Security
Headlines
HeadlinesLatestCVEs

Headline

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

Alexander V. Leonov
#sql#xss#vulnerability#web#windows#google#microsoft#ubuntu#linux#debian#dos#apache#js#git#wordpress#rce#perl#buffer_overflow#auth#chrome#firefox#ssl#blog

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done.

Alternative video link (for Russia): https://vk.com/video-149273431_456239139

Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and some other interesting vulnerabilities that have been released or updated in the last 3 months. Finally, I’d like to end this episode with a reflection on how my 2023 went and what I’d like to do in 2024.

Vulristics JSON input and output

In Vulristics you can now provide input data in JSON format and receive output in JSON format. Which opens up new opportunities for automation.

Simply provide a list of CVEs and comments for them (if you have them) as input, and the output will be rated CVEs (with vulnerability type, product, exploitation in the wild, public exploits, etc.).

You can create reports in both JSON and HTML format at the same time:

python3 vulristics.py --report-type "custom_profile" --profile-json-path "profile.json" --cve-data-sources "ms,nvd,epss,attackerkb,vulners,custom" --result-formats "json,html" --result-json-path "results.json" --result-html-path "results.html" --rewrite-flag "True"

As an example, I uploaded a JSON file with a task for Vulristics (January Linux Patch Wednesday). In the JSON task file, you can specify the name of the report, a list of CVE identifiers and comments for them.

I’ve also uploaded a sample JSON results file. This file contains the same information as a regular HTML report. You can see there information on products and vulnerabilities related to them.

There is also a block with vulnerabilities, which contains information about each analyzed vulnerability: their overall criticality (vvs) and the described components that affected it.

JSON input and output combined with other Vulristics features make it a very flexible tool:

🔹A Custom Data Source allows you to use any vulnerability data you know about in Vulristics. Including the existence of an exploit and signs of exploitation in the wild. Thus, even non-public data can be used when prioritizing vulnerabilities.

🔹 You can control the detection of a vulnerable product and set the prevalence of that product (which affects the final vulnerability score) by editing the products.json file. You can set keywords for detection there and increase or decrease the detection priority.

🔹 In a similar way, you can control the detection of vulnerability types and their criticality in the data_classification_vulnerability_types.py file.

CPE-based vulnerable product names detection

Let’s now talk in more detail about detecting a vulnerable product for a specific CVE. Vulristics had problems with these. Especially when I used it to analyze Linux Patch Wednesdays. For more than half of the vulnerabilities, Vulristics could not detect the related vulnerable products. 🤷‍♂️ Types of vulnerabilities too. But there were most problems with the products. Of course, it would be possible to manually add detection rules for them, but this would require too much time and effort.

So instead, I decided to take the time to implement detection based on short CPE IDs (type:vendor:product).

I take these IDs from NVD Data Source.

I add the same identifiers to the product descriptions in products.json.

The work is in progress, but the reports are already much more informative even if the affected product is not described in products.json. 🙂

Vulristics now uses a combined method to detect vulnerable product names based on CPE IDs and keywords.

  1. The highest priority is given to the product name directly specified in the data source.
  2. Then the product name detected heuristically based on a description with a strict structure (for now only for Microsoft vulnerabilities).
  3. Then the product name detected by keywords (expressions).
  4. Then the product name detected by CPE identifiers.

In CPE detections, I give the highest priority to the first identifier of type a (application), if it is not there, then h (hardware), if it is not there, then o (operating system).

CWE-based vulnerability type detection

I solved the problem with detecting types of vulnerabilities in a similar way. Now Vulristics can detect vulnerability types not only by keywords (expressions), but also by CWE identifiers from NVD Data source.

For each vulnerability type in Vulristics, you can specify a set of corresponding CWE IDs in data_classification_vulnerability_types.py file. I’ve already mapped some CWE IDs to Vulristics vulnerability types. But, of course, not all of them. There are over 600 CWE IDs! I will add them as needed.

Additionally, I made the following changes to Vulristics vulnerability type detection:

🔹 I have added a new Incorrect Calculation vulnerability type for massive non-critical vulnerabilities that are not memory related (and therefore can’t be classified as Memory Corruption). For example, “Divide By Zero” or “Integer Overflow”. In fact, such vulnerabilities are simply bugs, because it is not clear from the description how an attacker can exploit them. If they lead to an application crash or RCE, then why not write about this directly? And if they don’t, then why bother? In my opinion, it would be better not to create CVE identifiers for such problems at all. But in fact, there are such CVE identifiers (especially often for Linux). Therefore, it is necessary to detect the type for such “vulnerabilities”. Now they will be classified as Incorrect Calculation with a relatively low criticality (same as Memory Corruption).

🔹 I started to get annoyed by Path Traversal vulnerabilities, which in fact give an attacker the ability to read and write arbitrary files. 🤷‍♂️ Therefore, for such vulnerabilities I will use the types Arbitrary File Reading (already existed) and Arbitrary File Writing (a new one).
🔹 I adjusted the weights for the types of vulnerabilities. The logic is this: the more specific the type and the more clear how this type of vulnerability can be used by an attacker, the greater the weight. But this thing, of course, is extremely subjective and I will most likely tweak it many more times. In the moment it looks like this:

Remote Code Execution 1.0Code Injection 0.97XXE Injection 0.97Command Injection 0.97Authentication Bypass 0.95Arbitrary File Writing 0.95Security Feature Bypass 0.90Elevation of Privilege 0.85Information Disclosure 0.83Arbitrary File Reading 0.83Cross Site Scripting 0.8Open Redirect 0.75Path Traversal 0.7Denial of Service 0.7Memory Corruption 0.5Incorrect Calculation 0.5Spoofing 0.4Tampering 0.3Unknown Vulnerability Type 0

Right now it seems like XSS and Open Redirect are a little underrated. But on the other hand, they require more human interaction, so maybe that’s okay. 🤔 In any case, although the type of vulnerability affects the final criticality quite strongly, it does not affect as much as the presence of an exploit and signs of exploitation in the wild.

Linux Patch Wednesday

As part of this project, I am analyzing Linux vulnerabilities that have been patched in the last month. The main difficulty in distributing CVEs by month is to determine the date when the CVE was patched for the first time. Usually the Debian team is the fastest to patch vulnerabilities. But the problem is that some Debian OVAL definitions do not have a publication date. 😑

I’ll demonstrate this with an example. When I generated the Linux Patch Wednesday report for January, I saw in the report UnRAR Arbitrary File Overwrite (CVE-2022-30333). Why did the 2022 vulnerability appeared at the beginning of 2024? Because it was patched in Ubuntu recently, on January 8th. In this case, it was not the UnRAR utility that was fixed, but the third-party ClamAV library for anti-virus scanning of archives. Does this mean that Linux vendors did not patch this CVE vulnerability until 2024? Well, some Linux vendors did. There is a message on the Debian mailing list dated August 17, 2023. It’s also late, not 2022 (as it should be), but still a little earlier. But the problem is that this date, August 17, 2023, was not in the Debian OVAL content. And that’s why the CVE got from 2022 to 2024. Simply because the earliest (and only) date that was in the Linux vendors’ OVAL content for this vulnerability was the date of the belated fix in Ubuntu Linux. 🤷‍♂️

So, OVAL is good and universal, but, unfortunately, not a panacea. Surprisingly, there is also a mess there, which no one cares about. 😏

That’s why I had to learn how to parse archives of the Debian Security Bulletin mailing list. As a result, the list of vulnerabilities in LPW has become more adequate. In particular, CVE-2022-30333 went to the LPW for September 2023. And it is also possible to work with other mailing lists, for example with Suse, in the same manner.

From November to January there were between 81 and 192 CVEs in Linux Patch Wednesdays. Among them were vulnerabilities with public exploits and signs of active exploitation in the wild:

  • Security Feature Bypass / RCE – ActiveMQ (CVE-2023-46604)
  • Cross Site Scripting – Roundcube (CVE-2023-5631)
  • Information Disclosure – WordPress (CVE-2023-39999)

There were also vulnerabilities with the signs of active exploitation in the wild, but without public exploits:

  • Remote Code Execution – Safari (CVE-2023-42917)
  • Information Disclosure – Safari (CVE-2023-42916)
  • Incorrect Calculation – Chromium (CVE-2023-6345) Integer overflow in Skia
  • Remote Code Execution – spreadsheet::parseexcel Perl module (CVE-2023-7101)

It makes no sense to list all the vulnerabilities for which there is a PoC or an exploit, but there are no signs of exploitation in the wild. Simply because there are a lot of them, about 90. You can look at them yourself in the Vulristics reports. I’ve updated the Vulristics reports for these Linux Patch Wednesdays on January 30th:

🗒 November Linux Patch Wednesday
🗒 December Linux Patch Wednesday
🗒 January Linux Patch Wednesday

Thanks to the latest improvements to Vulristics, I processed them to almost perfect condition. The product name and type of vulnerability were NOT detected only for “This candidate has been reserved…” stubs and for vulnerabilities with such a strange description that even manual processing is difficult.

****Microsoft Patch Tuesdays

Over the past 3 months, Microsoft has been releasing Patch Tuesdays with relatively few CVEs. From 53 to 98, including vulnerabilities that were released between Patch Tuesdays.

At the moment, there is only one vulnerability with a public exploit and signs of exploitation in the wild:

Security Feature Bypass – Windows SmartScreen (CVE-2023-36025). To exploit the vulnerability, an attacker must convince a user to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by them.

Signs of exploitation in the wild have been noted for these vulnerabilities:

  • Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2023-36036)
  • Elevation of Privilege – Windows DWM Core Library (CVE-2023-36033)
  • Incorrect Calculation – Chromium (CVE-2023-6345). Integer overflow in Skia
  • Memory Corruption – Chromium (CVE-2023-7024). Heap buffer overflow in WebRTC

PoCs have also appeared for these vulnerabilities. Most of them are EoPs. And VM vendors ignored most of these vulnerabilities in their Microsoft Patch Tuesday reviews.

  • Remote Code Execution – Microsoft Excel (CVE-2023-36041)
  • Elevation of Privilege – Windows Hyper-V (CVE-2023-36427)
  • Elevation of Privilege – XAML Diagnostics (CVE-2023-36003)
  • Elevation of Privilege – Windows Kernel (CVE-2024-20698)
  • Elevation of Privilege – Visual Studio (CVE-2024-20656)
  • Security Feature Bypass – Hypervisor-Protected Code Integrity (HVCI) (CVE-2024-21305)
  • Memory Corruption – SQLite (CVE-2022-35737)

I’ve updated the Vulristics reports for these Microsoft Patch Tuesdays on January 29th:

🗒 November Microsoft Patch Tuesday
🗒 December Microsoft Patch Tuesday
🗒 January Microsoft Patch Tuesday

Other Vulnerabilities

Among the many other critical vulnerabilities that have appeared or been updated over the past 3 months, I would like to highlight the following:

  • Sharepoint Authentication Bypass vulnerability (CVE-2023-29357) from June Patch Tuesday is in active exploitation. It was added to CISA KEV. Microsoft classifies this vulnerability as EoP, but the description is similar to AuthBypass. A remote, unauthenticated attacker can exploit the vulnerability by sending a spoofed JWT authentication token to a vulnerable server giving them the privileges of an authenticated user on the target. According to the advisory, no user interaction is required in order for an attacker to exploit this flaw. The vulnerability was demonstrated at Pwn2Own Vancouver in March 2023. And then, about six months after the patch was released, real attacks began. If you have a Sharepoint server in your infrastructure that has not been updated for more than six months, pay attention.
  • Yet Another Apache Struts 2 RCE (CVE-2023-50164). Shadowserver also writes that there have been attempts to exploit it in the wild. Don’t delay patching.
  • Ridiculous critical vulnerability in GitLab – Account Takeover via password reset without user interactions (CVE-2023-7028). 🤦‍♂️🙂 GitLab CE/EE versions from 16.1.0 are vulnerable. CVSS 10. Exploitation is trivial. Patches are available.
  • Critical RCE in Atlassian Confluence (CVE-2023-22527). PT SWARM (Positive Technologies Offensive Team) successfully reproduced this vulnerability. AttackerKB, with reference to TheDFIRReport, states that active exploitation of this vulnerability has already begun

About the results of 2023

It was a great year for me, it’s hard to complain. 😇 I’m alive and feel good. Everything is fine with my family too. I praise the Creator for everything!

I have worked on many interesting projects. In some projects I achieved quite good results. In some projects, not really. But it doesn’t matter, it will work out on the next approach. And if it doesn’t work out, that’s also not a problem. 🙂

What can be noted:

  1. I changed one main job (very good) to another (even better). I worked for 4 months. Everything looks good so far. My first article “Trending Vulnerabilities 2023” was recently posted on the Positive Technologies website. The article is mainly about what trending vulnerabilities are, why you need to highlight them and why it is difficult (why you can’t use public sources as is). I have provided statistics on types of vulnerabilities, products and product groups. The article is currently only available in Russian, but Google Translate should do the trick.
  2. I started playing music more. And I even started posting my music recordings on YouTube from time to time. 😊 Sitting with a ukulele and singing poems that I like is one of the most enjoyable thing for me to do. And I am quite happy with my recordings, even despite all the imperfections.
  3. Together with Lev and Maxim, we launched an “Information Security Spotlight” news show. I never imagined that this would happen in my life, but we have already recorded 21 episodes (including the pilot).
  4. I’ve made good progress on my Vulristics project: new data import and export scheme, custom data source support, improved and faster product name discovery. It has become a fully functional tool! Also, in terms of coding, I am satisfied with my Linux Patch Wednesday project and the data exporter from the telegram channel to avleonov.ru. My Map of Russian Vulnerability Management Vendors project is not related to coding, but I will also note it here.
  5. My Russian-language Telegram channel @avleonovrus has grown quite well! By July, it had caught up and overtaken my English-language channel @avleonovcom at 1741 subscribers. And now it’s already 3838. 🤩 Cool! Thank you for reading, liking and sharing!

What about 2024?

Besides working on current projects (primarily Vulristics), I’d also like to write some open source code to manage vulnerability remediation. Just like a process; I think it would be interesting and useful both for educational purposes and for use in organizations.

I’m also thinking about turning my educational content into a book about Vulnerability Management. So far my ideas about the book are:

  1. The e-book will be available on my website absolutely free of charge. As for me, selling e-books is something unethical and stupid – such books will be pirated anyway. And if a book is not pirated, then this means that the book is worthless and no one needs it. Or that the author is a tireless supporter of copyright. I don’t even know which of these options is a bigger disgrace. 🙂
  2. The book’s sources will be available in the code repository. And there will be many editions of the book, just like there are many versions of Firefox. Perhaps a new edition will even be published every week.
  3. The printed book, if there is one at all, will be something like a souvenir, produced in a small circulation and inadequate, simply shamelessly expensive. An artifact and a collectible! 🙂 Accordingly, it will be printed directly, without a publisher, and will not be sold in bookstores.

But these are just my thoughts and I won’t plan or promise anything. Let it be as it will be. 🙂

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Related news

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Red Hat Security Advisory 2024-9679-03

Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9653-03

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in the email body. The victim opens an email from the attacker, which […]

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,

Feds Warn of North Korean Cyberattacks on US Critical Infrastructure

The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others said.

Critical GitLab Bug Threatens Software Development Pipelines

The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.

Ubuntu Security Notice USN-6848-1

Ubuntu Security Notice 6848-1 - Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. Rene Rehme discovered that Roundcube incorrectly handled certain headers. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10.

Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.

Debian Security Advisory 5685-1

Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

Atlassian Confluence 8.5.3 Remote Code Execution

Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.

GitLab CE/EE Password Reset

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via phishing mails, Mispadu is a Delphi-based information stealer

Mispadu Stealer’s New Variant Targets Browser Data of Mexican Users

By Waqas The new variant of Mispadu Stealer was discovered by Palo Alto's Unit 42 researchers while investigating the Windows Defender SmartScreen vulnerability. This is a post from HackRead.com Read the original post: Mispadu Stealer’s New Variant Targets Browser Data of Mexican Users

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to

Apple Security Advisory 01-22-2024-4

Apple Security Advisory 01-22-2024-4 - iOS 15.8.1 and iPadOS 15.8.1 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 01-22-2024-4

Apple Security Advisory 01-22-2024-4 - iOS 15.8.1 and iPadOS 15.8.1 addresses code execution and out of bounds read vulnerabilities.

Atlassian Confluence SSTI Injection

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management

GitLab warns zero-click vulnerability could lead to account takeovers

GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also

Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address. The

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The

Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.

Ubuntu Security Notice USN-6569-1

Ubuntu Security Notice 6569-1 - it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that libclamunrar incorrectly validated certain structures when extracting RAR archives. A remote attacker could possibly use this issue to execute arbitrary code.

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

By Waqas CISA Urges Swift Action as Two Critical Vulnerabilities Emerge. This is a post from HackRead.com Read the original post: CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

By Waqas CISA Urges Swift Action as Two Critical Vulnerabilities Emerge. This is a post from HackRead.com Read the original post: CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

Debian Security Advisory 5592-1

Debian Linux Security Advisory 5592-1 - It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed.

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel that's used by the Amavis scanner within the

Debian Security Advisory 5585-1

Debian Linux Security Advisory 5585-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code.

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara

Update Chrome now! Emergency update patches zero-day

Google has issued an emergency update for Chrome that fixes an actively exploited zero-day vulnerability in the WebRTC component.

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément

Recently-patched Apache Struts vulnerability used in worldwide attacks

A recently patched Apache Struts 2 vulnerability has been spotted in worldwide exploitation attempts. Users and admins should update ASAP.

Microsoft patches 34 vulnerabilities, including one zero-day

Microsoft and other vendors have released their rounds of December updates on or before patch Tuesday. Update now!

Apple Security Advisory 12-11-2023-3

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-3

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

CVE-2023-36003

XAML Diagnostics Elevation of Privilege Vulnerability

Debian Security Advisory 5575-1

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-7715-03

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

GHSA-2j39-qcjm-428w: Apache Struts vulnerable to path traversal

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or  Struts 6.3.0.1 or greater to fix this issue.

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score

Debian Security Advisory 5569-1

Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Update now! Chrome fixes actively exploited zero-day vulnerability

Google's released an update to Chrome which includes seven security fixes. Make sure you're using the latest version!

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.

Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat

By Deeba Ahmed The ActiveMQ flaw has been patched, but despite this, numerous threat actors continue to exploit it. This is a post from HackRead.com Read the original post: Cybercriminals Exploit ActiveMQ Flaw to Spread GoTitan Botnet, PrCtrl Rat

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign.

Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw

By Deeba Ahmed Patches for all affected versions of Apache ActiveMQ have been released, and clients are strongly advised to upgrade their systems. This is a post from HackRead.com Read the original post: Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw

Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution

Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution.

We all just need to agree that ad blockers are good

YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations

We all just need to agree that ad blockers are good

YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations

Update now! Microsoft patches 3 actively exploited zero-days

Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.

Update now! Microsoft patches 3 actively exploited zero-days

Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.

Update now! Microsoft patches 3 actively exploited zero-days

Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2023-36041

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36025

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-36427

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2023-36036

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Apache ActiveMQ Unauthenticated Remote Code Execution

This Metasploit module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16.

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat

Apache ActiveMQ vulnerability used in ransomware attacks

A remote code execution vulnerability in Apache ActiveMQ is being used by the HelloKItty ransomware group.

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a

GHSA-crg9-44h2-xw35: Apache ActiveMQ is vulnerable to Remote Code Execution

Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.  Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

By Waqas ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks. This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

CVE-2023-5631: Fix cross-site scripting (XSS) vulnerability in handling of SVG in HT… · roundcube/roundcubemail@6ee6e7a

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

CVE-2023-39999: WordPress core < 6.3.2 - Contributor+ Comment Read on Private and Password Protected Post vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine

Gentoo Linux Security Advisory 202309-04

Gentoo Linux Security Advisory 202309-4 - An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. Versions greater than or equal to 6.23 are affected.

Apple, Google, and MOVEit Just Patched Serious Security Flaws

Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: CVE-2023-29357 Tags: CVE-2023-29363 Tags: CVE-2023-32014 Tags: CVE-2023-32015 Tags: CVE-2023-32013 Tags: CVE-2023-24897 Tags: CVE-2023-32031 Tags: SharePoint Tags: PGM Tags: Exchange Tags: Hyper-V Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities. (Read more...) The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Microsoft Patch Tuesday, June 2023 Edition

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days

For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

RHSA-2023:0339: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

Red Hat Security Advisory 2023-0110-01

Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

RHSA-2023:0110: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35737: sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

Ubuntu Security Notice USN-5716-2

Ubuntu Security Notice 5716-2 - USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

Unpatched Zimbra Platforms Are Probably Compromised, CISA Says

Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.

Ubuntu Security Notice USN-5712-1

Ubuntu Security Notice 5712-1 - It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.

Gentoo Linux Security Advisory 202210-40

Gentoo Linux Security Advisory 202210-40 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. Versions less than 3.39.2 are affected.

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a

Zimbra UnRAR Path Traversal

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed.

CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

UnRAR path traversal flaw can lead to RCE in Zimbra

Other applications using binary to extract untrusted archives are potentially vulnerable too

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

Alexander V. Leonov: Latest News

December Microsoft Patch Tuesday