VMware has released a security advisory to address multiple critical vulnerabilities affecting Aria Operations for Networks (formerly vRealize Network Insight). CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889 have been given Critical and Important Severity ratings with CVSS scores of 9.8, 9.1, and 8.8, respectively. Successful exploitation of these vulnerabilities may allow an attacker to perform command injection and/or … Continue reading “VMware Patched Multiple Critical Vulnerabilities in Aria Operations for Networks (CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889)”
Author: Diksha Ojha
Microsoft Patch Tuesday, June 2023 Security Update Review
Microsoft has released June’s edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for June 2023 No zero-day vulnerabilities known to be exploited in the wild have been fixed in this month’s Patch Tuesday edition. Six of these 94 vulnerabilities are rated … Continue reading “Microsoft Patch Tuesday, June 2023 Security Update Review”
Critical SQL Injection Vulnerability in MOVEit Managed File Transfer Web Application (CVE-2023-35036)
Multiple MOVEit Managed File Transfer Web Application versions face SQL Injection vulnerability (CVE-2023-35036). Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. MOVEit has accredited Cybersecurity firm Huntress for discovering the vulnerability. MOVEit Transfer is a managed file transfer (MFT) solution available in an on-premises … Continue reading “Critical SQL Injection Vulnerability in MOVEit Managed File Transfer Web Application (CVE-2023-35036)”
Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)
Cisco has released patches to address a high-severity vulnerability, CVE-2023-20178, that affects the Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software. Filip Dragovic reported the vulnerability. On successful exploitation, the vulnerability may allow attackers to escalate privileges to those of the SYSTEM. No evidence is available to show the public exploitation of … Continue reading “Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)”
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)
Cisco has addressed privilege escalation vulnerabilities that affect Cisco Expressway Series and Cisco TelePresence Video Communication Server. CVE-2023-20105 and CVE-2023-20192 have been given Critical and High severity ratings with a CVSS score of 9.6 and 8.4, respectively. CVE-2023-20105 was encountered during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG). CVE-2023-20105 … Continue reading “Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)”
Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)
Google released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Google has given CVE-2023-3079 a high severity rating. The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group. Google is aware of the active exploitation of the vulnerability. The advisory provides no information regarding the other vulnerability … Continue reading “Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)
GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via … Continue reading “GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)”
Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)
Apple has released security advisories to address three zero-day vulnerabilities exploited in attacks against iPhones, Macs, and iPads. The vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) exist in the browser engine WebKit. Apple has mentioned in the advisory that reports suggesting the vulnerabilities (CVE-2023-32409, CVE-2023-28204, & CVE-2023-32373) may have been actively exploited. Along with three zero-day vulnerabilities, … Continue reading “Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)”
Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches
Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device. Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated … Continue reading “Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches”
