In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 25-26, 2023.
During this period, The National Vulnerability Database published 333, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 24
High: 75
Medium: 63
Low: 2
Severity Not Assigned: 169
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2022-3699
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-102365
https://support.lenovo.com/us/en/product_security/LEN-94532
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-1356
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-1356
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-20273
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-23767
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-26219
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
References: https://www.tibco.com/services/support/advisories
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-26568
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26568
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-26569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26569
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-26570
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26570
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-26571
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26571
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-26572
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26572
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-26573
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26573
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-26574
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26574
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-26575
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26575
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-26576
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26576
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-26577
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26577
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-26578
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26578
CWE-ID: CWE-22 CWE-434
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-26580
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26580
CWE-ID: CWE-306 CWE-552
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-26581
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26581
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-26582
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26582
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-26583
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26583
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-26584
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26584
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-27254
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27254
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-27255
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27255
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-27257
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27257
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-27258
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27258
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-27259
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27259
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-27260
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27260
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-27262
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27260
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-27375
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27375
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-27376
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27376
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-27377
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27377
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-30912
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A remote code execution issue exists in HPE OneView.
References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-34048
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
References: https://www.vmware.com/security/advisories/VMSA-2023-0023.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-34446
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
References: https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10
https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-34447
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
References: https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33
https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802
https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-37283
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
References: https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-37908
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.
References: https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp
https://jira.xwiki.org/browse/XRENDERING-697
CWE-ID: CWE-83
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-37909
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.
References: https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx
https://jira.xwiki.org/browse/XWIKI-20746
CWE-ID: CWE-95
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-37910
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.
References: https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29
https://jira.xwiki.org/browse/XWIKI-20334
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-37912
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.
References: https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5
https://jira.xwiki.org/browse/XRENDERING-688
CWE-ID: CWE-270
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-37913
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.
References: https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m
https://jira.xwiki.org/browse/XWIKI-20715
CWE-ID: CWE-22 CWE-23
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-38041
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-39219
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
References: https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-39231
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
References: https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394
https://www.pingidentity.com/en/resources/downloads/pingid.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-39930
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
References: https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-3010
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Grafana is an open-source platform for monitoring and observability.
The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.
References: https://grafana.com/security/security-advisories/cve-2023-3010/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-3112
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-128081
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-41255
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication
of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-41339
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.
References: https://github.com/geoserver/geoserver/releases/tag/2.22.5
https://github.com/geoserver/geoserver/releases/tag/2.23.2
https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-41372
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-41721
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
References: https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-41960
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-926
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-42488
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-42489
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-42490
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-42491
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: EisBaer Scada - CWE-285: Improper Authorization
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-42492
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-42493
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: EisBaer Scada - CWE-256: Plaintext Storage of a Password
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-42494
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-43488
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-43506
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
62. CVE-2023-43507
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
63. CVE-2023-43795
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References: https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
64. CVE-2023-45220
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
65. CVE-2023-45321
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
66. CVE-2023-45637
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
References: https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
67. CVE-2023-45750
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.
References: https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
68. CVE-2023-45756
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions.
References: https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
69. CVE-2023-45759
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions.
References: https://patchstack.com/database/vulnerability/peters-custom-anti-spam-image/wordpress-peter-s-custom-anti-spam-plugin-3-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
70. CVE-2023-45761
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions.
References: https://patchstack.com/database/vulnerability/official-sendle-shipping-method/wordpress-sendle-shipping-plugin-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
71. CVE-2023-45769
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.
References: https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
72. CVE-2023-45770
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.
References: https://patchstack.com/database/vulnerability/fast-wp-speed/wordpress-fast-wp-speed-plugin-1-0-0-reflected-cross-site-scripting-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
73. CVE-2023-45772
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.
References: https://patchstack.com/database/vulnerability/proofreading/wordpress-proofreading-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
74. CVE-2023-45835
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.
References: https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
75. CVE-2023-45837
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.
References: https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
76. CVE-2023-45844
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.7
Impact Score: 6.0
Description: The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
77. CVE-2023-45851
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.
This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
78. CVE-2023-46070
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.
References: https://patchstack.com/database/vulnerability/eg-attachments/wordpress-eg-attachments-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
79. CVE-2023-46071
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.
References: https://patchstack.com/database/vulnerability/click-datos-lopd/wordpress-proteccion-de-datos-rgpd-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
80. CVE-2023-46102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled to the AppHub server, connects to an MQTT
broker to exchange messages and receive commands to execute on the HMI device.
The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.
This issue allows an attacker able to control a malicious MQTT broker on the same subnet
network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
81. CVE-2023-46119
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
References: https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
https://github.com/parse-community/parse-server/releases/tag/5.5.6
https://github.com/parse-community/parse-server/releases/tag/6.3.1
https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
82. CVE-2023-46124
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`.
References: https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee
https://github.com/ethyca/fides/releases/tag/2.22.1
https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
83. CVE-2023-46136
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
References: https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
CWE-ID: CWE-400 CWE-407
Common Platform Enumerations (CPE): Not Found
84. CVE-2023-4606
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
References: https://support.lenovo.com/us/en/product_security/LEN-140960
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
85. CVE-2023-4607
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An authenticated XCC user can change permissions for any user through a crafted API command.
References: https://support.lenovo.com/us/en/product_security/LEN-140960
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
86. CVE-2023-5311
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.
References: https://giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311
https://plugins.trac.wordpress.org/changeset/2977703/wp-extra
https://www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
87. CVE-2023-5717
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06
https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
88. CVE-2023-5746
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_23_11
CWE-ID: CWE-134
Common Platform Enumerations (CPE): Not Found
89. CVE-2022-4886
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
References: http://www.openwall.com/lists/oss-security/2023/10/25/5
https://github.com/kubernetes/ingress-nginx/issues/10570
https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
90. CVE-2023-45134
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3
https://jira.xwiki.org/browse/XWIKI-20962
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
91. CVE-2023-45135
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right.
For the attack to work, the attacker needs to convince the victim to visit a link like `/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right.
This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.
References: https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9
https://jira.xwiki.org/browse/XWIKI-20869
CWE-ID: CWE-116
Common Platform Enumerations (CPE): Not Found
92. CVE-2023-45136
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w
https://jira.xwiki.org/browse/XWIKI-20854
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
93. CVE-2023-5043
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Ingress nginx annotation injection causes arbitrary command execution.
References: http://www.openwall.com/lists/oss-security/2023/10/25/4
https://github.com/kubernetes/ingress-nginx/issues/10571
https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
94. CVE-2023-5044
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
References: http://www.openwall.com/lists/oss-security/2023/10/25/3
https://github.com/kubernetes/ingress-nginx/issues/10572
https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
95. CVE-2023-5367
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
References: https://access.redhat.com/security/cve/CVE-2023-5367
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.debian.org/security/2023/dsa-5534
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
96. CVE-2023-5574
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
References: https://access.redhat.com/security/cve/CVE-2023-5574
https://bugzilla.redhat.com/show_bug.cgi?id=2244735
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
97. CVE-2023-45137
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929
https://jira.xwiki.org/browse/XWIKI-20961
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
98. CVE-2023-46133
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.
References: https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757
https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h
CWE-ID: CWE-328 CWE-916
Common Platform Enumerations (CPE): Not Found
99. CVE-2023-46233
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
References: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a
https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf
CWE-ID: CWE-328 CWE-916
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 25-26, 2023.
During this period, The National Vulnerability Database published 333, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 24
High: 75
Medium: 63
Low: 2
Severity Not Assigned: 169
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2022-3699
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-102365
https://support.lenovo.com/us/en/product_security/LEN-94532
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-1356
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-1356
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-20273
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-23767
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-26219
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
References: https://www.tibco.com/services/support/advisories
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-26568
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26568
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-26569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26569
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-26570
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26570
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-26571
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26571
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-26572
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26572
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-26573
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26573
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-26574
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26574
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-26575
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26575
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-26576
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26576
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-26577
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26577
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-26578
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26578
CWE-ID: CWE-22 CWE-434
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-26580
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26580
CWE-ID: CWE-306 CWE-552
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-26581
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26581
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-26582
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26582
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-26583
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26583
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-26584
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-26584
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-27254
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27254
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-27255
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27255
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-27257
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27257
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-27258
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27258
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-27259
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27259
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-27260
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27260
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-27262
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27260
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-27375
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27375
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-27376
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27376
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-27377
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
References: https://www.themissinglink.com.au/security-advisories/cve-2023-27377
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-30912
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A remote code execution issue exists in HPE OneView.
References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-34048
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
References: https://www.vmware.com/security/advisories/VMSA-2023-0023.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-34446
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
References: https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10
https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-34447
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
References: https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33
https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802
https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-37283
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
References: https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-37908
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.
References: https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp
https://jira.xwiki.org/browse/XRENDERING-697
CWE-ID: CWE-83
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-37909
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.
References: https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx
https://jira.xwiki.org/browse/XWIKI-20746
CWE-ID: CWE-95
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-37910
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.
References: https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29
https://jira.xwiki.org/browse/XWIKI-20334
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-37912
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.
References: https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5
https://jira.xwiki.org/browse/XRENDERING-688
CWE-ID: CWE-270
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-37913
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.
References: https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m
https://jira.xwiki.org/browse/XWIKI-20715
CWE-ID: CWE-22 CWE-23
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-38041
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
References: https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-39219
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
References: https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-39231
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
References: https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394
https://www.pingidentity.com/en/resources/downloads/pingid.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-39930
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
References: https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-3010
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Grafana is an open-source platform for monitoring and observability.
The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.
References: https://grafana.com/security/security-advisories/cve-2023-3010/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-3112
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-128081
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-41255
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication
of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-41339
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=
References: https://github.com/geoserver/geoserver/releases/tag/2.22.5
https://github.com/geoserver/geoserver/releases/tag/2.23.2
https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-41372
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-41721
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
References: https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-41960
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-926
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-42488
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-42489
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-732
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-42490
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-42491
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: EisBaer Scada - CWE-285: Improper Authorization
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-42492
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-42493
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: EisBaer Scada - CWE-256: Plaintext Storage of a Password
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-256
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-42494
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-43488
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-43506
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
62. CVE-2023-43507
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
63. CVE-2023-43795
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.
References: https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
64. CVE-2023-45220
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
65. CVE-2023-45321
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
66. CVE-2023-45637
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
References: https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
67. CVE-2023-45750
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.
References: https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
68. CVE-2023-45756
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions.
References: https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
69. CVE-2023-45759
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions.
References: https://patchstack.com/database/vulnerability/peters-custom-anti-spam-image/wordpress-peter-s-custom-anti-spam-plugin-3-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
70. CVE-2023-45761
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions.
References: https://patchstack.com/database/vulnerability/official-sendle-shipping-method/wordpress-sendle-shipping-plugin-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
71. CVE-2023-45769
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.
References: https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
72. CVE-2023-45770
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.
References: https://patchstack.com/database/vulnerability/fast-wp-speed/wordpress-fast-wp-speed-plugin-1-0-0-reflected-cross-site-scripting-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
73. CVE-2023-45772
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.
References: https://patchstack.com/database/vulnerability/proofreading/wordpress-proofreading-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
74. CVE-2023-45835
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.
References: https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
75. CVE-2023-45837
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.
References: https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
76. CVE-2023-45844
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.7
Impact Score: 6.0
Description: The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
77. CVE-2023-45851
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.
This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
78. CVE-2023-46070
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.
References: https://patchstack.com/database/vulnerability/eg-attachments/wordpress-eg-attachments-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
79. CVE-2023-46071
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.
References: https://patchstack.com/database/vulnerability/click-datos-lopd/wordpress-proteccion-de-datos-rgpd-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
80. CVE-2023-46102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Android Client application, when enrolled to the AppHub server, connects to an MQTT
broker to exchange messages and receive commands to execute on the HMI device.
The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.
This issue allows an attacker able to control a malicious MQTT broker on the same subnet
network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
81. CVE-2023-46119
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
References: https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
https://github.com/parse-community/parse-server/releases/tag/5.5.6
https://github.com/parse-community/parse-server/releases/tag/6.3.1
https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
82. CVE-2023-46124
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`.
References: https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee
https://github.com/ethyca/fides/releases/tag/2.22.1
https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
83. CVE-2023-46136
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
References: https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
CWE-ID: CWE-400 CWE-407
Common Platform Enumerations (CPE): Not Found
84. CVE-2023-4606
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
References: https://support.lenovo.com/us/en/product_security/LEN-140960
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
85. CVE-2023-4607
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: An authenticated XCC user can change permissions for any user through a crafted API command.
References: https://support.lenovo.com/us/en/product_security/LEN-140960
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
86. CVE-2023-5311
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.
References: https://giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311
https://plugins.trac.wordpress.org/changeset/2977703/wp-extra
https://www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
87. CVE-2023-5717
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06
https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
88. CVE-2023-5746
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_23_11
CWE-ID: CWE-134
Common Platform Enumerations (CPE): Not Found
89. CVE-2022-4886
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
References: http://www.openwall.com/lists/oss-security/2023/10/25/5
https://github.com/kubernetes/ingress-nginx/issues/10570
https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
90. CVE-2023-45134
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3
https://jira.xwiki.org/browse/XWIKI-20962
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
91. CVE-2023-45135
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right.
For the attack to work, the attacker needs to convince the victim to visit a link like `
This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.
References: https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9
https://jira.xwiki.org/browse/XWIKI-20869
CWE-ID: CWE-116
Common Platform Enumerations (CPE): Not Found
92. CVE-2023-45136
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w
https://jira.xwiki.org/browse/XWIKI-20854
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
93. CVE-2023-5043
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Ingress nginx annotation injection causes arbitrary command execution.
References: http://www.openwall.com/lists/oss-security/2023/10/25/4
https://github.com/kubernetes/ingress-nginx/issues/10571
https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
94. CVE-2023-5044
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
References: http://www.openwall.com/lists/oss-security/2023/10/25/3
https://github.com/kubernetes/ingress-nginx/issues/10572
https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
95. CVE-2023-5367
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
References: https://access.redhat.com/security/cve/CVE-2023-5367
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.debian.org/security/2023/dsa-5534
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
96. CVE-2023-5574
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
References: https://access.redhat.com/security/cve/CVE-2023-5574
https://bugzilla.redhat.com/show_bug.cgi?id=2244735
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
97. CVE-2023-45137
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References: https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929
https://jira.xwiki.org/browse/XWIKI-20961
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
98. CVE-2023-46133
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.
References: https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757
https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h
CWE-ID: CWE-328 CWE-916
Common Platform Enumerations (CPE): Not Found
99. CVE-2023-46233
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
References: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a
https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf
CWE-ID: CWE-328 CWE-916
Common Platform Enumerations (CPE): Not Found