This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-23397
2. CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
https://nvd.nist.gov/vuln/detail/CVE-2023-48122
3. CVE-2023-32243
Microsoft Outlook Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-32243
4. CVE-2023-42326
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
https://nvd.nist.gov/vuln/detail/CVE-2023-42326
5. CVE-2023-42327
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
https://nvd.nist.gov/vuln/detail/CVE-2023-42327
6. CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
https://nvd.nist.gov/vuln/detail/CVE-2023-32315
7. CVE-2023-42325
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
https://nvd.nist.gov/vuln/detail/CVE-2023-42325
8. CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
https://nvd.nist.gov/vuln/detail/CVE-2023-6553
9. CVE-2023-50164
Microsoft Outlook Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-50164
10. CVE-2009-0658
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2009-0658