Citrix has released patches to address two vulnerabilities (CVE-2023-4966 & CVE-2023-4967) in NetScaler ADC and Gateway. CVE-2023-4966 has been rated as critical, with a CVSS score of 9.4. Successful exploitation of the vulnerability may lead to information disclosure. CVE-2023-4967 has a high severity rating and a CVSS score of 8.2. Successful exploitation of the vulnerability … Continue reading “NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Multiple Vulnerabilities (CVE-2023-4966 & CVE-2023-4967) (CitrixBleed)”
Microsoft Patch Tuesday, October 2023 Security Update Review
Microsoft released its October edition of Patch Tuesday! In this month’s updates, Microsoft has addressed 105 vulnerabilities in different products, features, and roles. Let’s take a look at the updates in detail.
Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)
Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”
Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)
Atlassian Confluence Data Center and Server are vulnerable to a privilege escalation vulnerability. CVE-2023-22515 is a critical severity vulnerability with a CVSS score of 10. A remote attacker may exploit the vulnerability in a low-complexity attack without user interaction. Successful exploitation of the vulnerability may allow attackers to create unauthorized Confluence administrator accounts and access … Continue reading “Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)”
Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)
Progress Software has recently released patches to address multiple security vulnerabilities impacting the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager interface. Out of eight vulnerabilities patched in the updates, two vulnerabilities, CVE-2023-40044 and CVE-2023-42657, are rated as critical. WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package. The server … Continue reading “Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)”
CISA Added Red Hat JBoss RichFaces Framework Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2018-14667)
Red Hat JBoss RichFaces Framework is vulnerable to an expression language injection vulnerability tracked as CVE-2018-14667. The vulnerability may allow an attacker to perform code execution using a chain of Java serialized objects. The vulnerability has been given a critical severity rating with a CVSS score of 9.8. CISA has added the vulnerability to its … Continue reading “CISA Added Red Hat JBoss RichFaces Framework Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2018-14667)”
Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)
Google has released emergency updates to address a zero-day vulnerability in its Chrome browser. CVE-2023-5217 is a high-severity vulnerability that can lead to program crashes or arbitrary code execution. Google has mentioned in the advisory that the vulnerability is being exploited in the wild. Clément Lecigne of Google’s Threat Analysis Group (TAG) has discovered the … Continue reading “Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)”
Cisco Patches Multiple Security Vulnerabilities in Catalyst SD-WAN Manager (CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262)
Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.
JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2023-42793)
JetBrains TeamCity, a popular integration and deployment tool, is vulnerable to an authentication bypass flaw. CVE-2023-42793 affects on-premise instances of the TeamCity CI/CD servers. Successful exploitation of the vulnerability may lead to remote code execution. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)
Craft CMS is vulnerable to a security vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Tracked as CVE-2023-41892, the vulnerability has been given a critical severity with a CVSS score of 9.8. Craft is a flexible, user-friendly CMS that helps create custom digital experiences on the web and beyond. The … Continue reading “Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)”
