In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 27-28, 2023.
During this period, The National Vulnerability Database published 104, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 18
Medium: 26
Low: 3
Severity Not Assigned: 48
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-43738
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-44162
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-44375
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-34057
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
References: https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-34058
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References: http://www.openwall.com/lists/oss-security/2023/10/27/1
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-34059
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
References: http://www.openwall.com/lists/oss-security/2023/10/27/2
http://www.openwall.com/lists/oss-security/2023/10/27/3
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-46153
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.
References: https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5570
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.
References: https://www.usom.gov.tr/bildirim/tr-23-0609
CWE-ID: CWE-1320
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5820
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox
https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-44376
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-44377
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5807
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.
References: https://www.usom.gov.tr/bildirim/tr-23-0608
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-5443
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.
References: https://www.usom.gov.tr/bildirim/tr-23-0610
CWE-ID: CWE-1320
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-46604
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
References: http://www.openwall.com/lists/oss-security/2023/10/27/5
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
15. CVE-2022-34886
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.
References: https://iknow.lenovo.com.cn/detail/205041.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-27854
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-27858
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-46289
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-46290
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4967
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
References: https://support.citrix.com/article/CTX579459/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
21. CVE-2022-3611
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.
References: https://iknow.lenovo.com.cn/detail/205280.html
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
22. CVE-2022-3701
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-94532
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-5828
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.
References: https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc
https://vuldb.com/?ctiid.243727
https://vuldb.com/?id.243727
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-44480
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46208
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
References: https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-46209
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.
References: https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-5830
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
References: https://vuldb.com/?ctiid.243729
https://vuldb.com/?id.243729
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 27-28, 2023.
During this period, The National Vulnerability Database published 104, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 18
Medium: 26
Low: 3
Severity Not Assigned: 48
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-43738
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-44162
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-44375
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-34057
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
References: https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-34058
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References: http://www.openwall.com/lists/oss-security/2023/10/27/1
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-34059
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
References: http://www.openwall.com/lists/oss-security/2023/10/27/2
http://www.openwall.com/lists/oss-security/2023/10/27/3
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-46153
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.
References: https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5570
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.
References: https://www.usom.gov.tr/bildirim/tr-23-0609
CWE-ID: CWE-1320
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5820
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=
https://wordpress.org/plugins/wp-responsive-slider-with-lightbox
https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-44376
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-44377
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ono
https://https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5807
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.
References: https://www.usom.gov.tr/bildirim/tr-23-0608
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-5443
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.
References: https://www.usom.gov.tr/bildirim/tr-23-0610
CWE-ID: CWE-1320
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-46604
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
References: http://www.openwall.com/lists/oss-security/2023/10/27/5
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
15. CVE-2022-34886
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.
References: https://iknow.lenovo.com.cn/detail/205041.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-27854
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-27858
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-46289
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-46290
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4967
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
References: https://support.citrix.com/article/CTX579459/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
21. CVE-2022-3611
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.
References: https://iknow.lenovo.com.cn/detail/205280.html
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
22. CVE-2022-3701
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-94532
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-5828
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.
References: https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc
https://vuldb.com/?ctiid.243727
https://vuldb.com/?id.243727
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-44480
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46208
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.
References: https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-46209
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.
References: https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-5830
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
References: https://vuldb.com/?ctiid.243729
https://vuldb.com/?id.243729
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found