homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

June 1, 2023  |  Vol. 23, Num. 22

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEs

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi

Published: 2023-05-30

Last Updated: 2023-05-31 11:07:11 UTC

by Johannes Ullrich (Version: 1)

Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” In simple terms, NiFi implements a web-based interface to define how data is moved from a source to a destination. Users may define various “processors” to manipulate data along the way. This is often needed when processing business data or preparing data for machine learning. A dataset used for machine learning may arrive in one format (let's say JSON), but to conveniently use it for training, it must be converted to JSON or inserted into a database. The features are not just attractive to machine learning, but many business processes require similar functionality.

Read the full entry:

https://isc.sans.edu/diary/Your+Business+Data+and+Machine+Learning+at+Risk+Attacks+Against+Apache+NiFi/29900/

Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT

Published: 2023-05-30

Last Updated: 2023-05-30 01:01:59 UTC

by Brad Duncan (Version: 1)

Also known as DBatLoader, ModiLoader is malware that retreives and runs payloads like Formbook, Warzone RAT, Remcos RAT, or other types of malware. Today's diary reviews a ModiLoader infection for Remcos RAT on Monday 2023-05-29.

I caught the email in one of my honeypot accounts on Monday 2023-05-29 at 4:14 UTC. These messages often spoof companies sending invoices or purchase orders. This campaign didn't appear to be specifically targeted at my honeypot account.

Read the full entry:

https://isc.sans.edu/diary/Malspam+pushes+ModiLoader+DBatLoader+infection+for+Remcos+RAT/29896/

Analyzing Office Documents Embedded Inside PPT (PowerPoint) Files

Published: 2023-05-29

Last Updated: 2023-05-29 07:27:43 UTC

by Didier Stevens (Version: 1)

I was asked how to analyze Office Documents that are embedded inside PPT files. PPT is the "standard" binary format for PowerPoint, it's an olefile. You can analyze it with oledump.py.

All embedded content is found inside stream "PowerPoint Document". For VBA, I already wrote a blog post a couple years ago: "Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt".

The analysis process for embedded files is quite similar.

Read the full entry:

https://isc.sans.edu/diary/Analyzing+Office+Documents+Embedded+Inside+PPT+PowerPoint+Files/29894/

Internet Storm Center Entries

Wireshark 4.0.6 Released (2023.05.29)

https://isc.sans.edu/diary/Wireshark+406+Released/29892/

We Can no Longer Ignore the Cost of Cybersecurity (2023.05.28)

https://isc.sans.edu/diary/We+Can+no+Longer+Ignore+the+Cost+of+Cybersecurity/29890/

DocuSign-themed email leads to script-based infection (2023.05.27)

https://isc.sans.edu/diary/DocuSignthemed+email+leads+to+scriptbased+infection/29888/

Using DFIR Techniques To Recover From Infrastructure Outages (2023.05.26)

https://isc.sans.edu/diary/Using+DFIR+Techniques+To+Recover+From+Infrastructure+Outages/29886/

IR Case/Alert Management (2023.05.24)

https://isc.sans.edu/diary/IR+CaseAlert+Management/29880/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-2868 - The Barracuda Email Security Gateway (appliance form factor only) product is vulnerable to remote command injection through a failure to comprehensively sanitize the processing of .tar files.

Product: Barracuda Email Security Gateway

CVSS Score: 9.4

** KEV since 2023-05-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2868

NVD References: 

- https://status.barracuda.com/incidents/34kx82j5n4q9

- https://www.barracuda.com/company/legal/esg-vulnerability




CVE-2023-2825 - GitLab CE/EE version 16.0.0 allows unauthenticated users to read arbitrary files through path traversal when an attachment exists in a public project nested within at least five groups.

Product: GitLab 

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2825

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8514

NVD References: 

- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json

- https://gitlab.com/gitlab-org/gitlab/-/issues/412371

- https://hackerone.com/reports/1994725




CVE-2020-20012 - WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.

Product: Sudytech Webplus Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-20012

NVD References: https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade




CVE-2023-27068 - Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.

Product: Sitecore Experience Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27068

NVD References: 

- https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner

- https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes

- https://www.sitecore.com/products/sitecore-experience-platform




CVE-2023-29919 - SolarView Compact <= 6.0 has insecure permissions, allowing any server file to be read or modified through unrestricted access to texteditor.php.

Product: Contec Solarview Compact

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29919

NVD References: 

- https://github.com/xiaosed/CVE-2023-29919/

- https://www.solarview.io/




CVE-2023-31814 - D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.

Product: D-Link Dir-300

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31814

NVD References: 

- https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade

- https://www.dlink.com/en/security-bulletin/




CVE-2023-25953 - Drive Explorer for macOS versions 3.5.4 and earlier is vulnerable to code injection, allowing attackers logged in to the client to execute arbitrary code and potentially access files without privileges.

Product: Worksmobile Drive Explorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25953

NVD References: 

- https://jvn.jp/en/jp/JVN01937209/

- https://line.worksmobile.com/jp/release-notes/20230216/




CVE-2023-27388 - T&D Corporation and ESPEC MIC CORP. data logger products have an improper authentication vulnerability that allows remote unauthenticated login as a registered user.

Product: T&D Tr-71W

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27388

NVD References: 

- https://jvn.jp/en/jp/JVN14778242/

- https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

- https://www.tandd.com/news/detail.html?id=780




CVE-2023-27397 - MicroEngine Mailform allows remote attackers to save and execute arbitrary files via unrestricted file upload with dangerous type.

Product: MicroEngine Mailform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27397

NVD References: 

- https://jvn.jp/en/jp/JVN31701509/

- https://microengine.jp/information/security_2023_05.html




CVE-2023-27507 - MicroEngine Mailform versions 1.1.0 to 1.1.8 allow remote attackers to upload and execute arbitrary files on the server due to a path traversal vulnerability.

Product: MicroEngine Mailform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27507

NVD References: 

- https://jvn.jp/en/jp/JVN31701509/

- https://microengine.jp/information/security_2023_05.html




CVE-2023-28408 - MW WP Form versions v4.4.2 and earlier allow remote attackers to alter websites, cause DoS, and obtain sensitive information through directory traversal vulnerabilities.

Product: MW WP Form Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28408

NVD References: 

- https://jvn.jp/en/jp/JVN01093915/

- https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/




CVE-2023-28409 - MW WP Form versions up to v4.4.2 allow remote attackers to upload dangerous files without authentication.

Product: MW WP Form Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28409

NVD References: 

- https://jvn.jp/en/jp/JVN01093915/

- https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/




CVE-2023-28413 - Snow Monkey Forms v5.0.6 and earlier have a directory traversal vulnerability that lets attackers obtain sensitive information, alter the website or cause DoS.

Product: Snow Monkey Forms Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28413

NVD References: 

- https://jvn.jp/en/jp/JVN01093915/

- https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/




CVE-2023-33338 - Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.

Product: Old Age Home Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33338

NVD References: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ANUJ-KUMAR/Old-Age-Home-Management-2022-2023-1.0




CVE-2023-33361 - Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.

Product: Piwigo 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33361

NVD References: https://github.com/Piwigo/Piwigo/issues/1910




CVE-2023-33362 - Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

Product: Piwigo 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33362

NVD References: https://github.com/Piwigo/Piwigo/issues/1911




CVE-2023-23298 - CIQ API version 2.3.0 through 4.1.7 allows integer overflow and device firmware hijacking due to the uninitialized parameters in the Toybox.Graphics.BufferedBitmap.initialize API method.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23298

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/Graphics/BufferedBitmap.html#initialize-instance_function

- https://developer.garmin.com/connect-iq/compatible-devices/

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md




CVE-2023-23300 - CIQ API versions 3.0.0 through 4.1.7 allow buffer overflows and firmware hijacking due to lack of parameter validation in the Toybox.Cryptography.Cipher.initialize API method.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23300

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/Cryptography/Cipher.html#initialize-instance_function

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23300.md




CVE-2023-23301 - Garmin CIQ API versions 1.0.0 through 4.1.7 allow for out-of-bounds memory access due to a vulnerability in the `news` MonkeyC operation code.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23301

NVD References: https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23301.md




CVE-2023-23302 - CIQ API's `Toybox.GenericChannel.setDeviceConfig` API method allows buffer overflow attacks if not validated, which could lead to hijacking the device's firmware.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23302

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/Ant/GenericChannel.html#setDeviceConfig-instance_function

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23302.md




CVE-2023-23303 - CIQ API versions 3.2.0 through 4.1.7 allow a buffer overflow vulnerability in the `Toybox.Ant.GenericChannel.enableEncryption` API method, which can be exploited by a malicious application to execute arbitrary code.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23303

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/Ant/GenericChannel.html#enableEncryption-instance_function

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23303.md




CVE-2023-23304 - The GarminOS TVM component in CIQ API allows unauthorized access to the `Toybox.SensorHistory` module, exposing sensitive user information.

Product: Garmin Connect-IQ

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23304

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/SensorHistory.html

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23304.md




CVE-2023-23305 - GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7 can be hijacked by a malicious application with specially crafted resources due to buffer overflow vulnerabilities.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23305

NVD References: https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23305.md




CVE-2023-23306 - CIQ API Toybox.Ant.BurstPayload.add method suffers from a type confusion vulnerability allowing a malicious application to hijack the firmware's execution by crafting a specially designed object overriding arbitrary memory.

Product: Garmin Connect-IQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23306

NVD References: 

- https://developer.garmin.com/connect-iq/api-docs/Toybox/Ant/BurstPayload.html#add-instance_function

- https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23306.md




CVE-2023-31752 - SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.

Product: Employee And Visitor Gate Pass Logging System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31752

NVD References: https://github.com/4O4NtFd/bug_report/blob/main/SQLI2/SQLi-2.md




CVE-2023-1508 - Adam Retail Automation Systems Mobilmen Terminal Software before 3 allows SQL Injection due to improper neutralization of special elements in an SQL command.

Product: Adampos Mobilmen El Terminali Yazilimi

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1508

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0284




CVE-2023-1424 - Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules are vulnerable to a buffer overflow attack, allowing remote attackers to execute malicious code or cause a DoS by sending specially crafted packets.

Product: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1424

NVD References: 

- https://jvn.jp/vu/JVNVU94650413

- https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03

- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf

- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727




CVE-2023-2865 - SourceCodester Theme Park Ticketing System 1.0 is vulnerable to a critical SQL injection attack through the manipulation of the argument id in file print_ticket.php.

Product: Theme Park Ticketing System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2865

NVD References: 

- https://github.com/XIAONIGM/CVEReport/blob/main/SQL.md

- https://vuldb.com/?ctiid.229821

- https://vuldb.com/?id.229821




CVE-2023-2750 - Cityboss E-municipality before 6.05 is vulnerable to SQL Injection.

Product: Cityboss E-municipality

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2750

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0286




CVE-2023-33009 -  Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, is vulnerable to a buffer overflow attack that can result in DoS or remote code execution.

Product: Zyxel ATP series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33009

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls




CVE-2023-33010 - Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1 and other firmware versions are vulnerable to a buffer overflow allowing remote code execution and denial-of-service attacks.

Product: Zyxel ATP series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33010

NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls




CVE-2023-2045 - Ipekyolu Software's Auto Damage Tracking Software before 4 allows SQL Injection due to improper neutralization of special elements used in an SQL command.

Product: Ipekyolu Software Auto Damage Tracking Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2045

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0289




CVE-2023-2064 - Minova Technology eTrace before 23.05.20 is vulnerable to SQL Injection.

Product: Minova Technology eTrace

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2064

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0288




CVE-2023-1174 - Minikube on macOS with Docker driver has a network port vulnerability that allows for unexpected remote access to the container.

Product: Minikube Docker Driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1174

NVD References: https://groups.google.com/g/kubernetes-security-announce/c/2ZkJFMDTKbM




CVE-2023-33796 - Netbox v3.5.1 is vulnerable to unauthenticated attackers executing queries on the GraphQL database, giving them access to sensitive data.

Product: Netbox Project 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33796

NVD References: 

- https://github.com/anhdq201/netbox/issues/16

- https://github.com/netbox-community/netbox/discussions/12729#discussioncomment-6008669




CVE-2023-2732 - The MStore API plugin for WordPress allows unauthenticated attackers to log in as any existing user on the site due to insufficient verification on the user supplied in the add listing REST API request.

Product: WordPress MStore API plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2732

NVD References: 

- https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/listing-rest-api/class.api.fields.php#L1079

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58

- https://www.wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=cve




CVE-2023-2733 - The MStore API plugin for WordPress up to version 3.9.0 allows unauthenticated attackers to log in as any existing user on the site due to an authentication bypass vulnerability in the coupon redemption API.

Product: WordPress MStore API plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2733

NVD References: 

- https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/flutter-woo.php#L734

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2913397%40mstore-api&old=2910707%40mstore-api&sfp_email=&sfph_mail=#file60

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c726d8f0-7f2a-414b-9d73-a053921074d9?source=cve




CVE-2023-2734 - The MStore API plugin for WordPress allows unauthenticated attackers to log in as any existing user due to insufficient verification in cart sync requests.

Product: Inspireui Mstore Api

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2734

NVD References: 

- https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/flutter-woo.php#L911

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2915729%40mstore-api&old=2913397%40mstore-api&sfp_email=&sfph_mail=#file59

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5881d16c-84e8-4610-8233-cfa5a94fe3f9?source=cve




CVE-2023-2882 - CBOT Chatbot before Core v4.0.3.4 Panel v4.0.3.7 allows Token Impersonation and Privilege Abuse due to the Generation of Incorrect Security Tokens vulnerability.

Product: CBOT Chatbot

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2882

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0293




CVE-2023-2885 - CBOT Chatbot before Core v4.0.3.4 allows AiTM due to a channel accessible by non-endpoints vulnerability.

Product: CBOT Chatbot

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2885

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0293




CVE-2023-2887 - Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Product: CBOT Chatbot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2887

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0293




CVE-2023-2851 - AGT Tech Ceppatron is vulnerable to SQL Injection, allowing for command line execution and affecting all software versions including EOS.

Product: AGT Tech Ceppatron

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2851

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0294




CVE-2023-26216 - TIBCO Software Inc.'s TIBCO EBX Add-ons versions 4.5.16 and below have an exploitable vulnerability allowing file uploads to a directory accessible by the web server.

Product: TIBCO Software Inc. TIBCO EBX Add-ons

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26216

NVD References: https://www.tibco.com/services/support/advisories




CVE-2022-46945 - Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.

Product: Nagvis

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46945

NVD References: 

- https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a

- https://github.com/NagVis/nagvis/compare/nagvis-1.9.33...nagvis-1.9.34




CVE-2021-46887 - Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.

Product: Huawei Emui

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-46887

NVD References: https://consumer.huawei.com/en/support/bulletin/2023/5/




CVE-2022-48478 - The vulnerable product's facial recognition TA lacks memory length verification, allowing for potential exceptions in the service.

Product: Huawei Harmonyos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48478

NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202305-0000001532778780




CVE-2022-48479 - "The vulnerable product's facial recognition TA has an out-of-bounds memory read vulnerability that can lead to service exceptions."

Product: Huawei Harmonyos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48479

NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202305-0000001532778780




CVE-2023-32321 - CKAN is vulnerable to multiple remote code execution attacks and information disclosure due to arbitrary file write, unsafe pickle loading, lack of length check, and resource overwrite.

Product: CKAN

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32321

NVD References: https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m




CVE-2023-32692 - CodeIgniter allows arbitrary code execution via Validation Placeholders, patched in version 4.3.5.

Product: CodeIgniter Validation library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32692

NVD References: 

- https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md

- https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj




CVE-2023-33175 - ToUI Python package versions 2.0.1 to 2.4.0 are vulnerable to stored XSS via user input stored in Flask-Caching, which has been patched in version 2.4.1.

Product: ToUI Flask-Caching

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33175

NVD References: 

- https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1

- https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563




CVE-2023-33189 - Pomerium access proxy may make incorrect authorization decisions with crafted requests (patched in versions 0.17.4 to 0.22.2).

Product: Pomerium Access Proxy

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33189

NVD References: 

- https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb

- https://github.com/pomerium/pomerium/releases/tag/v0.17.4

- https://github.com/pomerium/pomerium/releases/tag/v0.18.1

- https://github.com/pomerium/pomerium/releases/tag/v0.19.2

- https://github.com/pomerium/pomerium/releases/tag/v0.20.1

- https://github.com/pomerium/pomerium/releases/tag/v0.21.4

- https://github.com/pomerium/pomerium/releases/tag/v0.22.2

- https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p




CVE-2023-33193 - Emby Server is vulnerable to administrative access via spoofing certain headers, allowing login without a password or viewing a list of users without passwords, on systems where the administrator hasn't tightened the account login configuration for administrative users.

Product: Emby Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33193

NVD References: https://github.com/EmbySupport/security/security/advisories/GHSA-fffj-6fr6-3fgf




CVE-2023-33975 - RIOT-OS contains a network stack vulnerability allowing an attacker to execute arbitrary code by sending a crafted 6LoWPAN frame.

Product: RIOT-OS  an operating system for Internet of Things (IoT) devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33975

NVD References: 

- https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L320

- https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L388

- https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L463

- https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L467

- https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L480

- https://github.com/RIOT-OS/RIOT/commit/1aeb90ee5555ae78b567a6365ae4ab71bfd1404b

- https://github.com/RIOT-OS/RIOT/pull/19680

- https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-f6ff-g7mh-58q4




CVE-2023-2987 - The Wordapp plugin for WordPress allows unauthenticated attackers to access remote control functionalities through an authorization bypass vulnerability in versions up to 1.5.0.

Product: Wordapp WordPress plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2987

NVD References: 

- https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/access.php#L28

- https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/config.php#L59

- https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/pdx.php#L64

- https://www.wordfence.com/threat-intel/vulnerabilities/id/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve




CVE-2023-31457 - Mitel MiVoice Connect versions 19.3 SP2 and earlier allows unauthenticated attackers to execute arbitrary scripts due to improper access control.

Product: Mitel MiVoice Connect

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31457

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8514

NVD References: 

- https://www.mitel.com/support/security-advisories

- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004




CVE-2023-28131 - Expo.io framework allows attackers to steal credentials through a Social Sign-in vulnerability, triggered by clicking on a malicious link.

Product: expo.io Expo AuthSession Redirect Proxy

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28131

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8514




The following vulnerability need a manual review:


CVE-2023-32748

Vendor: unknown

Product: unknown

Description: unknown