Ivanti EPMM, formerly MobileIron Core, is facing another zero-day vulnerability CVE-2023-35081. Successful exploitation of the vulnerability will allow an authenticated administrator to perform arbitrary file writes to the EPMM server. Arbitrary file write (AFW) is a type of vulnerability that can allow attackers to escalate their privileges and even achieve remote code execution (RCE) on … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)
VMware addressed an authentication bypass vulnerability in VMware Tools. CVE-2023-20867 may allow attackers to execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication. The vulnerability was discovered by Mandiant. The firm suggests that the cyber espionage group known as UNC3886 has exploited the vulnerability. VMware Tools is a set of services … Continue reading “VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)
Apple has released security advisories to address three zero-day vulnerabilities exploited in attacks against iPhones, Macs, and iPads. The vulnerabilities (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) exist in the browser engine WebKit. Apple has mentioned in the advisory that reports suggesting the vulnerabilities (CVE-2023-32409, CVE-2023-28204, & CVE-2023-32373) may have been actively exploited. Along with three zero-day vulnerabilities, … Continue reading “Apple Patches Three Zero-day Vulnerabilities in WebKit Browser Engine (CVE-2023-32409, CVE-2023-28204, CVE-2023-32369, & CVE-2023-32373)”
Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)
Google has released updates to address six vulnerabilities in its Chrome browser. One of the six vulnerabilities ( CVE-2023-2136) is being exploited in the wild. Google has mentioned in the advisory that “an exploit for CVE-2023-2136 exists in the wild.” CVE-2023-2136 is the second zero-day vulnerability in the Chrome browser addressed by Google. Google … Continue reading “Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)”