Customer portal
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 15 January 2024

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-51467

Pre-auth RCE in Apache Ofbiz 18.12.09.

It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10. 
Users are recommended to upgrade to version 18.12.10

https://nvd.nist.gov/vuln/detail/CVE-2023-51467

 


 

2. CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09.

It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10. 
Users are recommended to upgrade to version 18.12.10

https://nvd.nist.gov/vuln/detail/CVE-2023-49070

 


 

3. CVE-2016-10509

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

https://nvd.nist.gov/vuln/detail/CVE-2016-10509

 


 

4. CVE-2018-13067

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

https://nvd.nist.gov/vuln/detail/CVE-2018-13067

 


 

5. CVE-2018-11494

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

https://nvd.nist.gov/vuln/detail/CVE-2018-11494

 


 

6. CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

 


 

7. CVE-2020-20491

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

https://nvd.nist.gov/vuln/detail/CVE-2020-20491

 


 

8. CVE-2023-47444

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

https://nvd.nist.gov/vuln/detail/CVE-2023-47444

 


 

9. CVE-2023-5360

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

https://nvd.nist.gov/vuln/detail/CVE-2023-5360

 


 

10. CVE-2023-46747

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

https://nvd.nist.gov/vuln/detail/CVE-2023-46747

 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound