CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
Standard users may use this to gain arbitrary code execution as SYSTEM. • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVE-2023-48699 – fastbots Eval Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-48699
fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above. fastbots es una librería para el desarrollo rápido de robots y raspadores utilizando selenio y el diseño de Page Object Model (POM). Antes de la versión 0.1.5, un atacante podía modificar el archivo localizador locators.ini con código Python que sin la validación adecuada se ejecutaba y podría provocar rce. • https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57 https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806 https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2023-6248 – Data leakage and arbitrary remote code execution in Syrus cloud devices
https://notcve.org/view.php?id=CVE-2023-6248
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts ) La puerta de enlace Syrus4 IoT utiliza un servidor MQTT no seguro para descargar y ejecutar comandos arbitrarios, lo que permite a un atacante remoto no autenticado ejecutar código en cualquier dispositivo Syrus4 conectado al servicio en la nube. El servidor MQTT también filtra la ubicación, el video y los datos de diagnóstico de cada dispositivo conectado. Un atacante que conoce la dirección IP del servidor puede conectarse y realizar las siguientes operaciones: * Obtener datos de ubicación del vehículo al que está conectado el dispositivo * Enviar mensajes del bus CAN a través del módulo ECU (https://syrus.digitalcomtech. com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Inmovilice el vehículo mediante el módulo inmovilizador seguro ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization) * Obtenga video en vivo a través de la cámara de video conectada * Envíe mensajes de audio al conductor (https://syrus.digitalcomtech.com/ docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts) • https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-48226 – OpenReplay HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-48226
OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. • https://bugcrowd.com/vulnerability-rating-taxonomy https://capec.mitre.org/data/definitions/242.html https://cwe.mitre.org/data/definitions/20.html https://github.com/openreplay/openreplay/blob/main/api/chalicelib/utils/html/invitation.html#L421 https://github.com/openreplay/openreplay/security/advisories/GHSA-xpfv-454c-3fj4 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-6235 – Arbitrary code execution in Duet Display
https://notcve.org/view.php?id=CVE-2023-6235
An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code. Se ha encontrado una vulnerabilidad de elemento de ruta de búsqueda no controlada en el producto Duet Display, que afecta a la versión 2.5.9.1. Un atacante podría colocar un archivo libusk.dll arbitrario en el directorio C:\Users\user\AppData\Local\Microsoft\WindowsApps\, lo que podría provocar la ejecución y persistencia de código arbitrario. • https://www.incibe.es/en/incibe-cert/notices/aviso/arbitrary-code-execution-duet-display • CWE-427: Uncontrolled Search Path Element •