jai-ext, a JAI extension API, is vulnerable to a command injection vulnerability. Assigned with CVE-2022-24816, the vulnerability may allow an attacker to execute code remotely on a vulnerable system. The vulnerability is rated as critical and has a CVSSv3 base score of 9.8. Security researchers at Synacktiv have released a PoC. GeoServer is an … Continue reading “jai-ext Remote Code Execution Vulnerability (CVE-2022-24816)”
ArubaOS Multiple Vulnerabilities (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, and CVE-2023-22752)
Aruba Networks has released a security advisory to address 33 vulnerabilities that affect different versions of ArubaOS. The vulnerabilities affect various products, including Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways. Out of these 33 vulnerabilities, six are rated as critical. CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750 are critical severity command … Continue reading “ArubaOS Multiple Vulnerabilities (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, and CVE-2023-22752)”
ZK Java Framework Remote Code Execution Vulnerability (CVE-2022-36537)
There is an active exploitation of a remote code execution vulnerability that affects multiple versions of the ZK Framework. Assigned with CVE-2022-36537, the vulnerability may allow an attacker to access critical information by sending a specially crafted POST request to the AuUploader component. Markus Wulftange of Code White GmbH discovered the vulnerability last year, and … Continue reading “ZK Java Framework Remote Code Execution Vulnerability (CVE-2022-36537)”
IBM Aspera Faspex Remote Code Execution Vulnerability (CVE-2022-47986)
IBM has released a security advisory to address ten vulnerabilities affecting its transfer solution Aspera Faspex. CVE-2022-47986 is the only critically rated vulnerability among the ten flaws that IBM addressed. Multiple remote code execution, cross-site scripting (XSS), denial of service (DoS), and other security vulnerabilities have been patched by IBM in this security update. CVE-2022-47986 … Continue reading “IBM Aspera Faspex Remote Code Execution Vulnerability (CVE-2022-47986)”
Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2023-21839)
Oracle WebLogic server is vulnerable to an information disclosure flaw that can lead to remote code execution. Assigned with CVE-2023-21839, an attacker can exploit this vulnerability to gain unauthorized access to critical data. The vulnerability started getting noticed shortly after proof of concept (PoC) was published. Oracle WebLogic Server is a product of Oracle Fusion … Continue reading “Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2023-21839)”
Joomla! Webservice Endpoints Improper Access Control Vulnerability (CVE-2023-23752)
A high-severity improper access control vulnerability has been discovered in various Joomla! CMS instances. Tracked as CVE-2023-23752, the vulnerability may allow an attacker to get unauthorized access to webservice endpoints and access sensitive information of the target application. On January 8, 2024, CISA added the CVE-2023-27524 to the Known Exploited Vulnerabilities Catalog. CISA has recommended users … Continue reading “Joomla! Webservice Endpoints Improper Access Control Vulnerability (CVE-2023-23752)”
VMware Carbon Black App Control Injection Vulnerability (CVE-2023-20858)
VMware patched a critical severity vulnerability in its Carbon Black App Control Server. Assigned with CVE-2023-20858, the vulnerability could allow an attacker to gain complete control of the target system. The vulnerability has a CVSSv3 base score of 9.1. VMware Carbon Black App Control provides application control and critical infrastructure protection. The VMware product … Continue reading “VMware Carbon Black App Control Injection Vulnerability (CVE-2023-20858)”
TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)
TerraMaster NAS devices are vulnerable to a remote command execution vulnerability that could allow an unauthenticated attacker to execute commands as root. Tracked as CVE-2022-24990, the vulnerability is exploited via PHP Object Instantiation. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it soon. NAS (network-attached … Continue reading “TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)”
Citrix Patches Multiple Vulnerabilities in Workspace, Virtual App, and Desktop (CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, CVE-2023-24486)
Citrix has released security advisories to address multiple high-severity vulnerabilities affecting Workspace, Virtual Apps, and Desktops. The vulnerabilities are assigned with CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24486. On successful exploitation, these vulnerabilities can have severe consequences ranging from privilege escalation to session takeover. Citrix products are used in various organizations worldwide for handling multiple operations. … Continue reading “Citrix Patches Multiple Vulnerabilities in Workspace, Virtual App, and Desktop (CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, CVE-2023-24486)”
Apple Patches Zero-day Vulnerability in WebKit (CVE-2023-23529)
Apple has released security advisories to address a vulnerability in WebKit. The vulnerability has been assigned with the CVE-2023-23529. It affects multiple devices, including macOS, iPadOS, and iOS. Apple has mentioned in its advisory that they are aware of a report that the CVE-2023-23529 may have been actively exploited. The zero-day vulnerability might be used … Continue reading “Apple Patches Zero-day Vulnerability in WebKit (CVE-2023-23529)”
