Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23415

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

CVE
#vulnerability#rce

Related news

Microsoft Advisories Are Getting Worse

A predictable patch cadence is nice, but the software giant can do more.

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239119 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI […]

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The

Microsoft Zero-Day Bugs Allow Security Feature Bypass

Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities

Microsoft disclosed 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.

CVE-2023-23415: Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907