homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

May 11, 2023  |  Vol. 23, Num. 19

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEs

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft May 2023 Patch Tuesday

Published: 2023-05-09

Last Updated: 2023-05-09 17:41:35 UTC

by Renato Marinho (Version: 1)

This month we got patches for 49 vulnerabilities. Of these, 6 are critical, and 2 are already being exploited, according to Microsoft.

One of the exploited vulnerabilities is a Win32k Elevation of Privilege Vulnerability (CVE-2023-29336). This vulnerability has low attack complexity, low privilege, and none user interaction. The attack vector is local, the CVSS is 7.8, and the severity is Important.

The second exploited vulnerability is Secure Boot Security Feature Bypass Vulnerability (CVE-2023-24932). According to the advisory, to exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy. The CVSS for this vulnerability is 6.7 and its severity is Important.

About the critical vulnerabilities, there is a Remote Code Execution (RCE) affecting Windows Network File System (CVE-2023-24941). According to the advisory, this vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). The advisory also details a mitigation procedure. The CVSS for this vulnerability is 9.8 – the highest for this month.

A second critical vulnerability worth mentioning is an RCE affecting Windows Lightweight Directory Access Protocol (LDAP) (CVE-2023-28283). According to the advisory, an unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. The attack complexity is high, which means that successful exploitation of this vulnerability requires an attacker to win a race condition. The CVSS for this vulnerability is 8.1.

Read the full entry:

https://isc.sans.edu/diary/Microsoft+May+2023+Patch+Tuesday/29826/

Guildma is now abusing colorcpl.exe LOLBIN

Published: 2023-05-05

Last Updated: 2023-05-05 17:00:59 UTC

by Renato Marinho (Version: 1)Published: 2023-05-05

Last Updated: 2023-05-05 17:00:59 UTC

by Renato Marinho (Version: 1)

While analyzing a Guildma (AKA Astaroth) sample recently uploaded to MalwareBazaar, we came across a chain of LOLBIN abuse. It is not uncommon to see malicious code using the LOLBIN ‘bitsadmin.exe’ to download artifacts from the Internet. However, what is interesting in this case is that Guildma first copies ‘bitsadmin.exe’ to a less suspect path using ‘colorcpl.exe’, another LOLBIN, before executing it.

The ‘colorcpl.exe’ binary is the command line tool to open the Windows Color Management panel. When used without parameters, it just opens the tool. If a file is given as a parameter, ‘colorcpl.exe’ will copy the file to the ‘c:\windows\system32\spool\drivers\color\’ path. This path is writable by any user?—?so there is nothing here related to abusing the binary to access a privileged location. It seems to be a way to not draw the attention of security controls by avoiding using the ‘copy’ command.

Read the full entry:

https://isc.sans.edu/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/

Infostealer Embedded in a Word Document

Published: 2023-05-04

Last Updated: 2023-05-04 05:33:19 UTC

by Xavier Mertens (Version: 1)

When attackers design malicious documents, one of their challenges is to make the potential victim confident to perform dangerous actions: click on a link, disable a security feature, etc. The best example is probably VBA macros in Microsoft Office documents. Disabled by default, the attacker must make the user confident to enable them by clicking on the “yellow ribbon” on top of the document.

Yesterday I found a malicious document that implements another approach. The SHA256 is c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12 and the VT score is 27/59.

Read the full entry:

https://isc.sans.edu/diary/Infostealer+Embedded+in+a+Word+Document/29810/

Internet Storm Center Entries

Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 (2023.05.10)

https://isc.sans.edu/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+2/29828/

Quickly Finding Encoded Payloads in Office Documents (2023.05.07)

https://isc.sans.edu/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/

Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1 (2023.05.06)

https://isc.sans.edu/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2023-29336 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Win32k

CVSS Score: 7.8

** KEV since 2023-05-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29336

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336




CVE-2023-24902 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Win32k

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24902

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902




CVE-2023-24941 - Windows Network File System Remote Code Execution Vulnerability

Product: Microsoft Windows Network File System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24941

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941




CVE-2023-24901 - Windows NFS Portmapper Information Disclosure Vulnerability

Product: Microsoft Windows

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24901

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901




CVE-2023-24939 - Server for NFS Denial of Service Vulnerability

Product: Microsoft Server for NFS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24939

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939




CVE-2023-24943 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24943

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943




CVE-2023-24940 - Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Product: Microsoft Windows PGM

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24940

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940




CVE-2023-28283 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Product: Microsoft Windows Lightweight Directory Access Protocol (LDAP)

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28283

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283




CVE-2023-24932 - Secure Boot Security Feature Bypass Vulnerability

Product: Microsoft Windows

CVSS Score: 6.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24932

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932




CVE-2023-1730 - SupportCandy WordPress plugin before 3.1.5 allows unauthenticated attackers to perform SQL injection attacks due to lack of input validation.

Product: SupportCandy 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1730

NVD References: https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7




CVE-2023-30869 - Easy Digital Downloads plugin allows unauthenticated users to escalate privileges due to improper authentication.

Product: Sandhillsdev Easy Digital Downloads

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30869

NVD References: 

- https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve

- https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve




CVE-2023-2479 - OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.

Product: Appium Appium-Desktop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2479

NVD References: 

- https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe

- https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4




CVE-2023-29778 - GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.

Product: GL-iNet GL-MT3000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29778

NVD References: 

- http://glinet.com

- https://github.com/OlivierLaflamme/cve/blob/main/GL.iNET/MT3000/get_nginx_log_RCE.md




CVE-2023-2459 - Chromium: CVE-2023-2459 Inappropriate implementation in Prompts

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2459

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1423304

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2460 - Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2460

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1419732

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2462 - Chromium: CVE-2023-2462 Inappropriate implementation in Prompts

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2462

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1375133

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2463 - Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2463

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1406120

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2464 - Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2464

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1418549

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2465 - Chromium: CVE-2023-2465 Inappropriate implementation in CORS

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2465

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1399862

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2466 - Chromium: CVE-2023-2466 Inappropriate implementation in Prompts

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2466

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1385714

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2467 - Chromium: CVE-2023-2467 Inappropriate implementation in Prompts

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2467

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1413586

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-2468 - Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture

Product: Google Chrome

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2468

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468

NVD References: 

- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

- https://crbug.com/1416380

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

- https://www.debian.org/security/2023/dsa-5398




CVE-2023-25826 - OpenTSDB is vulnerable to OS command injection through incomplete validation of parameters in its legacy HTTP query API.

Product: OpenTSDB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25826

NVD References: 

- https://github.com/OpenTSDB/opentsdb/pull/2275

- https://www.synopsys.com/blogs/software-security/opentsdb/




CVE-2023-30204 - Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.

Product: Judging Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30204

NVD References: https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-3.md




CVE-2023-22637 - FortiNAC is vulnerable to a Cross-site Scripting (XSS) flaw that could allow an attacker to remotely execute code via crafted licenses.

Product: Fortinet Fortinac

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22637

NVD References: https://fortiguard.com/psirt/FG-IR-23-013




CVE-2022-47757 - imo.im 2022.11.1051 is vulnerable to path traversal allowing an attacker to execute arbitrary code by saving a shared library in a special directory.

Product: imo 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47757

NVD References: https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj




CVE-2023-29842 - ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.

Product: ChurchCRM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29842

NVD References: 

- https://github.com/ChurchCRM/CRM

- https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md

- https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.py




CVE-2023-30077 - Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.

Product: Judging Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30077

NVD References: https://github.com/Dzero57/cve_report/blob/main/judging-management-system/SQLi-1.md




CVE-2023-30331 - Beetl v3.15.0 is vulnerable to server-side template injection (SSTI) due to a flaw in its render function when processing a specially-crafted payload.

Product: Beetl Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30331

NVD References: 

- https://gitee.com/xiandafu/beetl/issues/I6RUIP

- https://github.com/luelueking/Beetl-3.15.0-vuln-poc




CVE-2023-22651 - SUSE Rancher is vulnerable to improper privilege management, allowing for privilege escalation due to a failure in the update logic of Rancher's admission Webhook.

Product: SUSE Rancher

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22651

NVD References: 

- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651

- https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g




CVE-2023-29350 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Product: Microsoft Edge (Chromium-based)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29350

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350




CVE-2023-29354 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Product: Microsoft Edge (Chromium-based)

CVSS Score: 4.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29354

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354




CVE-2023-22779, CVE-2023-22780, CVE-2023-22781, CVE-2023-22782, CVE-2023-22783, CVE-2023-22784, CVE-2023-22785, CVE-2023-22786   - Aruba access point management protocol has buffer overflow vulnerabilities leading to remote code execution via specially crafted packets.

Product: Aruba PAPI (access point management protocol)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22779

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22780

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22781

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22782

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22783

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22784

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22785

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22786

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt




CVE-2023-27934 - macOS Ventura DCE/RPC memory initialization issue could result in unexpected app termination or arbitrary code execution

Product: macOS Ventura

CVSS Score: critical

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27934

Apple Details: https://support.apple.com/en-us/HT201222

NVD References: https://support.apple.com/en-us/HT213670




CVE-2023-27935 - A vulnerability in DCE/RPC in macOS could result in unexpected app termination or arbitrary code execution

Product: macOS

CVSS Score: critical

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27935

Apple Details: https://support.apple.com/en-us/HT201222

NVD References: 

- https://support.apple.com/en-us/HT213670

- https://support.apple.com/en-us/HT213675

- https://support.apple.com/en-us/HT213677




CVE-2023-2478 - GitLab CE/EE is vulnerable to unauthorized users attaching malicious runners to projects via a GraphQL endpoint.

Product: GitLab CE/EE

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2478

NVD References: 

- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json

- https://gitlab.com/gitlab-org/gitlab/-/issues/409470

- https://hackerone.com/reports/1969599




CVE-2023-31123 - `effectindex/tripreporter` allows any user with a password matching the password requirements to log in as any user, resulting in access to accounts/data loss of the user.

Product: effectindex tripreporter

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31123

NVD References: 

- https://github.com/effectindex/tripreporter/commit/bd80ba833b9023d39ca22e29874296c8729dd53b

- https://github.com/effectindex/tripreporter/security/advisories/GHSA-356r-rwp8-h6m6




CVE-2023-31127 - Libspdm prior to version 2.3.1 is vulnerable to a session establishment bypass.

Product: DMTF libspdm

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31127

NVD References: 

- https://github.com/DMTF/libspdm/pull/2006

- https://github.com/DMTF/libspdm/pull/2007

- https://github.com/DMTF/libspdm/security/advisories/GHSA-qw76-4v8p-xq9f




CVE-2023-28762 - SAP BusinessObjects Business Intelligence Platform versions 420 and 430 allow an attacker with admin privileges to obtain login tokens and impersonate logged-in users, potentially accessing/modifying data and causing system downtime.

Product: SAP BusinessObjects Business Intelligence Platform

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28762

NVD References: 

- https://launchpad.support.sap.com/#/notes/3307833

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-27407 - SCALANCE LPE9403 (All versions < V2.1) is vulnerable to command injection due to improper user input validation, which could allow an authenticated remote attacker to access the operating system as root.

Product: SCALANCE LPE9403 Siemens

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27407

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-325383.pdf




CVE-2023-30898 - Siveillance Video Event Server deserializes data without sufficient validation, allowing authenticated remote attackers to execute code.

Product: Siemens Siveillance Video

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30898

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf




CVE-2023-30899 - Siveillance Video versions prior to HotfixRev14/V20.2 are vulnerable to remote code execution due to insufficient data validation in the Management Server component.

Product: Siemens Siveillance Video

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30899

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf




CVE-2023-31126 - XWiki's org.xwiki.commons:xwiki-commons-xml allows cross-site scripting attacks via invalid data attributes in the HTML sanitizer introduced in version 14.6-rc-1, and has been patched in versions 14.10.4 and 15.0 RC1.

Product: XWiki xwiki-commons-xml

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31126

NVD References: 

- https://github.com/xwiki/xwiki-commons/commit/0b8e9c45b7e7457043938f35265b2aa5adc76a68

- https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-pv7v-ph6g-3gxv

- https://jira.xwiki.org/browse/XCOMMONS-2606




CVE-2023-32069 - XWiki Platform before version 14.10.4 and 15.0-rc-1 allows users to execute commands with the right of the author of XWiki.ClassSheet document.

Product: XWiki Platform XWiki

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32069

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f

- https://jira.xwiki.org/browse/XWIKI-20566




CVE-2023-32071 - XWiki Platform versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1 allow users to execute javascript via a special URL targeting a page with an attachment.

Product: XWiki Platform XWiki

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32071

NVD References: 

- https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK

- https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm

- https://jira.xwiki.org/browse/XWIKI-20340




CVE-2023-24898 - Windows SMB Denial of Service Vulnerability

Product: Microsoft Windows SMB

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24898

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898




CVE-2023-24899 - Windows Graphics Component Elevation of Privilege Vulnerability

Product: Microsoft Windows Graphics Component

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24899

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899




CVE-2023-24903 - Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Product: Microsoft Windows Secure Socket Tunneling Protocol (SSTP)

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24903

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903




CVE-2023-24904 - Windows Installer Elevation of Privilege Vulnerability

Product: Microsoft Windows Installer

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24904

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904




CVE-2023-24905 - Remote Desktop Client Remote Code Execution Vulnerability

Product: Microsoft Remote Desktop Client

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24905

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905




CVE-2023-28290 - Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

Product: Microsoft Remote Desktop app for Windows

CVSS Score: 5.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28290

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28290




CVE-2023-24942 - Remote Procedure Call Runtime Denial of Service Vulnerability

Product: Microsoft Remote Procedure Call (RPC) runtime

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24942

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942




CVE-2023-24946 - Windows Backup Service Elevation of Privilege Vulnerability

Product: Microsoft Windows Backup Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24946

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946




CVE-2023-24947 - Windows Bluetooth Driver Remote Code Execution Vulnerability

Product: Microsoft Windows Bluetooth Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24947

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947




CVE-2023-24948 - Windows Bluetooth Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows Bluetooth Driver

CVSS Score: 7.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24948

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948




CVE-2023-24949 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows Kernel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24949

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949




CVE-2023-24953 - Microsoft Excel Remote Code Execution Vulnerability

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24953

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953




CVE-2023-24955 - Microsoft SharePoint Server Remote Code Execution Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24955

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955




CVE-2023-29325 - Windows OLE Remote Code Execution Vulnerability

Product: Microsoft Windows

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29325

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325




CVE-2023-29335 - Microsoft Word Security Feature Bypass Vulnerability

Product: Microsoft Word

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29335

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335




CVE-2023-29340 - AV1 Video Extension Remote Code Execution Vulnerability

Product: Mozilla Firefox

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29340

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29340




CVE-2023-29341 - AV1 Video Extension Remote Code Execution Vulnerability

Product: Mozilla Firefox

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29341

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29341




CVE-2023-29343 - SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

Product: SysInternals Sysmon for Windows

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29343

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343




CVE-2023-29344 - Microsoft Office Remote Code Execution Vulnerability

Product: Microsoft Office

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29344

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29344




CVE-2023-24900 - Windows NTLM Security Support Provider Information Disclosure Vulnerability

Product: Microsoft Windows NTLM

CVSS Score: 5.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24900

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900




CVE-2023-24944 - Windows Bluetooth Driver Information Disclosure Vulnerability

Product: Microsoft Windows Bluetooth Driver

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24944

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944




CVE-2023-24945 - Windows iSCSI Target Service Information Disclosure Vulnerability

Product: Microsoft Windows iSCSI Target Service

CVSS Score: 5.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24945

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945




CVE-2023-24950 - Microsoft SharePoint Server Spoofing Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24950

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950




CVE-2023-24954 - Microsoft SharePoint Server Information Disclosure Vulnerability

Product: Microsoft SharePoint Server

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24954

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954




CVE-2023-28251 - Windows Driver Revocation List Security Feature Bypass Vulnerability

Product: Microsoft Windows Driver Revocation List

CVSS Score: 5.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28251

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251




CVE-2023-29324 - Windows MSHTML Platform Security Feature Bypass Vulnerability

Product: Microsoft Windows MSHTML Platform

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29324

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324




CVE-2023-29338 - Visual Studio Code Information Disclosure Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 5.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29338

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338




CVE-2023-24881 - Microsoft Teams Information Disclosure Vulnerability

Product: Microsoft Teams

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24881

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24881




CVE-2023-29333 - Microsoft Access Denial of Service Vulnerability

Product: Microsoft Access

CVSS Score: 3.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29333

ISC Diary: https://isc.sans.edu/diary/29826

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333