Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s guide you through this month’s Patch Tuesday details. Microsoft Patch Tuesday for May 2023 Microsoft has also addressed two zero-day vulnerabilities known to be exploited in the wild. Six of these 49 vulnerabilities … Continue reading “Microsoft Patch Tuesday, May 2023 Security Update Review”
Author: Diksha Ojha
Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)
Apache has released a patch to address a session validation vulnerability in Superset. CVE-2023-27524 has been rated as high, with a CVSS score of 8.9. On successful exploitation, the vulnerability may allow an attacker to authenticate and access unauthorized resources and execute arbitrary code on the target system. On January 8, 2024, CISA added the … Continue reading “Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)”
VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)
VMware has released a security advisory to address four vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872). Out of this, two vulnerabilities can be chained to perform remote code execution on the vulnerable Workstation and Fusion software hypervisors. On the second day of the Pwn2Own Vancouver 2023 hacking competition, the security researchers from the STAR Labs team … Continue reading “VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)”
PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)
PaperCut, a print manager software, has a remote code execution vulnerability that is being actively exploited. CVE-2023-27350 has been rated as critical with a CVSS Base Score of 9.8. Successful exploitation of the vulnerability allows unauthenticated attackers to perform remote code execution to compromise the vulnerable PaperCut application server. The vendor mentioned in the advisory … Continue reading “PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)”
Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)
Google has released updates to address six vulnerabilities in its Chrome browser. One of the six vulnerabilities ( CVE-2023-2136) is being exploited in the wild. Google has mentioned in the advisory that “an exploit for CVE-2023-2136 exists in the wild.” CVE-2023-2136 is the second zero-day vulnerability in the Chrome browser addressed by Google. Google … Continue reading “Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)”
Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)
Two critical vulnerabilities affecting its JavaScript Sandbox Library are addressed by vm2. Both the vulnerabilities CVE-2023-29199 and CVE-2023-30547 are given a CVSS score of 9.8. Successful exploitation of these vulnerabilities may allow an attacker to perform remote code execution. Seung Hyun Lee) of KAIST Hacking Lab has discovered the vulnerabilities and released proof-of-concept (PoC) (CVE-2023-29199 … Continue reading “Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)”
Oracle Patch Tuesday April 2023 Security Update Review
Oracle has released the April edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products. During Q2 2023 Oracle Critical Patch Update, the Oracle Communications product … Continue reading “Oracle Patch Tuesday April 2023 Security Update Review”
Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)
Google Chrome, the most widely used web browser, faces a type confusion vulnerability (CVE-2023-2033). Google has addressed the vulnerability with the latest version of Chrome. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has mentioned in the advisory that they are aware of active exploitation of this vulnerability in … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)”
vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)
vm2 has released a patch for a critical severity vulnerability (CVE-2023-29017) with a CVSS score of 9.8. Korea Advanced Institute of Science and Technology (KAIST) WSP Lab has discovered the vulnerability. The vulnerability originates from improper input handling of host objects. A proof-of-concept exploit has been made public on GitHub, explaining the severity and … Continue reading “vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)”
Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products
Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”