In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 13-14, 2023.
During this period, The National Vulnerability Database published 152, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 43
Medium: 55
Low: 6
Severity Not Assigned: 44
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6753
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
References: https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-45800
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.
References: https://hanbiro.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-45801
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
References: http://www.nadatel.com/
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-27488
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
References: https://fortiguard.com/psirt/FG-IR-22-038
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-36639
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
References: https://fortiguard.com/psirt/FG-IR-23-138
CWE-ID: CWE-134
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41673
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
References: https://fortiguard.com/psirt/FG-IR-23-270
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41678
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
References: https://fortiguard.com/psirt/FG-IR-23-196
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-46671
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).
References: https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-46675
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.
References: https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-48782
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters
References: https://fortiguard.com/psirt/FG-IR-23-450
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-48791
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
References: https://fortiguard.com/psirt/FG-IR-23-425
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-6377
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
References: http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/security/cve/CVE-2023-6377
https://bugzilla.redhat.com/show_bug.cgi?id=2253291
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
https://www.debian.org/security/2023/dsa-5576
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6478
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
References: http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/security/cve/CVE-2023-6478
https://bugzilla.redhat.com/show_bug.cgi?id=2253298
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
https://www.debian.org/security/2023/dsa-5576
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
14. CVE-2022-22942
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
References: https://github.com/vmware/photon/wiki/Security-Update-3.0-356
https://github.com/vmware/photon/wiki/Security-Update-4.0-148
https://www.openwall.com/lists/oss-security/2022/01/27/4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-31210
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
References: https://checkmk.com/werk/16226
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-44251
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
References: https://fortiguard.com/psirt/FG-IR-23-265
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-44252
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
References: https://fortiguard.com/psirt/FG-IR-23-061
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-6718
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-47063
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-47074
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-47075
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6721
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-6722
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-6723
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-42495
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-48625
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-48626
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-48627
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-48628
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-48629
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-48630
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48633
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-48634
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-48639
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-46726
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.
References: https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2
https://github.com/glpi-project/glpi/releases/tag/10.0.11
https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-46727
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.
References: https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46
https://github.com/glpi-project/glpi/releases/tag/10.0.11
https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-6790
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
References: https://security.paloaltonetworks.com/CVE-2023-6790
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-46247
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
References: https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74
CWE-ID: CWE-193 CWE-682
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-47619
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
References: https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/
CWE-ID: CWE-200 CWE-918
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-47624
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
References: https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-48702
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.
References: https://github.com/jellyfin/jellyfin/commit/83d2c69516471e2db72d9273c6a04247d0f37c86
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rr9h-w522-cvmr
https://securitylab.github.com/advisories/GHSL-2023-028_jellyfin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-43585
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-43586
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.8
Description: Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-45166
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267964
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-45170
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267968
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-45174
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267972
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 13-14, 2023.
During this period, The National Vulnerability Database published 152, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 43
Medium: 55
Low: 6
Severity Not Assigned: 44
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6753
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
References: https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-45800
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.
References: https://hanbiro.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-45801
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
References: http://www.nadatel.com/
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-27488
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
References: https://fortiguard.com/psirt/FG-IR-22-038
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-36639
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
References: https://fortiguard.com/psirt/FG-IR-23-138
CWE-ID: CWE-134
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-41673
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
References: https://fortiguard.com/psirt/FG-IR-23-270
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-41678
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
References: https://fortiguard.com/psirt/FG-IR-23-196
CWE-ID: CWE-415
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-46671
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).
References: https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-46675
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.
References: https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-48782
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters
References: https://fortiguard.com/psirt/FG-IR-23-450
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-48791
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
References: https://fortiguard.com/psirt/FG-IR-23-425
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-6377
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
References: http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/security/cve/CVE-2023-6377
https://bugzilla.redhat.com/show_bug.cgi?id=2253291
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
https://www.debian.org/security/2023/dsa-5576
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6478
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
References: http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/security/cve/CVE-2023-6478
https://bugzilla.redhat.com/show_bug.cgi?id=2253298
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
https://www.debian.org/security/2023/dsa-5576
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
14. CVE-2022-22942
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
References: https://github.com/vmware/photon/wiki/Security-Update-3.0-356
https://github.com/vmware/photon/wiki/Security-Update-4.0-148
https://www.openwall.com/lists/oss-security/2022/01/27/4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-31210
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
References: https://checkmk.com/werk/16226
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-44251
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
References: https://fortiguard.com/psirt/FG-IR-23-265
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-44252
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
References: https://fortiguard.com/psirt/FG-IR-23-061
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-6718
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-288
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-47063
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-47074
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-47075
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6721
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-6722
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-6723
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-42495
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description:
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-48625
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-48626
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-48627
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-48628
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-48629
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-48630
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48633
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-48634
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-48639
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-46726
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.
References: https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2
https://github.com/glpi-project/glpi/releases/tag/10.0.11
https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-46727
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.
References: https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46
https://github.com/glpi-project/glpi/releases/tag/10.0.11
https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-6790
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
References: https://security.paloaltonetworks.com/CVE-2023-6790
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-46247
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.
References: https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb
https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74
CWE-ID: CWE-193 CWE-682
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-47619
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
References: https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/
CWE-ID: CWE-200 CWE-918
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-47624
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
References: https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32
https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-48702
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.
References: https://github.com/jellyfin/jellyfin/commit/83d2c69516471e2db72d9273c6a04247d0f37c86
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rr9h-w522-cvmr
https://securitylab.github.com/advisories/GHSL-2023-028_jellyfin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-43585
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-43586
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.8
Description: Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-45166
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267964
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-45170
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267968
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-45174
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/267972
https://www.ibm.com/support/pages/node/7095022
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found