Craft CMS is vulnerable to a security vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Tracked as CVE-2023-41892, the vulnerability has been given a critical severity with a CVSS score of 9.8. Craft is a flexible, user-friendly CMS that helps create custom digital experiences on the web and beyond. The … Continue reading “Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)”
Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)
Apple has released emergency updates to address three zero-day vulnerabilities in multiple popular products. Tracked as CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, the vulnerabilities may allow attackers to elevate privileges, perform arbitrary code execution, and bypass signature validation. Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat … Continue reading “Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)”
GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)
Multiple versions of GitLab Enterprise Edition (EE) are affected by critical vulnerability. Tracked as CVE-2023-5009, the vulnerability may allow an attacker to access confidential data or utilize the impersonated user’s elevated permissions to change the source code or launch arbitrary code on the system. Security researcher Johan Carlsson has discovered the vulnerability and reported it … Continue reading “GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)
Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”
Microsoft Patch Tuesday, September 2023 Security Update Review
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-based) in multiple products, features, and roles. Microsoft Patch Tuesday for September 2023 Microsoft has addressed two zero-day publicly exploited vulnerabilities fixed in this month’s updates. Five of these 66 vulnerabilities are rated as Critical and … Continue reading “Microsoft Patch Tuesday, September 2023 Security Update Review”
Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)
Google has released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Tracked as CVE-2023-4863, the CVE has been rated critical by Google. Google is aware of the active exploitation of the vulnerability. CVE-2023-4863 is a Heap Buffer Overflow vulnerability in WebP image format. The vulnerability may allow an attacker … Continue reading “Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)”
Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)
The Citizen Lab at The University of Torontoʼs Munk School has discovered two critical severity vulnerabilities in Apple macOS Ventura, iOS, and iPadOS. Tracked as CVE-2023-41064 and CVE-2023-41061, the vulnerabilities may allow an attacker to perform arbitrary code execution. Apple is aware of the active exploitation of these vulnerabilities. The Citizen Lab has mentioned in … Continue reading “Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)”
Cacti Unauthenticated SQL Injection Vulnerability (CVE-2023-39361)
Cacti, a widely used operational monitoring tool, is vulnerable to a SQL injection flaw that may allow an attacker to perform code execution on successful exploitation. CVE-2023-39361 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an unauthenticated user to execute arbitrary code on a Cacti server if a … Continue reading “Cacti Unauthenticated SQL Injection Vulnerability (CVE-2023-39361)”
