Red Hat JBoss RichFaces Framework is vulnerable to an expression language injection vulnerability tracked as CVE-2018-14667. The vulnerability may allow an attacker to perform code execution using a chain of Java serialized objects. The vulnerability has been given a critical severity rating with a CVSS score of 9.8. CISA has added the vulnerability to its … Continue reading “CISA Added Red Hat JBoss RichFaces Framework Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2018-14667)”
Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)
Google has released emergency updates to address a zero-day vulnerability in its Chrome browser. CVE-2023-5217 is a high-severity vulnerability that can lead to program crashes or arbitrary code execution. Google has mentioned in the advisory that the vulnerability is being exploited in the wild. Clément Lecigne of Google’s Threat Analysis Group (TAG) has discovered the … Continue reading “Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)”
Cisco Patches Multiple Security Vulnerabilities in Catalyst SD-WAN Manager (CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262)
Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.
JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2023-42793)
JetBrains TeamCity, a popular integration and deployment tool, is vulnerable to an authentication bypass flaw. CVE-2023-42793 affects on-premise instances of the TeamCity CI/CD servers. Successful exploitation of the vulnerability may lead to remote code execution. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)
Craft CMS is vulnerable to a security vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Tracked as CVE-2023-41892, the vulnerability has been given a critical severity with a CVSS score of 9.8. Craft is a flexible, user-friendly CMS that helps create custom digital experiences on the web and beyond. The … Continue reading “Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)”
Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)
Apple has released emergency updates to address three zero-day vulnerabilities in multiple popular products. Tracked as CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, the vulnerabilities may allow attackers to elevate privileges, perform arbitrary code execution, and bypass signature validation. Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat … Continue reading “Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)”
GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)
Multiple versions of GitLab Enterprise Edition (EE) are affected by critical vulnerability. Tracked as CVE-2023-5009, the vulnerability may allow an attacker to access confidential data or utilize the impersonated user’s elevated permissions to change the source code or launch arbitrary code on the system. Security researcher Johan Carlsson has discovered the vulnerability and reported it … Continue reading “GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)
Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”
