In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 10-11, 2023.
During this period, The National Vulnerability Database published 41, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 11
Medium: 12
Low: 4
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-36014
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-36024
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-46729
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
References: https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be
https://github.com/getsentry/sentry-javascript/pull/9415
https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6069
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0.
References: https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc
https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-39295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.3 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41284
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41285
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-47120
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References: https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852
https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce
https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-47611
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
References: https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-4949
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
References: https://xenbits.xenproject.org/xsa/advisory-443.html
CWE-ID: CWE-119 CWE-190
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-47128
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.
References: https://github.com/piccolo-orm/piccolo/commit/82679eb8cd1449cf31d87c9914a072e70168b6eb
https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47108
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.
References: https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138
https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b
https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw
https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-47129
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
References: https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-36027
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-4804
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 10-11, 2023.
During this period, The National Vulnerability Database published 41, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 11
Medium: 12
Low: 4
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-36014
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-36024
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-46729
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
References: https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be
https://github.com/getsentry/sentry-javascript/pull/9415
https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6069
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0.
References: https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc
https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-39295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.3 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41284
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41285
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-50
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-47120
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
References: https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852
https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce
https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-47611
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
References: https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-4949
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
References: https://xenbits.xenproject.org/xsa/advisory-443.html
CWE-ID: CWE-119 CWE-190
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-47128
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.
References: https://github.com/piccolo-orm/piccolo/commit/82679eb8cd1449cf31d87c9914a072e70168b6eb
https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47108
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.
References: https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327
https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138
https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b
https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322
https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw
https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-47129
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
References: https://github.com/statamic/cms/commit/098ef8024d97286ca501273c18ae75b646262d75
https://github.com/statamic/cms/commit/f6c688154f6bdbd0b67039f8f11dcd98ba061e77
https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-36027
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-4804
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found