Progress Software has recently released patches to address multiple security vulnerabilities impacting the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager interface. Out of eight vulnerabilities patched in the updates, two vulnerabilities, CVE-2023-40044 and CVE-2023-42657, are rated as critical. WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package. The server … Continue reading “Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)
Google has released emergency updates to address a zero-day vulnerability in its Chrome browser. CVE-2023-5217 is a high-severity vulnerability that can lead to program crashes or arbitrary code execution. Google has mentioned in the advisory that the vulnerability is being exploited in the wild. Clément Lecigne of Google’s Threat Analysis Group (TAG) has discovered the … Continue reading “Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)
CISA has added a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software to its Known Exploited Vulnerabilities Catalog. The addition of the vulnerability to CISA KEV is the acknowledgment of active exploitation of the vulnerability. CISA has requested users to patch the vulnerability before October 4, 2023. Ransomware groups are exploiting … Continue reading “CISA Added Cisco Adaptive Security Appliance Software Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-20269)”
CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)
Apache RocketMQ servers have a vulnerability that attackers were exploiting. CVE-2023-33246 is a critical severity vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Security researchers at Juniper Threat Labs have recently reported the exploitation of the vulnerability by DreamBus botnet malware. CISA has acknowledged its active exploitation by adding … Continue reading “CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)”
CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)
A critical severity vulnerability in the customer-managed ShareFile storage zones controller is exploited in the wild. CVE-2023-24489 has been given a CVSS score of 9.1. Successful exploitation of the vulnerability may allow an unauthenticated attacker to compromise the customer-managed ShareFile storage zones controller remotely. The vulnerability arises due to improper resource control that may lead … Continue reading “CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)”
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2023-37580) Added to CISA Known Exploited Vulnerabilities Catalog
Attackers are exploiting a critical Zimbra Collaboration Suite cross-site scripting vulnerability. CVE-2023-37580 affects the Zimbra Classic Web Client. Successful exploitation of the vulnerability may allow an attacker to compromise the confidentiality and integrity of the target system. CISA has added the CVE-2023-37580 to its Known Exploited Vulnerabilities Catalog urging users to apply the patch before … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2023-37580) Added to CISA Known Exploited Vulnerabilities Catalog”
Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)
Ivanti EPMM, formerly MobileIron Core, is facing another zero-day vulnerability CVE-2023-35081. Successful exploitation of the vulnerability will allow an authenticated administrator to perform arbitrary file writes to the EPMM server. Arbitrary file write (AFW) is a type of vulnerability that can allow attackers to escalate their privileges and even achieve remote code execution (RCE) on … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)”
VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)
VMware addressed an authentication bypass vulnerability in VMware Tools. CVE-2023-20867 may allow attackers to execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication. The vulnerability was discovered by Mandiant. The firm suggests that the cyber espionage group known as UNC3886 has exploited the vulnerability. VMware Tools is a set of services … Continue reading “VMware Tools Zero-day Authentication Bypass Vulnerability Exploited by Chinese Hackers (CVE-2023-20867)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
