Multiple MOVEit Managed File Transfer Web Application versions face SQL Injection vulnerability (CVE-2023-35036). Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. MOVEit has accredited Cybersecurity firm Huntress for discovering the vulnerability. MOVEit Transfer is a managed file transfer (MFT) solution available in an on-premises … Continue reading “Critical SQL Injection Vulnerability in MOVEit Managed File Transfer Web Application (CVE-2023-35036)”
Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)
Cisco has released patches to address a high-severity vulnerability, CVE-2023-20178, that affects the Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software. Filip Dragovic reported the vulnerability. On successful exploitation, the vulnerability may allow attackers to escalate privileges to those of the SYSTEM. No evidence is available to show the public exploitation of … Continue reading “Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)”
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)
Cisco has addressed privilege escalation vulnerabilities that affect Cisco Expressway Series and Cisco TelePresence Video Communication Server. CVE-2023-20105 and CVE-2023-20192 have been given Critical and High severity ratings with a CVSS score of 9.6 and 8.4, respectively. CVE-2023-20105 was encountered during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG). CVE-2023-20105 … Continue reading “Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)”
Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)
Google released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Google has given CVE-2023-3079 a high severity rating. The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group. Google is aware of the active exploitation of the vulnerability. The advisory provides no information regarding the other vulnerability … Continue reading “Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)
GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via … Continue reading “GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)”
Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)
Apple has released security advisories to address three zero-day vulnerabilities exploited in attacks against iPhones, Macs, and iPads. The vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) exist in the browser engine WebKit. Apple has mentioned in the advisory that reports suggesting the vulnerabilities (CVE-2023-32409, CVE-2023-28204, & CVE-2023-32373) may have been actively exploited. Along with three zero-day vulnerabilities, … Continue reading “Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)”
Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches
Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device. Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated … Continue reading “Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches”
Microsoft Patch Tuesday, May 2023 Security Update Review
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s guide you through this month’s Patch Tuesday details. Microsoft Patch Tuesday for May 2023 Microsoft has also addressed two zero-day vulnerabilities known to be exploited in the wild. Six of these 49 vulnerabilities … Continue reading “Microsoft Patch Tuesday, May 2023 Security Update Review”
Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)
Apache has released a patch to address a session validation vulnerability in Superset. CVE-2023-27524 has been rated as high, with a CVSS score of 8.9. On successful exploitation, the vulnerability may allow an attacker to authenticate and access unauthorized resources and execute arbitrary code on the target system. On January 8, 2024, CISA added the … Continue reading “Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)”
