In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 03-04, 2023.
During this period, The National Vulnerability Database published 103, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 21
Medium: 27
Low: 0
Severity Not Assigned: 46
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-41345
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-41346
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-41347
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-41348
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-41350
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
References: https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41351
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41352
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7502-287ec-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-41353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7503-a27ed-1.html
CWE-ID: CWE-521
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-41355
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.
References: https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-41344
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
References: https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-41357
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5948
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.8
Description: Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.
References: https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-1194
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.
References: https://access.redhat.com/security/cve/CVE-2023-1194
https://bugzilla.redhat.com/show_bug.cgi?id=2154176
https://www.spinics.net/lists/stable-commits/msg303065.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-46846
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6267
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46846
https://bugzilla.redhat.com/show_bug.cgi?id=2245910
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-46847
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.3
Description: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6267
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46847
https://bugzilla.redhat.com/show_bug.cgi?id=2245916
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-46848
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46848
https://bugzilla.redhat.com/show_bug.cgi?id=2245919
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-5824
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
References: https://access.redhat.com/security/cve/CVE-2023-5824
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-1476
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
References: https://access.redhat.com/errata/RHSA-2023:1659
https://access.redhat.com/security/cve/CVE-2023-1476
https://bugzilla.redhat.com/show_bug.cgi?id=2176035
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-3277
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.
References: https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4591
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wpn-xm-serverstack
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-25960
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.
References: https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-23368
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-31
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-23369
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-23-35
CWE-ID: CWE-77 CWE-78
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-39299
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
Music Station 4.8.11 and later
Music Station 5.1.16 and later
Music Station 5.3.23 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-61
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-3893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.
References: https://github.com/kubernetes/kubernetes/issues/119594
https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
26. CVE-2022-43554
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2022-43555
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2022-44569
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
References: https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-41725
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-41726
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 03-04, 2023.
During this period, The National Vulnerability Database published 103, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 21
Medium: 27
Low: 0
Severity Not Assigned: 46
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-41345
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-41346
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-41347
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-41348
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-41350
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
References: https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41351
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41352
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
References: https://www.twcert.org.tw/tw/cp-132-7502-287ec-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-41353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7503-a27ed-1.html
CWE-ID: CWE-521
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-41355
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.
References: https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-41344
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
References: https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-41357
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.
References: https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-5948
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.8
Description: Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.
References: https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-1194
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.
References: https://access.redhat.com/security/cve/CVE-2023-1194
https://bugzilla.redhat.com/show_bug.cgi?id=2154176
https://www.spinics.net/lists/stable-commits/msg303065.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-46846
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6267
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46846
https://bugzilla.redhat.com/show_bug.cgi?id=2245910
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-46847
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.3
Description: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6267
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46847
https://bugzilla.redhat.com/show_bug.cgi?id=2245916
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-46848
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References: https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46848
https://bugzilla.redhat.com/show_bug.cgi?id=2245919
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-5824
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
References: https://access.redhat.com/security/cve/CVE-2023-5824
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-1476
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
References: https://access.redhat.com/errata/RHSA-2023:1659
https://access.redhat.com/security/cve/CVE-2023-1476
https://bugzilla.redhat.com/show_bug.cgi?id=2176035
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-3277
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.
References: https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L821
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4591
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wpn-xm-serverstack
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-25960
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.
References: https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-23368
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-31
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-23369
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-23-35
CWE-ID: CWE-77 CWE-78
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-39299
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
Music Station 4.8.11 and later
Music Station 5.1.16 and later
Music Station 5.3.23 and later
References: https://www.qnap.com/en/security-advisory/qsa-23-61
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-3893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.
References: https://github.com/kubernetes/kubernetes/issues/119594
https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
26. CVE-2022-43554
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2022-43555
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2022-44569
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
References: https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-41725
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-41726
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
References: https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found