Google Chrome, the most widely used web browser, faces a type confusion vulnerability (CVE-2023-2033). Google has addressed the vulnerability with the latest version of Chrome. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has mentioned in the advisory that they are aware of active exploitation of this vulnerability in … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)”
Author: Diksha Ojha
vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)
vm2 has released a patch for a critical severity vulnerability (CVE-2023-29017) with a CVSS score of 9.8. Korea Advanced Institute of Science and Technology (KAIST) WSP Lab has discovered the vulnerability. The vulnerability originates from improper input handling of host objects. A proof-of-concept exploit has been made public on GitHub, explaining the severity and … Continue reading “vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)”
Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products
Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”
Microsoft Patch Tuesday April 2023 Security Update Review
Microsoft released security updates to address 114 vulnerabilities in the April Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s know more about this month’s Patch Tuesday details. Microsoft Patch Tuesday for April 2023 Microsoft has addressed 114 vulnerabilities in this month’s Security Update, including 15 Microsoft Edge … Continue reading “Microsoft Patch Tuesday April 2023 Security Update Review”
Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)
Apple has released patches of two zero-day vulnerabilities in macOS Ventura. Apple has mentioned in the advisory that they are aware of the issues being exploited in the wild. The vulnerabilities are assigned with CVE-2023-28206 and CVE-2023-28205. Both vulnerabilities are discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty … Continue reading “Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)”
3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)
3CX Desktop Application is currently facing ongoing multi-stage Supply Chain attacks targeted at the company’s customers. The hacker groups have used the trojanized Voice Over Internet Protocol (VOIP) desktop client to stage the attacks. The vulnerability has been termed “SmoothOperator.” The vulnerability has been assigned with CVE-2023-29059. Post exploitation, attackers can spawn an interactive command shell and … Continue reading “3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)”
Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)
Veeam has patched a high-severity vulnerability in its Veeam Backup & Replication product. Assigned with CVE-2023-27532, the vulnerability may allow an unauthenticated attacker to execute arbitrary code remotely. The proof-of-concept (PoC) for this vulnerability is publicly available. Markus Wulftange, a security researcher at CODE WHITE GmbH, has published the PoC. CISA has added … Continue reading “Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)”
Apache Patches HTTP Request Splitting Vulnerabilities in its HTTP Server (CVE-2023-25690 and CVE-2023-27522)
Apache has released a new HTTP Server version to address two security flaws; CVE-2023-25690 and CVE-2023-27522. The vulnerabilities may allow an attacker to perform HTTP smuggling attacks on a vulnerable server. On successful exploitation, these vulnerabilities could result in information disclosure and enable attackers to execute further attacks. The Apache HTTP Server, also called … Continue reading “Apache Patches HTTP Request Splitting Vulnerabilities in its HTTP Server (CVE-2023-25690 and CVE-2023-27522)”
The March 2023 Patch Tuesday Security Update Review
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss the security updates. Microsoft Patches for March 2023 Microsoft has addressed 101 vulnerabilities in the month of March, including 22 Microsoft Edge (Chromium-based) vulnerabilities. Microsoft has … Continue reading “The March 2023 Patch Tuesday Security Update Review”
Jenkins Server Cross-Site Scripting (XSS) Vulnerability (CVE-2023-27898)
Researchers from Aqua Nautilus have identified a series of flaws in the widely used Jenkins Server and Update Center that they have termed CorePlague (CVE-2023-27898 and CVE-2023-27905). An unauthenticated attacker might be able to execute arbitrary code on the victim’s Jenkins server by exploiting these vulnerabilities. Successful exploitation could result in a complete compromise of … Continue reading “Jenkins Server Cross-Site Scripting (XSS) Vulnerability (CVE-2023-27898)”
