The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Are typos still relevant as an indicator of phishing?

Published: 2023-10-16

Last Updated: 2023-10-16 07:17:38 UTC

by Jan Kopriva (Version: 1)

I was recently asked by a customer whether it still makes sense to cover “typos” as a potential indicator that an e-mail message may be malicious in the context of security awareness courses.

One might not expect typos to be relevant anymore, given the prevalence of automated language proofing solutions and the availability of modern LLMs, which threat actors may avail themselves of, coupled with advanced capabilities of modern security solutions used to automatically identify and filter out spam and malicious messages… Nevertheless, the truth is that although the aforementioned indicator may not be as useful as it once was, it may still point a recipient in the right direction.

One good example of why this is so was provided by a phishing campaign we saw last week, when several messages, which were trying to masquerade as e-mails from the WeTransfer service, were delivered to our ISC inbox ...

Read the full entry:

https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316/

Changes to SMS Delivery and How it Effects MFA and Phishing

Published: 2023-10-17

Last Updated: 2023-10-17 14:02:19 UTC

by Johannes Ullrich (Version: 1)

Spam and phishing SMS messages (sometimes called "smishing") have been problematic in recent years. These messages often bypass security controls and are more challenging to identify as malicious by users. Moreover, they can be just simply annoying.

This post does apply to US telecom companies. Let me know how this is being dealt with in other countries.

Here is a simple "stupid" one I just received yesterday ...

But often, you will now see "smishing" that asks you to reply. For example, an attack I wrote about recently ...

Initially, I figured it might be required to reply to the message to "activate" the phishing page. This would certainly make analysis of these messages more difficult. But the phishing page was accessible even without replying. So there must be another reason for this.

My best guess is that these messages are asking for replies to fool anti-spam techniques put in place by carriers. Over the last few years, carriers in the US have implemented more and more anti-spam measures for SMS. This is partly driven by regulations that initially allowed carriers to filter messages, and now, more and more require them to implement filters. T-Mobile, for example, uses a detailed "code of conduct" to inform customers what T-Mobile considers appropriate behavior.

Red the full entry:

https://isc.sans.edu/diary/Changes+to+SMS+Delivery+and+How+it+Effects+MFA+and+Phishing/30320/

Hiding in Hex (2023.10.18)

https://isc.sans.edu/diary/Hiding+in+Hex/30322/

Domain Name Used as Password Captured by DShield Sensor (2023.10.15)

https://isc.sans.edu/diary/Domain+Name+Used+as+Password+Captured+by+DShield+Sensor/30312/

What's Normal: MAC Addresses (2023.10.13)

https://isc.sans.edu/diary/Whats+Normal+MAC+Addresses/30310/

CVE-2023-22515 - Confluence Data Center and Server instances allowed external attackers to create unauthorized administrator accounts and access Confluence instances.

Product: Atlassian Confluence

CVSS Score: 0

** KEV since 2023-10-05 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22515

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8698




CVE-2023-20198 - Cisco IOS XE Software is vulnerable to remote attackers creating privileged accounts and gaining control of the affected system.

Product: Cisco Cisco IOS XE Software

CVSS Score: 10.0

** KEV since 2023-10-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20198

NVD References: 

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

- https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/

- https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit




CVE-2023-21608 - Adobe Acrobat Reader versions 22.003.20282, 22.003.20281, and 20.005.30418 have a Use After Free vulnerability allowing arbitrary code execution when a user opens a malicious file.

Product: Adobe Acrobat Reader

CVSS Score: 0

** KEV since 2023-10-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21608

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8698




CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 6.5

** KEV since 2023-10-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36563

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563




CVE-2023-41763 - Skype for Business Elevation of Privilege Vulnerability

Product: Microsoft Skype For Business Server

CVSS Score: 5.3

** KEV since 2023-10-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41763

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763




CVE-2023-44487 - MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

Product: IETF HTTP

CVSS Score: 0

** KEV since 2023-10-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44487

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487

NVD References: 

- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event      




CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.

Product: Citrix NetScaler Application Delivery Controller

CVSS Score: 7.5

** KEV since 2023-10-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4966

NVD References: https://support.citrix.com/article/CTX579459




CVE-2023-35349 - Microsoft Message Queuing Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35349

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349




CVE-2023-36434 - Windows IIS Server Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36434

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434




CVE-2023-38545 - Curl's heap based buffer in the SOCKS5 proxy handshake overflows when passing a host name longer than 255 bytes.

Product: Vendor: curl

Product: curl 

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38545

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8698

NVD References: https://curl.se/docs/CVE-2023-38545.html




CVE-2023-43261 - An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Product: Milesight UR5X

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43261

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8706




CVE-2023-43625 - Simcenter Amesim (All versions < V2021.1) allows unauthenticated remote attackers to perform DLL injection and execute arbitrary code via a SOAP endpoint.

Product: Siemens Simcenter Amesim

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43625

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-386812.pdf




CVE-2023-41373 - The BIG-IP Configuration Utility has a directory traversal vulnerability that allows authenticated attackers to execute commands and potentially bypass security boundaries in Appliance mode.

Product: F5 BIG-IP Access Policy Manager

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41373

NVD References: https://my.f5.com/manage/s/article/K000135689




CVE-2023-30801 - qBittorrent client through 4.5.5 allows remote attackers to execute arbitrary commands via default credentials in the web user interface.

Product: qbittorrent 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30801

NVD References: 

- https://github.com/qbittorrent/qBittorrent/issues/18731

- https://vulncheck.com/advisories/qbittorrent-default-creds




CVE-2023-30803 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 allows remote and unauthenticated attackers to access administrative functionality through an authentication bypass vulnerability.

Product: Sangfor Next-Gen Application Firewall

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30803

NVD References: 

- https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

- https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass




CVE-2023-30805 - Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection through mishandling of shell meta-characters in the "un" parameter, allowing remote and unauthenticated attackers to execute arbitrary commands via a crafted HTTP POST request to the /LogInOut.php endpoint.

Product: Sangfor Next-Gen Application Firewall

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30805

NVD References: 

- https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

- https://vulncheck.com/advisories/sangfor-ngaf-username-rce




CVE-2023-30806 - The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection via crafted HTTP POST request to the /cgi-bin/login.cgi endpoint, allowing remote unauthenticated attackers to execute arbitrary commands due to mishandling of shell meta-characters in the PHPSESSID cookie.

Product: Sangfor Next-Gen Application Firewall

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30806

NVD References: 

- https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4

- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

- https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce




CVE-2020-27630 - In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

Product: Silabs uC-TCP-IP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27630

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2020-27631 - In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.

Product: Oryx-Embedded CycloneTCP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27631

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2020-27633 - In FNET 4.6.3, TCP ISNs are improperly random.

Product: Butok FNET

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27633

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2020-27634 - In Contiki 4.5, TCP ISNs are improperly random.

Product: Contiki-NG 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27634

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2020-27635 - In PicoTCP 1.7.0, TCP ISNs are improperly random.

Product: Capgemini PicoTCP

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27635

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2020-27636 - In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

Product: Microchip MPLAB Network Creator

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27636

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01

- https://www.forescout.com

- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/




CVE-2023-34992 - Fortinet FortiSIEM versions 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allow OS command injection, enabling attackers to execute unauthorized code or commands via crafted API requests.

Product: Fortinet FortiSIEM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34992

NVD References: https://fortiguard.com/psirt/FG-IR-23-130




CVE-2023-34993 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.

Product: Fortinet FortiWLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34993

NVD References: https://fortiguard.com/psirt/FG-IR-23-140




CVE-2023-36547 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.

Product: Fortinet FortiWLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36547

NVD References: https://fortiguard.com/psirt/FG-IR-23-140




CVE-2023-36548 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.

Product: Fortinet FortiWLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36548

NVD References: https://fortiguard.com/psirt/FG-IR-23-140




CVE-2023-36549 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.

Product: Fortinet FortiWLM

CVSS Score: 9.8

NVD References: https://fortiguard.com/psirt/FG-IR-23-140




CVE-2023-36550 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 improperly neutralize special elements used in an os command, allowing attackers to execute unauthorized code or commands via crafted http get request parameters.

Product: Fortinet FortiWLM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36550

NVD References: https://fortiguard.com/psirt/FG-IR-23-140




CVE-2023-41679 - FortiManager management interface in versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, and 6.0 all versions improperly allows remote and authenticated attackers to add and delete CLI scripts on other ADOMs with "device management" permission in a specific ADOM.

Product: Fortinet FortiManager

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41679

NVD References: https://fortiguard.com/psirt/FG-IR-23-062




CVE-2023-4309 - The ESC Internet Election Service is vulnerable to SQL injection, allowing an attacker to read or modify data for multiple elections sharing the same backend database.

Product: Election Services Co. (ESC) Internet Election Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4309

NVD References: 

- https://schemasecurity.co/private-elections.pdf

- https://www.electionservicesco.com/pages/services_internet.php

- https://www.youtube.com/watch?v=yeG1xZkHc64




CVE-2023-44106 - API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Product: Huawei Harmonyos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44106

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2023/10/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540




CVE-2023-44105 - Windows Manager module in the operating system allows abnormal behavior due to lack of strict permission verification.

Product: Huawei Harmonyos

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44105

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2023/10/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540




CVE-2023-44107 - Screen projection module is vulnerable to defects introduced in the design process, which can be exploited to affect service availability and integrity.

Product: Huawei Harmonyos

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44107

NVD References: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540




CVE-2023-44116 - APPWidget module has a vulnerability of weak access permissions verification, enabling unauthorized apps to run.

Product: Huawei Harmonyos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44116

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2023/10/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540




CVE-2023-44118 - Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

Product: Huawei Harmonyos

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44118

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2023/10/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540




CVE-2023-5521 - Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

Product: Kernelsu 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5521

NVD References: 

- https://github.com/tiann/kernelsu/commit/a22959beae1aad96b1f72710a5daadf529c41bda

- https://huntr.dev/bounties/d438eff7-4e24-45e0-bc75-d3a5b3ab2ea1




CVE-2023-37538 - HCL Digital Experience is vulnerable to reflected XSS, requiring a victim to click on a crafted URL from a delivery mechanism.

Product: HCL Digital Experience

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37538

NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006




CVE-2023-24479 - Yifan YF325 v1.0_20221108 is vulnerable to an authentication bypass in the nvram.cgi functionality, allowing arbitrary command execution through a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24479

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1762




CVE-2023-31272 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd do_wds functionality, allowing an attacker to remotely trigger the vulnerability through a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31272

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765




CVE-2023-32632 - Yifan YF325 v1.0_20221108 is vulnerable to command execution due to a flaw in the validate.so diag_ping_start functionality when processing a specially crafted network request. Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32632

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767




CVE-2023-32645 - Yifan YF325 v1.0_20221108 is vulnerable to authentication bypass via a specially crafted network request in its httpd debug credentials functionality.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32645

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752




CVE-2023-34346 - Yifan YF325 v1.0_20221108 is susceptible to a stack-based buffer overflow vulnerability in its httpd gwcfg.cgi get functionality, allowing for command execution through a specially crafted network packet.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34346

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764




CVE-2023-34365 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in libutils.so nvram_restore, which can be exploited by an attacker through a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34365

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763




CVE-2023-34426 - Yifan YF325 v1.0_20221108 is vulnerable to a stack-based buffer overflow in its httpd manage_request function, allowing an attacker to exploit it by sending a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34426

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766




CVE-2023-35055 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in the next_page parameter of the gozila_cgi function, allowing remote attackers to execute arbitrary commands by sending a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35055

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761




CVE-2023-35056 - Yifan YF325 v1.0_20221108 is vulnerable to a buffer overflow in its httpd next_page functionality, allowing command execution via a specially crafted network request.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35056

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761




CVE-2023-35965 - Yifan YF325 v1.0_20221108 is prone to two heap-based buffer overflow vulnerabilities in its httpd manage_post functionality, that can be exploited by an attacker sending a specially crafted network request, leading to a heap buffer overflow due to an integer overflow.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35965

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787




CVE-2023-35966 - Yifan YF325 v1.0_20221108 httpd manage_post functionality has two heap-based buffer overflow vulnerabilities that can be exploited by sending a specially crafted network request to trigger a heap buffer overflow, due to an integer overflow used as an argument for the realloc function.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35966

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787




CVE-2023-35967 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, allowing an attacker to trigger the flaws via a specially crafted network request, leading to a heap buffer overflow due to an integer overflow in the malloc function argument.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35967

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788




CVE-2023-35968 - Yifan YF325 v1.0_20221108 is vulnerable to two heap-based buffer overflow vulnerabilities in the gwcfg_cgi_set_manage_post_data functionality, which can be triggered by a specially crafted network request causing a heap buffer overflow due to an integer overflow in the argument for the realloc function.

Product: Yifanwireless YF325

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35968

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788




CVE-2023-35646 - TBD in TBD has a stack buffer overflow vulnerability, enabling remote code execution without additional privileges or user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35646

NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01




CVE-2023-35647 - ProtocolEmbmsGlobalCellIdAdapter in protocolembmsadapter.cpp allows for a possible out of bounds read, potentially enabling remote information disclosure and requiring baseband firmware compromise with no user interaction needed.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35647

NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01




CVE-2023-35648 - ProtocolMiscLceIndAdapter in protocolmiscadapter.cpp allows remote information disclosure due to a missing bounds check in GetConfLevel().

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35648

NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01




CVE-2023-35662 - The vulnerable product experiences an out of bounds write caused by buffer overflow, leading to remote code execution without requiring additional privileges or user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35662

NVD References: https://source.android.com/security/bulletin/pixel/2023-10-01




CVE-2023-45132 - NAXSI, an open-source maintenance web application firewall for NGINX, allows bypass of its protections when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules prior to version 1.6.

Product: Wargio NAXSI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45132

NVD References: 

- https://github.com/wargio/naxsi/commit/1b712526ed3314dd6be7e8b0259eabda63c19537

- https://github.com/wargio/naxsi/pull/103

- https://github.com/wargio/naxsi/security/advisories/GHSA-7qjc-q4j9-pc8x




CVE-2023-29453 - Go Templates do not properly consider backticks (`) as Javascript string delimiters, allowing arbitrary Javascript code injection in Go templates.

Product: Google Go Template

CVSS Score: 9.8 

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29453

NVD References: https://support.zabbix.com/browse/ZBX-23388




CVE-2023-40833 - Thecosy IceCMS v.1.0.0 allows remote attackers to gain privileges through improper handling of Id and key parameters in getCosSetting.

Product: IceCMS Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40833

NVD References: https://gist.github.com/Sholway/93f05987dbf35c15c26de32b1e5590ec




CVE-2023-32723 - Request to LDAP is sent before user permissions are checked.

Product: Zabbix 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32723

NVD References: https://support.zabbix.com/browse/ZBX-23230




CVE-2023-5554 - Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.

Product: Linecorp 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5554

NVD References: https://hackerone.com/reports/2106827




CVE-2023-23737 - Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.

Product: Managewp Broken Link Checker

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23737

NVD References: https://patchstack.com/database/vulnerability/mainwp-broken-links-checker-extension/wordpress-mainwp-broken-links-checker-extension-plugin-4-0-unauthenticated-sql-injection-vulnerability?_s_id=cve




CVE-2023-5045 - Kayisi before 1286 is vulnerable to SQL Injection and Command Line Execution.

Product: Biltay Kayisi

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5045

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0580




CVE-2023-5046 - Procost by Biltay Technology before 1390 allows SQL Injection, Command Line Execution.

Product: Biltay Procost

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5046

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0581




CVE-2023-27395 - SoftEther VPN is vulnerable to a heap-based buffer overflow that allows arbitrary code execution via a crafted network packet, which can be triggered by a man-in-the-middle attack.

Product: SoftEther VPN 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27395

NVD References: 

- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735

- https://www.softether.org/9-about/News/904-SEVPN202301




CVE-2023-45133 - Babel compiler versions prior to 7.23.2 and 8.0.0-alpha.4, as well as all versions of babel-traverse, are vulnerable to arbitrary code execution during compilation if attacker-crafted code is used with specific plugins.

Product: Babel

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45133

NVD References: 

- https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82

- https://github.com/babel/babel/pull/16033

- https://github.com/babel/babel/releases/tag/v7.23.2

- https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4

- https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92

- https://www.debian.org/security/2023/dsa-5528




CVE-2023-45138 - Change Request application prior to version 1.9.2 allows script injection and remote code execution by users without any specific right, by inserting an appropriate title when creating a new Change Request, which has been fixed in version 1.9.2.

Product: Change Request

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45138

NVD References: 

- https://github.com/xwiki-contrib/application-changerequest/commit/7565e720117f73102f5a276239eabfe85e15cff4

- https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-f776-w9v2-7vfj

- https://jira.xwiki.org/browse/CRAPP-298




CVE-2023-41262 - Plixer Scrutinizer before 19.3.1 is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements.

Product: Plixer Scrutinizer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41262

NVD References: https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md




CVE-2023-4562 - Mitsubishi Electric Corporation MELSEC-F Series main modules have an improper authentication vulnerability that enables remote attackers to retrieve or manipulate sequence programs without authentication.

Product: Mitsubishi Electric Corporation MELSEC-F Series

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4562

NVD References: 

- https://jvn.jp/vu/JVNVU90509290/

- https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13

- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-012_en.pdf




CVE-2023-5572 - Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.

Product: Vrite 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5572

NVD References: 

- https://github.com/vriteio/vrite/commit/1877683b932bb33fb20d688e476284b70bb9fe23

- https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be




CVE-2023-45162 - The 1E Platform is vulnerable to Blind SQL Injection, allowing for arbitrary code execution, which can be remediated by applying the relevant hotfix.

Product: 1E Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45162

NVD References: https://www.1e.com/trust-security-compliance/cve-info/




CVE-2023-45466 - Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

Product: Netis-Systems N3Mv2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45466

NVD References: https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20pin_host%20parameter%20in%20wps%20setting.md




CVE-2023-21413 - Axis devices using ACAP applications are vulnerable to remote code execution due to a flaw in the application handling service, allowing attackers to run arbitrary code during installation.

Product: Genetec Inc. Axis

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21413

NVD References: https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf




CVE-2023-3991 - FreshTomato 2023.3 is vulnerable to OS command injection, allowing arbitrary command execution through a specially crafted HTTP request.

Product: FreshTomato httpd iperfrun.cgi

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3991

NVD References: https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html




CVE-2023-45128 - Fiber, an express inspired web framework written in Go, is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to inject arbitrary values and forge malicious requests, compromising application security and integrity.

Product: Go Fiber

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45128

NVD References: 

- https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a

- https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368




CVE-2023-45144 - The com.xwiki.identity-oauth:identity-oauth-ui package is vulnerable to cross site scripting (XSS) and XWiki syntax injection, allowing remote code execution via the groovy macro and affecting the confidentiality, integrity, and availability of the XWiki installation, which has been fixed in Identity OAuth version 1.6 with no known workarounds, requiring users to upgrade.

Product: xwiki identity-oauth

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45144

NVD References: 

- https://github.com/xwikisas/identity-oauth/blob/master/ui/src/main/resources/IdentityOAuth/LoginUIExtension.vm#L58

- https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6

- https://github.com/xwikisas/identity-oauth/commit/d805d3154b17c6bf455ddf5deb0a3461a3833bc6#diff-2ab2e0716443d790d7d798320e4a45151661f4eca5440331f4a227b29c87c188

- https://github.com/xwikisas/identity-oauth/security/advisories/GHSA-h2rm-29ch-wfmh

- https://jira.xwiki.org/browse/XWIKI-20719




CVE-2023-34207 - EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to execute arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege through a crafted ZIP archive.

Product: EasyUse MailHunter Ultimate

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34207

NVD References: https://zuso.ai/Advisory/ZA-2023-04




CVE-2023-42497 - Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

Product: Liferay Portal

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42497

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497




CVE-2023-42629 - Liferay Portal 7.4.2 through 7.4.3.87 and Liferay DXP 7.4 before update 88 have a stored XSS vulnerability where an attacker can inject malicious web script or HTML through a crafted payload in the 'description' text field of a Vocabulary on the manage vocabulary page.

Product: Liferay Portal Liferay DXP

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42629

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629




CVE-2023-44309 - Liferay Portal and Liferay DXP versions 7.4.2 through 7.4.3.53 and version 7.4 before update 54 are vulnerable to multiple stored cross-site scripting (XSS) attacks, where remote attackers can inject arbitrary web script or HTML into non-HTML fields of a linked source asset.

Product: Liferay Portal

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44309

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309




CVE-2023-44310 - Page Tree menu in Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.

Product: Liferay Portal 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44310

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310




CVE-2023-44311 - Liferay Portal 7.4.3.41 through 7.4.3.89 and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the code or error parameter, due to multiple reflected XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class, caused by an incomplete fix in CVE-2023-33941.

Product: Liferay Portal Plugin for OAuth 2.0

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44311

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311




CVE-2023-42628 - Liferay Portal and Liferay DXP are vulnerable to stored cross-site scripting (XSS) attacks, allowing remote attackers to inject malicious web script or HTML into a parent wiki page via a crafted payload in the wiki page's 'Content' text field.

Product: Liferay Portal Wiki widget

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42628

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628




CVE-2023-42627 - The Liferay Portal and Liferay DXP versions 7.3.5 through 7.4.3.91, and 7.3 update 33 and earlier, and 7.4 before update 92 are susceptible to multiple stored XSS vulnerabilities, allowing remote attackers to inject arbitrary web script or HTML through various input fields.

Product: Liferay Portal Liferay Portal

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42627

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627




CVE-2023-22069, CVE-2023-22089 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to easily exploitable vulnerabilities that allow unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.

Product: Oracle WebLogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22069

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22089

NVD References: https://www.oracle.com/security-alerts/cpuoct2023.html




CVE-2023-22072 - Oracle WebLogic Server in Oracle Fusion Middleware (Core component) version 12.2.1.3.0 is vulnerable to takeover by an unauthenticated attacker with network access via T3, IIOP, leading to severe impacts on confidentiality, integrity, and availability, with a CVSS 3.1 Base Score of 9.8.

Product: Oracle WebLogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22072

NVD References: https://www.oracle.com/security-alerts/cpuoct2023.html