Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

A week in security (December 11 – December 17)

A list of topics we covered in the week of December 11 to December 17 of 2023

Malwarebytes
#vulnerability#apple#google#apache#sap
CVE-2023-50784: UnrealIRCd - The most widely deployed IRC server

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

Recently-patched Apache Struts vulnerability used in worldwide attacks

A recently patched Apache Struts 2 vulnerability has been spotted in worldwide exploitation attempts. Users and admins should update ASAP.

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime

Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

CVE-2023-44277: DSA-2023-412: Dell Technologies PowerProtect Security Update for Multiple Security Vulnerabilities

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-7788-03

Red Hat Security Advisory 2023-7788-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-7778-03

Red Hat Security Advisory 2023-7778-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

Microsoft patches 34 vulnerabilities, including one zero-day

Microsoft and other vendors have released their rounds of December updates on or before patch Tuesday. Update now!

GHSA-6mjg-37cp-42x5: Improper Privilege Management in sap-xssec

### Impact SAP BTP Security Services Integration Library ([Python] sap-xssec) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 4.1.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50423

GHSA-m8rw-rcpq-2vp2: Improper Privilege Management in github.com/sap/cloud-security-client-go

### Impact SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 0.17.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50424