In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 10-11, 2024.
During this period, The National Vulnerability Database published 180, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 23
Medium: 49
Low: 0
Severity Not Assigned: 103
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0359
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.
References: https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf
https://vuldb.com/?ctiid.250126
https://vuldb.com/?id.250126
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21643
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
References: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48243
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-48250
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-48251
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48252
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-48253
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-48257
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-1391
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-48262
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-48263
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-48264
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-48265
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-48266
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-41056
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
References: https://github.com/redis/redis/releases/tag/7.0.15
https://github.com/redis/redis/releases/tag/7.2.4
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
CWE-ID: CWE-190 CWE-762
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-45139
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.
References: https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c
https://github.com/fonttools/fonttools/releases/tag/4.43.0
https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47861
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-47862
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-48728
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-48730
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-49589
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-49599
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900
CWE-ID: CWE-331
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-49738
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-49810
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to bruteforce users credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-44250
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
References: https://fortiguard.com/psirt/FG-IR-23-315
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46712
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
References: https://fortiguard.com/psirt/FG-IR-23-395
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-29445
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
https://www.ptc.com/en/support/article/cs399528
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-21638
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
References: https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f
https://github.com/Azure/ipam/pull/218
https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
28. CVE-2022-45794
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card.
References: https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 10-11, 2024.
During this period, The National Vulnerability Database published 180, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 23
Medium: 49
Low: 0
Severity Not Assigned: 103
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0359
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.
References: https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf
https://vuldb.com/?ctiid.250126
https://vuldb.com/?id.250126
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21643
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
References: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48243
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-48250
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-48251
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48252
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-48253
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-48257
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-1391
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-48262
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-48263
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-48264
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-48265
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-48266
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-41056
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
References: https://github.com/redis/redis/releases/tag/7.0.15
https://github.com/redis/redis/releases/tag/7.2.4
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
CWE-ID: CWE-190 CWE-762
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-45139
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.
References: https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c
https://github.com/fonttools/fonttools/releases/tag/4.43.0
https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47861
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-47862
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-48728
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-48730
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-49589
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-49599
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900
CWE-ID: CWE-331
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-49738
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-49810
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to bruteforce users credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-44250
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
References: https://fortiguard.com/psirt/FG-IR-23-315
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46712
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
References: https://fortiguard.com/psirt/FG-IR-23-395
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-29445
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/
https://www.ptc.com/en/support/article/cs399528
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-21638
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
References: https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f
https://github.com/Azure/ipam/pull/218
https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
28. CVE-2022-45794
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card.
References: https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-002_en.pdf
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found