A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”
Tag: Zero-day Vulnerability
Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)
Google has released updates to address six vulnerabilities in its Chrome browser. One of the six vulnerabilities ( CVE-2023-2136) is being exploited in the wild. Google has mentioned in the advisory that “an exploit for CVE-2023-2136 exists in the wild.” CVE-2023-2136 is the second zero-day vulnerability in the Chrome browser addressed by Google. Google … Continue reading “Google Releases Update to Address Second Zero-day Vulnerability in its Chrome Browser (CVE-2023-2136)”
Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)
Google Chrome, the most widely used web browser, faces a type confusion vulnerability (CVE-2023-2033). Google has addressed the vulnerability with the latest version of Chrome. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has mentioned in the advisory that they are aware of active exploitation of this vulnerability in … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2023-2033)”
Apple Patches Zero-day Vulnerability in WebKit (CVE-2023-23529)
Apple has released security advisories to address a vulnerability in WebKit. The vulnerability has been assigned with the CVE-2023-23529. It affects multiple devices, including macOS, iPadOS, and iOS. Apple has mentioned in its advisory that they are aware of a report that the CVE-2023-23529 may have been actively exploited. The zero-day vulnerability might be used … Continue reading “Apple Patches Zero-day Vulnerability in WebKit (CVE-2023-23529)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)
Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)
Chrome has released security updates for Windows, Mac, and Linux to fix the zero-day vulnerability. Tracked as CVE-2022-4262, it is a type confusion vulnerability in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has acknowledged the active exploitation of this vulnerability in the wild. … Continue reading “Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)”
Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)
Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022. … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”
Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)
Google released patches to address a zero-day vulnerability in the Chrome browser. Tracked as CVE-2022-3723, it is a high-severity vulnerability in the Chrome V8 JavaScript engine. The vulnerability was discovered and reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast. “Google is aware of reports that an exploit for CVE-2022-3723 exists in the … Continue reading “Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)”
Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)
Vietnamese cybersecurity outfit GTSC has reported two critical vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 via the Zero-day initiative (ZDI-CAN-18333 and ZDI-CAN-18802). The first flaw (CVE-2022-41040) is a Server-Side Request Forgery (SSRF) vulnerability. The second flaw (CVE-2022-41082) allows remote code execution (RCE) when PowerShell is accessible to the attacker. Microsoft has mentioned in … Continue reading “Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)”
Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)
Trend Micro has released a security advisory addressing multiple vulnerabilities (CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143, CVE-2022-40144) in Apex One (On-Premise) and Apex One as a Service. The advisory states, “Trend Micro has observed at least one active attempt of potential exploitation of CVE-2022-40139 in the wild.” It typically takes physical or remote access to a … Continue reading “Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)”
