In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 05-06, 2023.
During this period, The National Vulnerability Database published 138, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 53
Medium: 39
Low: 6
Severity Not Assigned: 32
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-49291
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337
https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815
https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060
https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf
https://securitylab.github.com/research/github-actions-untrusted-input
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-5808
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).
References: https://support.hitachivantara.com/
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-rj6h-jjg2-7gf3
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-48316
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-48691
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48692
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-m2rx-243p-9w64
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-48693
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/threadx/security/advisories/GHSA-p7w6-62rq-vrf9
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-48695
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 5.8
Description: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-28546
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory Corruption in SPS Application while exporting public key in sorter TA.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-28550
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in MPP performance while accessing DSM watermark using external memory address.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-28551
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-28585
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Memory corruption while loading an ELF segment in TEE Kernel.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-28587
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-28588
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Bluetooth Host while rfc slot allocation.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-33017
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-33018
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption while using the UIM diag command to get the operators name.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-33022
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in HLOS while invoking IOCTL calls from user-space.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-33041
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-33042
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Modem after RRC Setup message is received.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-33043
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-33044
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Data modem while handling TLB control messages from the Network.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-33053
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Kernel while parsing metadata.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-33054
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-33063
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in DSP Services during a remote call from HLOS to DSP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-33070
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-33071
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-33079
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Audio while running invalid audio recording from ADSP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-33080
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-33081
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-33082
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-33083
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption in WLAN Host while processing RRM beacon on the AP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-33087
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Core while processing RX intent request.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-33088
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption when processing cmd parameters while parsing vdev.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-33089
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS when processing a NULL buffer while parsing WLAN vdev.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-33092
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-33097
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in WLAN Firmware while processing a FTMR frame.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-33098
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-33106
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-33107
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-42560
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-42561
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-42565
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.3
Description: Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-42566
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-42567
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-42571
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-42580
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-42581
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-39248
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-os10-security-updates-for-uncontrolled-resource-consumption
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-44288
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.
References: https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities
CWE-ID: CWE-664
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-5188
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.
References: https://cert.vde.com/en/advisories/VDE-2023-044/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-6269
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An argument injection vulnerability has been identified in the
administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an
unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain
access as an arbitrary (administrative) user.
References: https://networks.unify.com/security/advisories/OBSO-2310-01.pdf
https://r.sec-consult.com/unifyroot
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-43608
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-45838
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-45839
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-45840
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-45841
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-45842
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-6357
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
References: https://https://cert.vde.com/en/advisories/VDE-2023-066
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-44297
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description:
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.
References: https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability
CWE-ID: CWE-1234
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-45084
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 0.7
Impact Score: 5.8
Description: An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
References: https://advisories.softiron.cloud
CWE-ID: CWE-820
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-6448
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system.
References: https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
CWE-ID: CWE-1188
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 05-06, 2023.
During this period, The National Vulnerability Database published 138, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 53
Medium: 39
Low: 6
Severity Not Assigned: 32
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-49291
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/tj-actions/branch-names/commit/4923d1ca41f928c24f1c1b3af9daaadfb71e6337
https://github.com/tj-actions/branch-names/commit/6c999acf206f5561e19f46301bb310e9e70d8815
https://github.com/tj-actions/branch-names/commit/726fe9ba5e9da4fcc716223b7994ffd0358af060
https://github.com/tj-actions/branch-names/security/advisories/GHSA-8v8w-v8xg-79rf
https://securitylab.github.com/research/github-actions-untrusted-input
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-5808
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).
References: https://support.hitachivantara.com/
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-rj6h-jjg2-7gf3
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-48316
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-48691
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48692
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/netxduo/security/advisories/GHSA-m2rx-243p-9w64
CWE-ID: CWE-787 CWE-825
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-48693
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/threadx/security/advisories/GHSA-p7w6-62rq-vrf9
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-48695
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 5.8
Description: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-28546
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory Corruption in SPS Application while exporting public key in sorter TA.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-28550
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in MPP performance while accessing DSM watermark using external memory address.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-28551
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-28585
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Memory corruption while loading an ELF segment in TEE Kernel.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-28587
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-28588
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Bluetooth Host while rfc slot allocation.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-33017
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-33018
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption while using the UIM diag command to get the operators name.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-33022
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in HLOS while invoking IOCTL calls from user-space.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-33041
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-33042
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Modem after RRC Setup message is received.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-33043
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-33044
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in Data modem while handling TLB control messages from the Network.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-33053
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Kernel while parsing metadata.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-33054
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-33063
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in DSP Services during a remote call from HLOS to DSP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-33070
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-33071
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-33079
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Audio while running invalid audio recording from ADSP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-33080
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-33081
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-33082
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-33083
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Memory corruption in WLAN Host while processing RRM beacon on the AP.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-33087
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Memory corruption in Core while processing RX intent request.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-33088
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption when processing cmd parameters while parsing vdev.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-33089
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS when processing a NULL buffer while parsing WLAN vdev.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-33092
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-33097
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS in WLAN Firmware while processing a FTMR frame.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-33098
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-33106
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-33107
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
References: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-42560
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-42561
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-42565
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.3
Description: Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-42566
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-42567
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-42571
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-42580
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-42581
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-39248
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-os10-security-updates-for-uncontrolled-resource-consumption
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-44288
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.
References: https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities
CWE-ID: CWE-664
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-5188
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.
References: https://cert.vde.com/en/advisories/VDE-2023-044/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-6269
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An argument injection vulnerability has been identified in the
administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an
unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain
access as an arbitrary (administrative) user.
References: https://networks.unify.com/security/advisories/OBSO-2310-01.pdf
https://r.sec-consult.com/unifyroot
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-43608
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-45838
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-45839
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-45840
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
56. CVE-2023-45841
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
57. CVE-2023-45842
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
58. CVE-2023-6357
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
References: https://https://cert.vde.com/en/advisories/VDE-2023-066
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
59. CVE-2023-44297
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description:
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.
References: https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability
CWE-ID: CWE-1234
Common Platform Enumerations (CPE): Not Found
60. CVE-2023-45084
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 0.7
Impact Score: 5.8
Description: An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
References: https://advisories.softiron.cloud
CWE-ID: CWE-820
Common Platform Enumerations (CPE): Not Found
61. CVE-2023-6448
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system.
References: https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
CWE-ID: CWE-1188
Common Platform Enumerations (CPE): Not Found