The SonicWall Threat research team has discovered an authentication bypass vulnerability in Apache OFBiz, a Java-based web framework. Tracked as CVE-2023-51467, the vulnerability has a critical severity rating with a CVSS score of 9.8. An attacker who exploits the vulnerability may bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). A security researcher at … Continue reading “Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)”
SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385)
SSH ProxyCommand is vulnerable to a code execution flaw, CVE-2023-51385, that may allow an attacker to perform shell injection on vulnerable servers.
SSH Prefix Truncation Vulnerability Used in Terrapin Attacks (CVE-2023-48795)
Academic researchers have discovered a vulnerability in SSH cryptographic network protocol that can be used in an attack called Terrapin, a prefix truncation attack. Tracked as CVE-2023-48795, the vulnerability allows attackers to lower the security of established connections by truncating the extension negotiation message.
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2023-7024)
Google has released a patch to address a high-severity vulnerability in the Chrome browser. Tracked as CVE-2023-7024, the vulnerability is being exploited in the wild. CVE-2023-7024 is a heap-based buffer overflow vulnerability in the open-source WebRTC framework. Many other web browsers, such as Mozilla Firefox, Safari, and Microsoft Edge, also use the WebRTC framework to … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2023-7024)”
WordPress Backup Migration Plugin Remote Code Execution Vulnerability (CVE-2023-6553)
WordPress has released security updates to address a critical severity vulnerability Backup Migration Plugin. Tracked as CVE-2023-6553, the vulnerability may allow unauthenticated attackers to inject arbitrary PHP code, resulting in an entire site compromise. The vulnerability has been given a CVSS score of 9.8. The Nex Team has discovered the vulnerability and reported it to WordPress … Continue reading “WordPress Backup Migration Plugin Remote Code Execution Vulnerability (CVE-2023-6553)”
pfSense Releases Patch to Address Multiple Vulnerabilities (CVE-2023-42325, CVE-2023-42326, & CVE-2023-42327)
pfSense, an open-source firewall solution by Netgate, is vulnerable to command injection and cross-site scripting vulnerabilities tracked as CVE-2023-42325, CVE-2023-42327, & CVE-2023-42326. The vulnerabilities may lead to remote code execution when chained together. Oskar Zeino-Mahmalat of SonarSource has discovered and reported the vulnerabilities. pfSense computer software distribution based on FreeBSD. The firewall software helps with … Continue reading “pfSense Releases Patch to Address Multiple Vulnerabilities (CVE-2023-42325, CVE-2023-42326, & CVE-2023-42327)”
Microsoft Patch Tuesday, December 2023 Security Update Review
Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for December 2023 In this month’s Patch Tuesday edition, Microsoft has addressed 42 vulnerabilities. This month’s … Continue reading “Microsoft Patch Tuesday, December 2023 Security Update Review”
WordPress Releases Patch for Critical Remote Code Execution Vulnerability
Multiple versions of WordPress are affected by a remote code execution vulnerability. An attacker may chain the vulnerability with another vulnerability to run arbitrary PHP code on the target website.
Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)
Apache Struts, an open-source Model-View-Controller (MVC) framework, is vulnerable to a critical vulnerability that may lead to remote code execution. Tracked as CVE-2023-50164, the vulnerability has been addressed with security updates released by Apache.
Atlassian Patches Critical Vulnerabilities in Multiple Products (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, & CVE-2023-22524)
Atlassian has released security updates to address four critical vulnerabilities tracked as CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, and CVE-2023-22524. On successful exploitation, all four vulnerabilities allow remote code execution. The vulnerabilities affect products, including Confluence, Jira, Bitbucket servers, and a companion app for macOS. Atlassian has not warned about the active exploitation of any of the vulnerabilities.
