE-2023-51438 - SIMATIC IPC1047E, SIMATIC IPC647E, SIMATIC IPC847E are vulnerable to unauthorized access through the Redfish server in default installations of maxView Storage Manager.Product: SIMATIC maxView Storage ManagerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51438NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdfCVE-2023-5347 - Korenix JetNet Series devices are vulnerable to improper verification of cryptographic signature, allowing the replacement of the entire operating system, including Trusted Executables.Product: Korenix JetNet SeriesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5347NVD References: - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/- https://www.beijerelectronics.com/en/support/Help___online?docId=69947CVE-2023-7221 - Totolink T6 4.1.9cu.5241_B20210923 is vulnerable to a critical buffer overflow in the component HTTP POST Request Handler's function main due to the manipulation of the argument v41, allowing remote attackers to initiate attacks; exploit details have been publicly disclosed under the identifier VDB-249855 with no response from the vendor.Product: Totolink T6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/d…
CVE-2023-52200 - ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup is vulnerable to Cross-Site Request Forgery (CSRF) and Deserialization of Untrusted Data.
CVE-2023-52205 - SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free before 2.8.0 suffers from a deserialization vulnerability when processing untrusted data.
CVE-2023-52202 - HTML5 MP3 Player with Folder Feedburner Playlist Free is vulnerable to a Deserialization of Untrusted Data vulnerability from n/a through 2.8.0.
CVE-2024-21663 - Discord-Recon is vulnerable to remote code execution, allowing attackers to execute shell commands in the server without admin privileges, but this has been fixed in version 0.0.8.
CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01.
CVE-2023-7220 - Totolink NR1800X 9.1.0u.6279_B20210910 is vulnerable to a critical stack-based buffer overflow in the loginAuth function of the file /cgi-bin/cstecgi.cgi, allowing for remote attacks via manipulation of the password argument, with the exploit publicly disclosed as VDB-249854.
CVE-2023-49621 - SIMATIC CN 4100 (All versions < V2.7) uses default admin credentials, allowing an attacker to gain complete control of the device.
CVE-2023-51438 - SIMATIC IPC1047E, SIMATIC IPC647E, SIMATIC IPC847E are vulnerable to unauthorized access through the Redfish server in default installations of maxView Storage Manager.
CVE-2023-5347 - Korenix JetNet Series devices are vulnerable to improper verification of cryptographic signature, allowing the replacement of the entire operating system, including Trusted Executables.
CVE-2023-7221 - Totolink T6 4.1.9cu.5241_B20210923 is vulnerable to a critical buffer overflow in the component HTTP POST Request Handler's function main due to the manipulation of the argument v41, allowing remote attackers to initiate attacks; exploit details have been publicly disclosed under the identifier VDB-249855 with no response from the vendor.
Product: Totolink T6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7221NVD References: - https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md- https://vuldb.com/?ctiid.249855- https://vuldb.com/?id.249855CVE-2024-0056 - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityProduct: Microsoft.Data.SqlClient and System.Data.SqlClientCVSS Score: 8.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0056ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056CVE-2024-20652 - Windows HTML Platforms Security Feature Bypass VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20652ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652CVE-2024-20653 - Microsoft Common Log File System Elevation of Privilege VulnerabilityProduct: Microsoft Common Log File SystemCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20653ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20653CVE-2024-20654 - Microsoft ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft ODBC DriverCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20654ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654CVE-2024-20656 - Visual Studio Elevation of Privilege VulnerabilityProduct: Microsoft Visual StudioCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20656ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656CVE-2024-20657 - Windows Group Policy Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20657ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20657CVE-2024-20658 - Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityProduct: Microsoft Virtual Hard DiskCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20658ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20658CVE-2024-20661 - Microsoft Message Queuing Denial of Service VulnerabilityProduct: Microsoft Message QueuingCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20661ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20661CVE-2024-20672 - .NET Core and Visual Studio Denial of Service VulnerabilityProduct: Microsoft .NET Core and Visual StudioCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20672ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672CVE-2024-20676 - Azure Storage Mover Remote Code Execution VulnerabilityProduct: Microsoft Azure Storage MoverCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20676ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676 CVE-2024-20677 - Microsoft Office Remote Code Execution VulnerabilityProduct: Microsoft OfficeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20677ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677CVE-2024-20681 - Windows Subsystem for Linux Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20681ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20681CVE-2024-20682 - Windows Cryptographic Services Remote Code Execution VulnerabilityProduct: Microsoft Windows Cryptographic ServicesCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20682ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682CVE-2024-20683, CVE-2024-20686 - Win32k Elevation of Privilege VulnerabilitiesProduct: Microsoft Win32kCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20683NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20686ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686CVE-2024-20687 - Microsoft AllJoyn API Denial of Service VulnerabilityProduct: Microsoft AllJoyn APICVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20687ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20687CVE-2024-20696, CVE-2024-20697 - Window…
CVE-2024-20652 - Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2024-20653 - Microsoft Common Log File System Elevation of Privilege Vulnerability
CVE-2024-20654 - Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-20656 - Visual Studio Elevation of Privilege Vulnerability
CVE-2024-20657 - Windows Group Policy Elevation of Privilege Vulnerability
CVE-2024-20658 - Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2024-20661 - Microsoft Message Queuing Denial of Service Vulnerability
CVE-2024-20672 - .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-20676 - Azure Storage Mover Remote Code Execution Vulnerability
CVE-2024-20677 - Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20681 - Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2024-20682 - Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-20683, CVE-2024-20686 - Win32k Elevation of Privilege Vulnerabilities
CVE-2024-20687 - Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20696, CVE-2024-20697 - Windows Libarchive Remote Code Execution Vulnerabilities
CVE-2024-20698 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-20700 - Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21307 - Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-21309 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-21310 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21312 - .NET Framework Denial of Service Vulnerability
CVE-2024-21318 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-37293 - AMI’s SPx BMC vulnerability allows an adjacent network attacker to cause a stack-based buffer overflow, risking the compromise of confidentiality, integrity, and availability.
CVE-2023-3043 - AMI’s SPx product is vulnerable to a stack-based buffer overflow through an adjacent network, resulting in potential loss of confidentiality, integrity, and availability.
CVE-2022-35737 - MITRE:
CVE-2023-50916 - Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path.
CVE-2023-29357 - Microsoft SharePoint Server Privilege Escalation Vulnerability
CVE-2023-46805 - Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
CVE-2024-21887 - Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Sponsors
CrashPlan
*********** Sponsored By CrashPlan ***********Do You Know Where Your Data Is? In our newly released survey, SANS is seeking insight into the amount and makeup of data that exists on on user endpoints versus central data stores, along with the rigor and effectiveness of policies that either restrict or support storing data on user endpoints. Share your thoughts with us, complete the survey for a chance to win a $250 Amazon gift card!
SANS
Join us for the CTI Summit Solutions Track 2024 on Jan 30 at 9:20am ET! Led by Ismael Valenzuela, invited guest speakers from leading CTI organizations will dive into cutting-edge CTI case studies while highlighting how the integration of AI technologies can provide unprecedented insights and advantages. | Register now:
Dragos
2023 OT Cybersecurity Year in Review Executive Briefing | Join Dragos CEO and SANS Fellow Robert M. Lee on Feb 23 at 10:30am ET for a look at the most important OT cybersecurity events and lessons learned in 2023. | Register now: