Home

2023年03月の脆弱性

誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》

今月話題になった脆弱性まとめ

CVE-2020-5741

Description from NVD

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Information Acquisition Date:2023/04/01
CVSS 2.0: 6.5 MEDIUM CVSS 3.x: 7.2 HIGH

Highest Score:108 (2023/03/16)

脆弱性情報:Har-sia CVE-2020-5741


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-39144

Description from NVD

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Information Acquisition Date:2023/04/01
CVSS 2.0: 6.0 MEDIUM CVSS 3.x: 8.5 HIGH
This vulnerability may involve a PoC.

Highest Score:108 (2023/03/16)

脆弱性情報:Har-sia CVE-2021-39144


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2022-41328

Description from NVD

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 7.1 HIGH

Highest Score:34 (2023/03/14)

脆弱性情報:Har-sia CVE-2022-41328


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-20078

Description from NVD

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

Highest Score:38 (2023/03/02)

脆弱性情報:Har-sia CVE-2023-20078


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-21716

Description from NVD

Microsoft Word Remote Code Execution Vulnerability

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL
This vulnerability may involve a PoC.

Description from Forti

Microsoft Word Remote Code Execution Vulnerability

Information Acquisition Date:2023/03/08

Affected Products

Impact

Recommended Actions

References


Highest Score:86 (2023/03/07)

脆弱性情報:Har-sia CVE-2023-21716


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-23397

Description from NVD

Microsoft Outlook Elevation of Privilege Vulnerability

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL
This vulnerability may involve a PoC.

Highest Score:313 (2023/03/16)

脆弱性情報:Har-sia CVE-2023-23397


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-23529

Description from NVD

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 8.8 HIGH

Highest Score:141 (2023/02/14)

脆弱性情報:Har-sia CVE-2023-23529


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-24880

Description from NVD

Windows SmartScreen Security Feature Bypass Vulnerability

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 4.4 MEDIUM

Highest Score:70 (2023/03/15)

脆弱性情報:Har-sia CVE-2023-24880


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-25610


Highest Score:65 (2023/03/09)

脆弱性情報:Har-sia CVE-2023-25610


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-27532

Description from NVD

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 7.5 HIGH
This vulnerability may involve a PoC.

Highest Score:44 (2023/03/10)

脆弱性情報:Har-sia CVE-2023-27532


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2023-28432

Description from NVD

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

Information Acquisition Date:2023/04/01
CVSS 2.0: 0.0 None CVSS 3.x: 7.5 HIGH
This vulnerability may involve a PoC.

Highest Score:38 (2023/03/24)

脆弱性情報:Har-sia CVE-2023-28432


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


計11件

Tweet