vm2 has released a patch for a critical severity vulnerability (CVE-2023-29017) with a CVSS score of 9.8. Korea Advanced Institute of Science and Technology (KAIST) WSP Lab has discovered the vulnerability. The vulnerability originates from improper input handling of host objects. A proof-of-concept exploit has been made public on GitHub, explaining the severity and … Continue reading “vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)”
Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products
Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”
Microsoft Patch Tuesday April 2023 Security Update Review
Microsoft released security updates to address 114 vulnerabilities in the April Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s know more about this month’s Patch Tuesday details. Microsoft Patch Tuesday for April 2023 Microsoft has addressed 114 vulnerabilities in this month’s Security Update, including 15 Microsoft Edge … Continue reading “Microsoft Patch Tuesday April 2023 Security Update Review”
Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)
Apple has released patches of two zero-day vulnerabilities in macOS Ventura. Apple has mentioned in the advisory that they are aware of the issues being exploited in the wild. The vulnerabilities are assigned with CVE-2023-28206 and CVE-2023-28205. Both vulnerabilities are discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty … Continue reading “Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)”
Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)
Zimbra has issued a security update to address multiple vulnerabilities in its Collaboration Suite (ZCS) product. The CVEs patched in the latest security update of ZCS are CVE-2022-27926, CVE-2021-40438, CVE-2021-39275, CVE-2021-21702, CVE-2022-27925, and CVE-2022-27924. CISA has included CVE-2022-27926 in its Known Exploited Vulnerabilities Catalog. Zimbra Collaboration Suite is a widely deployed web client and email … Continue reading “Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)”
3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)
3CX Desktop Application is currently facing ongoing multi-stage Supply Chain attacks targeted at the company’s customers. The hacker groups have used the trojanized Voice Over Internet Protocol (VOIP) desktop client to stage the attacks. The vulnerability has been termed “SmoothOperator.” The vulnerability has been assigned with CVE-2023-29059. Post exploitation, attackers can spawn an interactive command shell and … Continue reading “3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)”
Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)
Veeam has patched a high-severity vulnerability in its Veeam Backup & Replication product. Assigned with CVE-2023-27532, the vulnerability may allow an unauthenticated attacker to execute arbitrary code remotely. The proof-of-concept (PoC) for this vulnerability is publicly available. Markus Wulftange, a security researcher at CODE WHITE GmbH, has published the PoC. CISA has added … Continue reading “Veeam Backup and Replication Access Control Vulnerability (CVE-2023-27532)”
Apache Patches HTTP Request Splitting Vulnerabilities in its HTTP Server (CVE-2023-25690 and CVE-2023-27522)
Apache has released a new HTTP Server version to address two security flaws; CVE-2023-25690 and CVE-2023-27522. The vulnerabilities may allow an attacker to perform HTTP smuggling attacks on a vulnerable server. On successful exploitation, these vulnerabilities could result in information disclosure and enable attackers to execute further attacks. The Apache HTTP Server, also called … Continue reading “Apache Patches HTTP Request Splitting Vulnerabilities in its HTTP Server (CVE-2023-25690 and CVE-2023-27522)”
Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)
Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”
The March 2023 Patch Tuesday Security Update Review
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss the security updates. Microsoft Patches for March 2023 Microsoft has addressed 101 vulnerabilities in the month of March, including 22 Microsoft Edge (Chromium-based) vulnerabilities. Microsoft has … Continue reading “The March 2023 Patch Tuesday Security Update Review”
