Multiple versions of GitLab Enterprise Edition (EE) are affected by critical vulnerability. Tracked as CVE-2023-5009, the vulnerability may allow an attacker to access confidential data or utilize the impersonated user’s elevated permissions to change the source code or launch arbitrary code on the system. Security researcher Johan Carlsson has discovered the vulnerability and reported it … Continue reading “GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)
Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”
Microsoft Patch Tuesday, September 2023 Security Update Review
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-based) in multiple products, features, and roles. Microsoft Patch Tuesday for September 2023 Microsoft has addressed two zero-day publicly exploited vulnerabilities fixed in this month’s updates. Five of these 66 vulnerabilities are rated as Critical and … Continue reading “Microsoft Patch Tuesday, September 2023 Security Update Review”
Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)
Google has released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Tracked as CVE-2023-4863, the CVE has been rated critical by Google. Google is aware of the active exploitation of the vulnerability. CVE-2023-4863 is a Heap Buffer Overflow vulnerability in WebP image format. The vulnerability may allow an attacker … Continue reading “Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)”
Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)
The Citizen Lab at The University of Torontoʼs Munk School has discovered two critical severity vulnerabilities in Apple macOS Ventura, iOS, and iPadOS. Tracked as CVE-2023-41064 and CVE-2023-41061, the vulnerabilities may allow an attacker to perform arbitrary code execution. Apple is aware of the active exploitation of these vulnerabilities. The Citizen Lab has mentioned in … Continue reading “Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)”
Cacti Unauthenticated SQL Injection Vulnerability (CVE-2023-39361)
Cacti, a widely used operational monitoring tool, is vulnerable to a SQL injection flaw that may allow an attacker to perform code execution on successful exploitation. CVE-2023-39361 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an unauthenticated user to execute arbitrary code on a Cacti server if a … Continue reading “Cacti Unauthenticated SQL Injection Vulnerability (CVE-2023-39361)”
CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)
Apache RocketMQ servers have a vulnerability that attackers were exploiting. CVE-2023-33246 is a critical severity vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Security researchers at Juniper Threat Labs have recently reported the exploitation of the vulnerability by DreamBus botnet malware. CISA has acknowledged its active exploitation by adding … Continue reading “CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)”
Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution
Notepad++ is vulnerable to multiple buffer overflow vulnerabilities that may allow attackers to execute arbitrary code on target systems. The CVEs are being tracked as CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, and CVE-2023-40166. These vulnerabilities’ severity ratings and CVSS scores range from 5.5 (Medium) to 7.8 (High). Jaroslav Lobačevski discovered the vulnerabilities from GHSL. Don Ho developed Notepad++. … Continue reading “Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution”