This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
https://nvd.nist.gov/vuln/detail/CVE-2019-19781
2. CVE-2023-3519
Unauthenticated remote code execution
https://nvd.nist.gov/vuln/detail/CVE-2023-3519
3. CVE-2021-40524
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
https://nvd.nist.gov/vuln/detail/CVE-2021-40524
4. CVE-2021-36260
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
https://nvd.nist.gov/vuln/detail/CVE-2021-36260
5. CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
https://nvd.nist.gov/vuln/detail/CVE-2023-20593
6. CVE-2021-34473
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’.
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
7. CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
https://nvd.nist.gov/vuln/detail/CVE-2009-1151
8. CVE-2018-9995
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
https://nvd.nist.gov/vuln/detail/CVE-2018-9995
9. CVE-2023-77101
N/A
https://nvd.nist.gov/vuln/detail/CVE-2023-77101
10. CVE-2001-0797
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
https://nvd.nist.gov/vuln/detail/CVE-2001-0797