The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an alert for a vulnerability in n the Service Location Protocol (SLP). Tracked as CVE-2023-29552, it has been given a high severity rating with a CVSS score of 7.8. Successful exploitation of the vulnerability will allow an attacker to launch a denial-of-service attack. CISA has … Continue reading “CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
CISA Added Adobe and Cisco vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-21608 & CVE-2023-20109)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the active exploitation of two vulnerabilities. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog on Tuesday. CISA has recommended that users apply the vendor-released patches before October 31, 2023, to secure their networks against potential threats. The two vulnerabilities added by CISA are: CVE-2023-21608 CVE-2023-20109
Microsoft Patch Tuesday, October 2023 Security Update Review
Microsoft released its October edition of Patch Tuesday! In this month’s updates, Microsoft has addressed 105 vulnerabilities in different products, features, and roles. Let’s take a look at the updates in detail.
Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)
Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”
Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)
Atlassian Confluence Data Center and Server are vulnerable to a privilege escalation vulnerability. CVE-2023-22515 is a critical severity vulnerability with a CVSS score of 10. A remote attacker may exploit the vulnerability in a low-complexity attack without user interaction. Successful exploitation of the vulnerability may allow attackers to create unauthorized Confluence administrator accounts and access … Continue reading “Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)”
Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)
Progress Software has recently released patches to address multiple security vulnerabilities impacting the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager interface. Out of eight vulnerabilities patched in the updates, two vulnerabilities, CVE-2023-40044 and CVE-2023-42657, are rated as critical. WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package. The server … Continue reading “Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)”
Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)
Google has released emergency updates to address a zero-day vulnerability in its Chrome browser. CVE-2023-5217 is a high-severity vulnerability that can lead to program crashes or arbitrary code execution. Google has mentioned in the advisory that the vulnerability is being exploited in the wild. Clément Lecigne of Google’s Threat Analysis Group (TAG) has discovered the … Continue reading “Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)
Apache RocketMQ servers have a vulnerability that attackers were exploiting. CVE-2023-33246 is a critical severity vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Security researchers at Juniper Threat Labs have recently reported the exploitation of the vulnerability by DreamBus botnet malware. CISA has acknowledged its active exploitation by adding … Continue reading “CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)”