Cisco has addressed privilege escalation vulnerabilities that affect Cisco Expressway Series and Cisco TelePresence Video Communication Server. CVE-2023-20105 and CVE-2023-20192 have been given Critical and High severity ratings with a CVSS score of 9.6 and 8.4, respectively. CVE-2023-20105 was encountered during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG). CVE-2023-20105 … Continue reading “Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)”
Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)
Google released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Google has given CVE-2023-3079 a high severity rating. The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group. Google is aware of the active exploitation of the vulnerability. The advisory provides no information regarding the other vulnerability … Continue reading “Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)
GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via … Continue reading “GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)”
Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)
Apple has released security advisories to address three zero-day vulnerabilities exploited in attacks against iPhones, Macs, and iPads. The vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) exist in the browser engine WebKit. Apple has mentioned in the advisory that reports suggesting the vulnerabilities (CVE-2023-32409, CVE-2023-28204, & CVE-2023-32373) may have been actively exploited. Along with three zero-day vulnerabilities, … Continue reading “Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)”
Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches
Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device. Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated … Continue reading “Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches”
Microsoft Patch Tuesday, May 2023 Security Update Review
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s guide you through this month’s Patch Tuesday details. Microsoft Patch Tuesday for May 2023 Microsoft has also addressed two zero-day vulnerabilities known to be exploited in the wild. Six of these 49 vulnerabilities … Continue reading “Microsoft Patch Tuesday, May 2023 Security Update Review”
Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)
Apache has released a patch to address a session validation vulnerability in Superset. CVE-2023-27524 has been rated as high, with a CVSS score of 8.9. On successful exploitation, the vulnerability may allow an attacker to authenticate and access unauthorized resources and execute arbitrary code on the target system. On January 8, 2024, CISA added the … Continue reading “Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)”
VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)
VMware has released a security advisory to address four vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872). Out of this, two vulnerabilities can be chained to perform remote code execution on the vulnerable Workstation and Fusion software hypervisors. On the second day of the Pwn2Own Vancouver 2023 hacking competition, the security researchers from the STAR Labs team … Continue reading “VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)”
PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)
PaperCut, a print manager software, has a remote code execution vulnerability that is being actively exploited. CVE-2023-27350 has been rated as critical with a CVSS Base Score of 9.8. Successful exploitation of the vulnerability allows unauthenticated attackers to perform remote code execution to compromise the vulnerable PaperCut application server. The vendor mentioned in the advisory … Continue reading “PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)”
