Customer portal
Articles Tagged with

CVE intelligence

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 September 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36802

 


 

2. CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

 


 

3. CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

 


 

4. CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

5. CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

https://nvd.nist.gov/vuln/detail/CVE-2022-47522

 


 

6. CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to control certain, important environments variables.

Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

* All versions prior to 21.4R3-S5;
* 22.1 versions

prior to

22.1R3-S4;
* 22.2 versions

prior to

22.2R3-S2;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3-S1;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.

https://nvd.nist.gov/vuln/detail/CVE-2023-36845

 


 

7. CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

https://nvd.nist.gov/vuln/detail/CVE-2021-3493

 


 

8. CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions

prior to

21.3R3-S5;
* 21.4 versions

prior to

21.4R3-S4;
* 22.1 versions

prior to

22.1R3-S3;
* 22.2 versions

prior to

22.2R3-S1;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3.

https://nvd.nist.gov/vuln/detail/CVE-2023-36846

 


 

9. CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

 


 

10. CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions

prior to

21.3R3-S5;
* 21.4 versions

prior to

21.4R3-S4;
* 22.1 versions

prior to

22.1R3-S3;
* 22.2 versions

prior to

22.2R3-S1;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3.

https://nvd.nist.gov/vuln/detail/CVE-2023-36847

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 September 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

 


 

2. CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

 


 

3. CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

 


 

4. CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

5. CVE-2023-33308

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-33308

 


 

6. CVE-2022-29455

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.

https://nvd.nist.gov/vuln/detail/CVE-2022-29455

 


 

7. CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

 


 

8. CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

 


 

9. CVE-2023-41064

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

https://nvd.nist.gov/vuln/detail/CVE-2023-41064

 


 

10. CVE-2018-13379

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 September 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

 


 

2. CVE-2016-10555

Since “algorithm” isn’t enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA’s public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

https://nvd.nist.gov/vuln/detail/CVE-2016-10555

 


 

3. CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

https://nvd.nist.gov/vuln/detail/CVE-2023-34039

 


 

4. CVE-2023-24488

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-24488

 


 

5. CVE-2023-29298

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-29298

 


 

6. CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

 


 

7. CVE-2023-23752

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-23752

 


 

8. CVE-2023-29300

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-29300

 


 

9. CVE-2023-28121

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-28121

 


 

10. CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20593

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 September 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

 


 

2. CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

https://nvd.nist.gov/vuln/detail/CVE-2012-3716

 


 

3. CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

 


 

4. CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application’s response. This could be used to interact with hosts on the server’s local network bypassing firewalls and access control measures.

https://nvd.nist.gov/vuln/detail/CVE-2022-1386

 


 

5. CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

 


 

6. CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

 


 

7. CVE-2020-9375

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

https://nvd.nist.gov/vuln/detail/CVE-2020-9375

 


 

8. CVE-2020-10884

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

https://nvd.nist.gov/vuln/detail/CVE-2020-10884

 


 

9. CVE-2017-13772

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

https://nvd.nist.gov/vuln/detail/CVE-2017-13772

 


 

10. CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 August 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

 


 

2. CVE-2023-36874

Windows Error Reporting Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36874

 


 

3. CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

 


 

4. CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

 


 

5. CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application’s response. This could be used to interact with hosts on the server’s local network bypassing firewalls and access control measures.

https://nvd.nist.gov/vuln/detail/CVE-2022-1386

 


 

6. CVE-2019-0708

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

 


 

7. CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

 


 

8. CVE-2020-10883

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

https://nvd.nist.gov/vuln/detail/CVE-2020-10883

 


 

9. CVE-2021-34480

Scripting Engine Memory Corruption Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-34480

 


 

10. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 August 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

 


 

2. CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

 


 

3. CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

https://nvd.nist.gov/vuln/detail/CVE-2022-1388

 


 

4. CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

https://nvd.nist.gov/vuln/detail/CVE-2022-40982

 


 

5. CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:…@ inside a quoting construct (dollar quoting, ”, or “”). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

https://nvd.nist.gov/vuln/detail/CVE-2023-39417

 


 

6. CVE-2023-20569

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20569

 


 

7. CVE-2021-34473

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

8. CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

 


 

9. CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via “su – user -c program”. The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

https://nvd.nist.gov/vuln/detail/CVE-2005-4890

 


 

10. CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

https://nvd.nist.gov/vuln/detail/CVE-2021-43008

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 August 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

 


 

2. CVE-2017-13772

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

https://nvd.nist.gov/vuln/detail/CVE-2017-13772

 


 

3. CVE-2020-10882

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

https://nvd.nist.gov/vuln/detail/CVE-2020-10882

 


 

4. CVE-2020-9375

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

https://nvd.nist.gov/vuln/detail/CVE-2020-9375

 


 

5. CVE-2020-10883

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

https://nvd.nist.gov/vuln/detail/CVE-2020-10883

 


 

6. CVE-2020-10884

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.

https://nvd.nist.gov/vuln/detail/CVE-2020-10884

 


 

7. CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20593

 


 

8. CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

https://nvd.nist.gov/vuln/detail/CVE-2021-26855

 


 

9. CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

https://nvd.nist.gov/vuln/detail/CVE-2017-12149

 


 

10. CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

https://nvd.nist.gov/vuln/detail/CVE-2022-48194

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 August 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

https://nvd.nist.gov/vuln/detail/CVE-2019-19781

 


 

2. CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

 


 

3. CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)

https://nvd.nist.gov/vuln/detail/CVE-2021-40524

 


 

4. CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

https://nvd.nist.gov/vuln/detail/CVE-2021-36260

 


 

5. CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20593

 


 

6. CVE-2021-34473

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

7. CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

https://nvd.nist.gov/vuln/detail/CVE-2009-1151

 


 

8. CVE-2018-9995

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

https://nvd.nist.gov/vuln/detail/CVE-2018-9995

 


 

9. CVE-2023-77101

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-77101

 


 

10. CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

https://nvd.nist.gov/vuln/detail/CVE-2001-0797

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 31 July 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

 


 

2. CVE-2021-36260

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin” header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

https://nvd.nist.gov/vuln/detail/CVE-2021-36260

 


 

3. CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin” header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

https://nvd.nist.gov/vuln/detail/CVE-2018-9995

 


 

4. CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

 


 

5. CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2019-11043

 


 

6. CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20593

 


 

7. CVE-2023-77101

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-77101

 


 

8. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

9. CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

10. CVE-2023-34362

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

https://nvd.nist.gov/vuln/detail/CVE-2023-34362

 


"SOS
Flash Alert

Flash Alert – CVEs of note being exploited in the wild

We have identified several CVEs of note currently being exploited and representing significant risks to the security of computer networks and systems.

CVE-2023-34478, Apache Shiro

Apache Shiro is an open-source software security structure, that conducts authentication, authorisation, cryptography and session management.

A vulnerability has been identified that increases susceptibility to a path traversal attack. This could result in the bypassing of authentication when used with APIs or similar frameworks. This would therefore put any data stored outside the web root folder at risk of unauthorised access

The vulnerability impacts versions of Apache Shiro before 1.12.0 or 2.0.0-alpha-3. Apache recommends upgrading to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ to resolve this.

CVE-2022-41352, Zimbra ZCS

A Remote Code Execution (RCE) vulnerability identified in Zimbra’s collaborative software suite in October 2022 continues to be exploited.

The exploit targets a vulnerability in Zimbra’s inbuilt antivirus engine, Amavis, as it scans inbound mail. By sending an email containing a .cpio file, attackers can extract the malicious payload while Amavis scans the email. By using cpio an attacker can write to any path on the filesystem that the victim user can access.

ZCS 9.0.0 Patch 27 was released to address this issue. It is recommended to ensure all patches of ZCS are installed to maintain device and network security.

CVE-2023-26360, Adobe ColdFusion

A vulnerability in Adobe ColdFusion (2018 Update 15 (and earlier) and 2021 Update 5 (and earlier)) could allow a threat actor to execute code, in the context of the user of the impacted device, and may also result in memory leak. Such an exploit does not require any user interaction from the victim user.

Adobe has pushed updates for these versions (Update 16 and Update 6 respectively) which address the issue. It is recommended that Coldfusion JDK/JRE is also updated to the latest release in order to secure vulnerable servers. Finally, users should apply Adobe’s Lockdown guidance for Coldfusion.

CVE-2023-35078, Ivanti Endpoint Manager

A new vulnerability has been identified in Ivanti’s Endpoint Manager Mobile (EPMM), AKA MobileIron Core. The vulnerability impacts all current versions of the product, with older versions/releases also being at risk.

When exploited, the vulnerability allows any internet-facing threat actor unauthorised remote access to the victim’s Personally Identifiable Information (PII), and make limited changes to the targeted server.

A patch has been released and can be obtained from Ivanti’s Knowledge Base.

CVE-2023-38408, OpenSSH 9.3p2 and below

A vulnerability has been found in Open SSH. The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.)

Remote exploitation requires that the agent was forwarded to an attacker-controlled system. The following could be applied, which may mitigate risks:

Exploitation can be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P ”) or by configuring an allowlist that contains only specific provider libraries.
Disabling agent forwarding or restricting ssh-agent options.
Adjusting the ssh-agent.service file ExecStart to disable PKCS11 modules

1 2 5 6 7 8 9 12 13
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound