CISA has also acknowledged the active exploitation of two vulnerabilities in the Apple WebKit browser engine. CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog and requested users to patch it before Dec 25, 2023. Clément Lecigne of Google’s Threat Analysis Group has discovered the CVE-2023-42916 and CVE-2023-42917. Apple, in its advisory, has mentioned … Continue reading “CISA Added Two WebKit Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-42916 & CVE-2023-42917)”
OwnCloud Sensitive Information Disclosure Vulnerability (CVE-2023-49103)
OwnCloud, an open-source file sync and share solution, is vulnerable to an information disclosure vulnerability tracked as CVE-2023-49103. The vulnerability has a critical severity rating and the highest CVSS score of 10. On successful exploitation, an unauthorized attacker may expose sensitive information.
VMware Cloud Director Authentication Bypass Vulnerability (CVE-2023-34060)
Dustin Hartle from Ideal Integrations Inc. has discovered an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). CVE-2023-34060 is given critical severity with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to bypass login restrictions when authenticating.
Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)
A researcher affiliated with Trend Micro’s Zero Day Initiative (ZDI) recently disclosed an authenticated Server-Side Request Forgery (SSRF) zero-day vulnerability within the Microsoft Exchange Server. At the time of writing, the vulnerability was not assigned a CVE identifier. The researcher reported that Microsoft has acknowledged the vulnerability. Microsoft does not plan to release an immediate … Continue reading “Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)”
Microsoft Patch Tuesday, November 2023 Security Update Review
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for November 2023 In this month’s Patch Tuesday edition, Microsoft has addressed a total of 75 vulnerabilities, including five vulnerabilities known to be exploited … Continue reading “Microsoft Patch Tuesday, November 2023 Security Update Review”
SysAid On-Premise Server Vulnerability and Active Exploitation by Ransomware Gang (CVE-2023-47246)
SysAid, a leading IT Service Management (ITSM) solutions provider, recently issued a critical advisory. The notice reveals a previously undisclosed vulnerability in their on-premise server software, which is currently being exploited in the wild. This escalation comes after Microsoft alerted SysAid to the threat, linking it to the notorious ransomware gang TA505, also known as … Continue reading “SysAid On-Premise Server Vulnerability and Active Exploitation by Ransomware Gang (CVE-2023-47246)”
CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an alert for a vulnerability in n the Service Location Protocol (SLP). Tracked as CVE-2023-29552, it has been given a high severity rating with a CVSS score of 7.8. Successful exploitation of the vulnerability will allow an attacker to launch a denial-of-service attack. CISA has … Continue reading “CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)”
QNAP QTS Command Injection Vulnerabilities (CVE-2023-23368 & CVE-2023-23369)
QNAP has released security advisories to address command injection vulnerabilities in multiple QNAP operating system versions. Tracked as CVE-2023-23368 and CVE-2023-23369, the vulnerabilities are rated as critical with a CVSS score of 9.8 and 9, respectively. Successful exploitation of the vulnerabilities may allow a remote attacker to execute commands via a network.
Cisco Firepower Management Center (FMC) Software Command Injection Vulnerability (CVE-2023-20048)
Cisco has released software updates to address a command injection vulnerability in the Firepower Management Center (FMC). Tracked as CVE-2023-20048, the vulnerability has been given a critical severity rating with a CVSS base score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute specific unauthorized configuration commands on a Firepower Threat … Continue reading “Cisco Firepower Management Center (FMC) Software Command Injection Vulnerability (CVE-2023-20048)”
Atlassian Confluence Data Center and Confluence Server Improper Authorization Vulnerability (CVE-2023-22518)
Atlassian has addressed a vulnerability in the Confluence Data Center and Confluence Server. CVE-2023-22518 has been given a critical severity vulnerability and a CVSS score of 9.1. Atlassian has not released much information regarding this improper authorization vulnerability. The advisory states that no proof of active exploitation is available for the vulnerability. The advisory states, … Continue reading “Atlassian Confluence Data Center and Confluence Server Improper Authorization Vulnerability (CVE-2023-22518)”
