Google has released updates to address six vulnerabilities in its Chrome browser. One of the six vulnerabilities ( CVE-2023-2136) is being exploited in the wild. Google has mentioned in the advisory that “an exploit for CVE-2023-2136 exists in the wild.” CVE-2023-2136 is the second zero-day vulnerability in the Chrome browser addressed by Google. Google … Continue reading “Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)”
Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)
Two critical vulnerabilities affecting its JavaScript Sandbox Library are addressed by vm2. Both the vulnerabilities CVE-2023-29199 and CVE-2023-30547 are given a CVSS score of 9.8. Successful exploitation of these vulnerabilities may allow an attacker to perform remote code execution. Seung Hyun Lee) of KAIST Hacking Lab has discovered the vulnerabilities and released proof-of-concept (PoC) (CVE-2023-29199 … Continue reading “Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)”
Oracle Patch Tuesday April 2023 Security Update Review
Oracle has released the April edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products. During Q2 2023 Oracle Critical Patch Update, the Oracle Communications product … Continue reading “Oracle Patch Tuesday April 2023 Security Update Review”
Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)
Google Chrome, the most widely used web browser, faces a type confusion vulnerability (CVE-2023-2033). Google has addressed the vulnerability with the latest version of Chrome. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has mentioned in the advisory that they are aware of active exploitation of this vulnerability in … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)”
vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)
vm2 has released a patch for a critical severity vulnerability (CVE-2023-29017) with a CVSS score of 9.8. Korea Advanced Institute of Science and Technology (KAIST) WSP Lab has discovered the vulnerability. The vulnerability originates from improper input handling of host objects. A proof-of-concept exploit has been made public on GitHub, explaining the severity and … Continue reading “vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)”
Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products
Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”
Microsoft Patch Tuesday April 2023 Security Update Review
Microsoft released security updates to address 114 vulnerabilities in the April Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s know more about this month’s Patch Tuesday details. Microsoft Patch Tuesday for April 2023 Microsoft has addressed 114 vulnerabilities in this month’s Security Update, including 15 Microsoft Edge … Continue reading “Microsoft Patch Tuesday April 2023 Security Update Review”
Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)
Apple has released patches of two zero-day vulnerabilities in macOS Ventura. Apple has mentioned in the advisory that they are aware of the issues being exploited in the wild. The vulnerabilities are assigned with CVE-2023-28206 and CVE-2023-28205. Both vulnerabilities are discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty … Continue reading “Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)”
Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)
Zimbra has issued a security update to address multiple vulnerabilities in its Collaboration Suite (ZCS) product. The CVEs patched in the latest security update of ZCS are CVE-2022-27926, CVE-2021-40438, CVE-2021-39275, CVE-2021-21702, CVE-2022-27925, and CVE-2022-27924. CISA has included CVE-2022-27926 in its Known Exploited Vulnerabilities Catalog. Zimbra Collaboration Suite is a widely deployed web client and email … Continue reading “Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)”
3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)
3CX Desktop Application is currently facing ongoing multi-stage Supply Chain attacks targeted at the company’s customers. The hacker groups have used the trojanized Voice Over Internet Protocol (VOIP) desktop client to stage the attacks. The vulnerability has been termed “SmoothOperator.” The vulnerability has been assigned with CVE-2023-29059. Post exploitation, attackers can spawn an interactive command shell and … Continue reading “3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)”
