homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

July 20, 2023  |  Vol. 23, Num. 28

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEs

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Citrix ADC Vulnerability CVE-2023-3519, 3466 and 3467 - Patch Now!

Published: 2023-07-19

Last Updated: 2023-07-19 16:22:55 UTC

by Rob VandenBrink (Version: 1)

Citrix released details on a new vulnerability on their ADC (Application Delivery Controller) yesterday (18 July 2023), CVE-2023-3519. This is an unauthenticated RCE (remote code execution), which means an attacker can run arbitrary code on your ADC without authentication.

This affects ADC hosts configured in any of the "gateway" roles (VPN virtual server, ICA Proxy, CVPN, RDP Proxy), which commonly face the internet, or as an authentication virtual server (AAA server), which is usually visible only from internal or management subnets.

This issue is especially urgent because malicious activity targeting this is already being seen in the wild, this definitely makes this a "patch now" situation (or as soon as you can schedule it). If your ADC faces the internet and you wait until the weekend, chances are someone else will own your ADC by then!

This fix also resolves a reflected XSS (cross site scripting) issue CVE-2023-3466 and a privilege escallation issue CVE-2023-3467.

Full details can be found here: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Read the full entry:

https://isc.sans.edu/diary/Citrix+ADC+Vulnerability+CVE20233519+3466+and+3467+Patch+Now/30044/

Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256

Published: 2023-07-18

Last Updated: 2023-07-18 11:47:48 UTC

by Johannes Ullrich (Version: 1)

Today, I noticed the following URL on our "first seen URLs" page...

We had one report for this URL on March 28th, but nothing since then. Yesterday, the request showed up again and reached our reporting threshold.

All of yesterday's requests appear to come from a single Chinese consumer broadband IP address...

The vulnerability was disclosed in March as one of two vulnerabilities in "Stagil navigation for Jira – Menus & Themes" [1]. The tool is a plugin for Jira to customize the look and feel of Jira. It is distributed via the Atlassian Marketplace.

CVE-2023-26255 and CVE-2023-26256 were both made public at the same time and describe similar directory traversal vulnerabilities. These vulnerabilities allow attackers to retrieve arbitrary files from the server. As you can see in the exploit above, the attacker attempts to download the "/etc/passwd" file. Typically, '/etc/passwd/ is not that interesting. But it is often used to verify a vulnerability. The attacker may later retrieve other files that are more interesting.

Read the full entry:

https://isc.sans.edu/diary/Exploit+Attempts+for+Stagil+navigation+for+Jira+Menus+Themes+CVE202326255+and+CVE202326256/30038/

Internet Storm Center Entries

HAM Radio + Enigma Machine Challenge (2023.07.19)

https://isc.sans.edu/diary/HAM+Radio+Enigma+Machine+Challenge/30042/

Brute-Force ZIP Password Cracking with zipdump.py: FP Fix (2023.07.16)

https://isc.sans.edu/diary/BruteForce+ZIP+Password+Cracking+with+zipdumppy+FP+Fix/30032/

Wireshark 4.0.7 Released (2023.07.15)

https://isc.sans.edu/diary/Wireshark+407+Released/30030/

DShield Honeypot Maintenance and Data Retention (2023.07.13)

https://isc.sans.edu/diary/DShield+Honeypot+Maintenance+and+Data+Retention/30024/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2023-07-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32046

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046




CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability

Product: Microsoft Windows 10 1607

CVSS Score: 8.8

** KEV since 2023-07-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32049

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049




CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability

Product: Microsoft 365 Apps

CVSS Score: 8.8

** KEV since 2023-07-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35311

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311




CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2023-07-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36874

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874




CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability

Product: Microsoft Office

CVSS Score: 8.3

** KEV since 2023-07-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36884

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884




CVE-2023-32057 - Microsoft Message Queuing Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32057

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32057




CVE-2023-33150 - Microsoft Office Security Feature Bypass Vulnerability

Product: Microsoft 365 Apps

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33150

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150




CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35365

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35365

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35366

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35367

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367




CVE-2023-26256 - The "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira allows unauthenticated path traversal by modifying the fileName parameter.

Product: STAGIL Navigation for Jira - Menu & Themes

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26256

ISC Diary: https://isc.sans.edu/diary/30038

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8578




CVE-2023-36664 -  Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Product: Debian Debian_Linux 12.0

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36664

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8572




CVE-2023-33987 -  SAP Web Dispatcher versions WEBDISP 7.49-7.90, KERNEL 7.49-7.90, KRNL64NUC 7.49, KRNL64UC 7.49-7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1 allow an unauthenticated attacker to execute a malicious payload, leading to unauthorized information access or server disruption.

Product: Sap Web Dispatcher

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33987

NVD References: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-35871 - The SAP Web Dispatcher versions WEBDISP 7.53 to 7.93, KERNEL 7.53 to 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, is vulnerable to memory corruption due to logical errors in memory management, leading to potential information disclosure or system crashes, impacting system integrity and availability.

Product: Sap Web Dispatcher

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35871

NVD References: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html




CVE-2023-29130 -  SIMATIC CN 4100 (All versions < V2.5) suffers from improper access controls in configuration files, allowing attackers to escalate privileges and gain admin access for complete device control.

Product: Siemens SIMATIC CN 4100

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29130

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf




CVE-2023-29131 - SIMATIC CN 4100 (All versions < V2.5) has an incorrect default value in SSH configuration, enabling network isolation bypass for potential attackers.

Product: Siemens SIMATIC CN 4100

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29131

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf




CVE-2023-34561 - Geometry Dash v2.113 by RobTop Games AB is vulnerable to a buffer overflow in the level parsing code, enabling attackers to execute arbitrary code by supplying a malicious Geometry Dash level.

Product: Robtopgames Geometry Dash

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34561

NVD References: https://github.com/meltah/gd-rce




CVE-2023-2746 - The Rockwell Automation Enhanced HIM software is vulnerable to a CSRF attack due to insufficient protection of its API and incorrect CORS settings, potentially leading to sensitive information disclosure and remote access.

Product: Rockwell Automation Enhanced HIM

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2746

NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760




CVE-2023-37656 - WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.

Product: Websiteguide Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37656

NVD References: https://github.com/mizhexiaoxiao/WebsiteGuide/issues/12




CVE-2023-37659 - xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). 

Product: Xalpha Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37659

NVD References: https://github.com/refraction-ray/xalpha/issues/175




CVE-2023-3617 - SourceCodester Best POS Management System 1.0 is vulnerable to a remote sql injection attack via the 'username' argument in the admin_class.php file of the Login Page component (VDB-233565).

Product: Best POS Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3617

NVD References: 

- https://github.com/movonow/demo/blob/main/kruxton.md

- https://vuldb.com/?ctiid.233565

- https://vuldb.com/?id.233565




CVE-2023-3619 - SourceCodester AC Repair and Services System 1.0 is vulnerable to a critical remote SQL injection in Master.php?f=save_service, allowing attackers to manipulate the id argument.

Product: AC Repair And Services System Project 

CVSS Score: 9.8

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-3619

- https://vuldb.com/?ctiid.233573

- https://vuldb.com/?id.233573




CVE-2023-26861 - PrestaShop vivawallet v.1.7.10 and earlier versions are susceptible to an SQL injection vulnerability, enabling remote attackers to elevate privileges through the vivawallet() module.

Product: Vivawallet Viva Wallet

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26861

NVD References: 

- https://addons.prestashop.com/fr/paiement/89363-viva-wallet-smart-checkout.html

- https://github.com/VivaPayments/API/commit/c1169680508c6e144d3e102ebdb257612e4cd84a

- https://security.friendsofpresta.org/modules/2023/07/11/vivawallet.html




CVE-2023-28001 - Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows unauthorized code execution or command execution through session reuse in the REST API.

Product: Fortinet FortiOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28001

NVD References: https://fortiguard.com/psirt/FG-IR-23-028




CVE-2023-36825 - Decidim is vulnerable to remote code execution due to a deserialization issue in the `_state` query parameter, fixed in version `14.5.0` and later.

Product: No vendor name or product name is mentioned in the given vulnerability description. 

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36825

NVD References: 

- https://github.com/orchidsoftware/platform/releases/tag/14.5.0

- https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p




CVE-2023-24492 - Citrix Secure Access client for Ubuntu is vulnerable to remote code execution through an attacker-crafted link if a user accepts malicious prompts.

Product: Citrix Secure Access

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24492

NVD References: https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492




CVE-2023-30429 - Apache Pulsar before 2.10.4 and 2.11.0 incorrectly performs authorization, allowing privilege escalation through mTLS authentication with the Pulsar Proxy, particularly if the proxy has a superuser role, by using the proxy's role instead of the client's role.

Product: Apache Software Foundation Apache Pulsar

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30429

NVD References: https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8




CVE-2023-3595 - The Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products contain a vulnerability that enables a remote attacker to execute arbitrary code and manipulate data through maliciously crafted CIP messages.

Product: Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3595

NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010




CVE-2023-29300 - Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier), and 2023.0.0.330468 (and earlier) allow arbitrary code execution via a Deserialization of Untrusted Data vulnerability, without user interaction.

Product: Adobe ColdFusion

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29300

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html




CVE-2023-3342 - The vulnerability in the User Registration plugin for WordPress allows authenticated attackers to upload arbitrary files and potentially achieve remote code execution due to a hardcoded encryption key and missing file type validation in versions up to, and including, 3.0.2, partially patched in version 3.0.2 and fully patched in version 3.0.2.1.

Product: WordPress User Registration plugin

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3342

NVD References: 

- http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html

- https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/

- https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156

- https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve




CVE-2023-1547 - Parkmatik before 02.01-a51 is vulnerable to SQL Injection through SOAP Parameter Tampering and Command Line Execution.

Product: Elra Parkmatik

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1547

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0404




CVE-2023-2957 - Lisa Software Florist Site before 3.0 allows SQL Injection.

Product: Lisa Software Florist Site

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2957

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0403




CVE-2023-23585 - Experion server can be affected by a heap overflow vulnerability leading to denial of service when processing a specially crafted message for a specific configuration operation.

Product: Experion Server DoS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23585

NVD References: https://process.honeywell.com




CVE-2023-24480 - Controller DoS due to stack overflow when decoding a message from the server

Product: N/A 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24480

NVD References: https://process.honeywell.com




CVE-2023-25078 - Server or Console Station DoS vulnerability in a specific configuration operation due to heap overflow from handling a crafted message.

Product: No vendor or product name is mentioned in the vulnerability description. 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25078

NVD References: https://process.honeywell.com




CVE-2023-25178 - Controller may be loaded with malicious firmware which could enable remote code execution

Product: Vendor Controller

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25178

NVD References: https://process.honeywell.com




CVE-2023-25770 - Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.

Product: No vendor or product name is mentioned in the vulnerability description. 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25770

NVD References: https://process.honeywell.com




CVE-2023-2003 - Vision1210 is vulnerable to an embedded malicious code flaw in version 4.3 OS build 5, allowing remote attackers to store and execute base64-encoded malicious code via PCOM protocol.

Product: Vision

Product name: Vision1210 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2003

NVD References: 

- https://www.hackplayers.com/2023/07/vulnerabilidad-vision1210-unitronics.html

- https://www.incibe.es/en/incibe-cert/notices/aviso-sci/embedded-malicious-code-vulnerability-unitronics-vision1210




CVE-2023-35070 - VegaGroup Web Collection before 31197 is vulnerable to SQL Injection.

Product: VegaGroup Web Collection

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35070

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0406




CVE-2023-37466 - Vm2, an advanced vm/sandbox for Node.js, allows attackers to escape the sandbox and execute arbitrary code through the bypassing of `Promise` handler sanitization, resulting in Remote Code Execution.

Product: vm2 Node.js

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37466

NVD References: https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5




CVE-2023-37462 - XWiki Platform is vulnerable to an injection vector through improper escaping in the document `SkinsCode.XWikiSkinsSheet`, allowing for remote code execution and unrestricted read/write access to all wiki contents.

Product: XWiki Platform XWiki

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37462

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg

- https://jira.xwiki.org/browse/XWIKI-20457




CVE-2023-2507 - CleverTap Cordova Plugin version 2.6.2 allows remote JavaScript code execution through specially constructed deeplinks due to inadequate data validation.

Product: CleverTap Cordova Plugin

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2507

NVD References: 

- https://fluidattacks.com/advisories/maiden/

- https://github.com/CleverTap/clevertap-cordova




CVE-2023-2963 - Oliva Expertise EKS before 1.2 is vulnerable to SQL Injection.

Product: Oliva Expertise EKS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2963

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0409




CVE-2023-3376 - Zekiweb is vulnerable to SQL Injection in versions before 2.

Product: Digital Strategy Zekiweb

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3376

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0408




CVE-2023-37265 - CasaOS, an open-source Personal Cloud system, allows unauthenticated attackers to execute arbitrary commands as `root` due to a lack of IP address verification, but this vulnerability was addressed in CasaOS 0.4.4 through improved client IP address detection, so users should upgrade or restrict access to untrusted users.

Product: CasaOS Personal Cloud system

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37265

NVD References: 

- https://github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7

- https://github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g




CVE-2023-37266 - CasaOS, an open-source Personal Cloud system, is vulnerable to unauthenticated attackers who can manipulate JWTs to gain unauthorized access to features and execute commands as `root`, but this issue has been fixed in commit `705bf1f` of CasaOS 0.4.4, therefore users should upgrade to this version or restrict access to untrusted users temporarily.

Product: CasaOS Personal Cloud system

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37266

NVD References: 

- https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad

- https://github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr




CVE-2023-3724 - WolfSSL TLS 1.3 client allows eavesdroppers to reconstruct the session master secret key and potentially access or tamper with message contents in the session if it does not receive a PSK or KSE from a malicious server.

Product: WolfSSL

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3724

NVD References: 

- https://github.com/wolfSSL/wolfssl/pull/6412

- https://www.wolfssl.com/docs/security-vulnerabilities/




CVE-2023-34142 - Hitachi Device Manager before 8.8.5-02 allows interception of sensitive information during cleartext transmission.

Product: Hitachi Device Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34142

NVD References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html




CVE-2023-34329 - AMI SPx has an authentication bypass vulnerability in BMC when an attacker spoofs the HTTP header, resulting in potential loss of confidentiality, integrity, and availability.

Product: AMI SPx

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34329

NVD References: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf




CVE-2023-35189 - Iagona ScrutisWeb versions 2.1.37 and prior allow unauthenticated users to upload malicious payloads and execute remote code.

Product: Iagona ScrutisWeb

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35189

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03




CVE-2023-30153 - Payplug module for PrestaShop versions 3.6.0 to 3.7.1 allows remote attackers to execute arbitrary SQL commands via ajax.php front controller.

Product: Payplug PrestaShop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30153

NVD References: 

- https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html

- https://security.friendsofpresta.org/module/2023/07/18/payplug.html




CVE-2023-21974 - The vulnerability in Oracle Application Express (component: User Account) allows a low privileged attacker with HTTP network access to compromise the Application Express Team Calendar Plugin, potentially resulting in a takeover.

Product: Oracle  Application Express Team Calendar Plugin

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21974

NVD References: https://www.oracle.com/security-alerts/cpujul2023.html




CVE-2023-21975 - The Application Express Customers Plugin product of Oracle Application Express has a vulnerability that allows a low privileged attacker to compromise the plugin and potentially impact additional products, resulting in a takeover of Application Express Customers Plugin.

Product: Oracle  Application Express Customers Plugin

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21975

NVD References: https://www.oracle.com/security-alerts/cpujul2023.html




CVE-2023-26255 - The "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira allows unauthenticated users to traverse and read the file system via a path traversal vulnerability in the snjCustomDesignConfig endpoint.

Product: STAGIL Navigation for Jira

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26255

ISC Diary: https://isc.sans.edu/diary/30038

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8578





The following vulnerabilities need a manual review:


CVE-2023-3519 - Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

CISA KEV: YES 

Product: Citrix NetScaler ADC and NetScaler Gateway

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3519

ISC Diary: https://isc.sans.edu/diary/30044

NVD References: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467




CVE-2023-3466 - Citrix ADC and Citrix Gateway

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3466

ISC Diary: https://isc.sans.edu/diary/30044

NVD References: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467




CVE-2023-3467 - Citrix ADC and Citrix Gateway

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3467

ISC Diary: https://isc.sans.edu/diary/30044

NVD References: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467




CVE-2023-37450 - Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.

CISA KEV: YES

Product: Multiple Apple Products