This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
https://nvd.nist.gov/vuln/detail/CVE-2023-26359
2. CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
https://nvd.nist.gov/vuln/detail/CVE-2023-26360
3. CVE-2023-29360
Windows TPM Device Driver Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-29360
4. CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
5. CVE-2022-42475
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
https://nvd.nist.gov/vuln/detail/CVE-2022-42475
6. CVE-2023-32434
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
https://nvd.nist.gov/vuln/detail/CVE-2023-32434
7. CVE-2023-32435
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
https://nvd.nist.gov/vuln/detail/CVE-2023-32435
8. CVE-2023-29336
Win32k Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-29336
9. CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.
https://nvd.nist.gov/vuln/detail/CVE-2023-33568
10. CVE-2022-38005
Windows Print Spooler Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-38005