Snapshot
Nov. 4, 2023 - Nov. 10, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-29552 | The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. | HIGH | IETF | Nov. 8, 2023 |
CVE-2023-22518 | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data. | CRITICAL | Atlassian | Nov. 7, 2023 |
Newswires |
||||
Zero-Day Alert: SysAid IT Support Software Vulnerability Exploited by Lace Tempest
Microsoft has recently identified that the threat actor Lace Tempest is exploiting a zero-day vulnerability in SysAid IT support software. |
Nov. 9, 2023 |
|||
CISA Alerts on Active Exploitation of SLP Vulnerability Enabling High-Impact DoS Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a Service Location Protocol (SLP) vulnerability by threat actors. |
Nov. 9, 2023 |
|||
Veeam Addresses Multiple Vulnerabilities in Veeam ONE Platform
Veeam has remedied four vulnerabilities in its IT infrastructure monitoring and analytics platform, Veeam ONE. |
Nov. 7, 2023 |
|||
Critical Atlassian Confluence Vulnerability Exploited in Cerber Ransomware Attacks
Attackers have begun to exploit a critical authentication bypass vulnerability in Atlassian Confluence, using it to encrypt the files of victims with Cerber ransomware. |
Nov. 6, 2023 |
|||
TellYouThePass Ransomware Exploits Apache ActiveMQ RCE Vulnerability
The TellYouThePass ransomware is now targeting Apache ActiveMQ servers, exploiting a critical remote code execution (RCE) vulnerability. |
Nov. 6, 2023 |
|||
QNAP Issues Warning on Critical Command Injection Vulnerabilities in QTS OS and Apps
QNAP Systems has released security advisories concerning two critical command injection vulnerabilities that affect numerous versions of the QTS operating system and applications on its network-attached storage (NAS) devices. |
Nov. 6, 2023 |
|||
Kinsing Threat Actors Exploit Looney Tunables Flaw in Cloud Environments
Researchers from the cloud security firm Aqua have detected threat actors exploiting the recently uncovered Linux privilege escalation flaw known as Looney Tunables (CVE-2023-4911) in attacks targeting cloud environments. |
Nov. 4, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-38547 (5) | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE use... | CRITICAL |
Remote Code Execution |
|
CVE-2023-22518 (16) | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | CRITICAL | Atlassian |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-22515 (7) | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a pr... | CRITICAL | Atlassian |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2017-9841 (6) | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code v... | CRITICAL | Phpunit Project, Phpunit, Oracle |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2023-38548 (5) | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire th... | CRITICAL | Risk Context N/A | |
CVE-2023-4911 (6) | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment ... | HIGH | Redhat, Gnu, Fedoraproject |
Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-4966 (6) | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. | HIGH | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-29552 (4) | The Service Location Protocol allows an unauthenticated, remote attacker to register arbitrary services. | HIGH | Ietf, Service Location Protocol Project, Netapp, Vmware, Suse |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-41723 (5) | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. | MEDIUM | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-38547 |
CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 12.90 |
Remote Code Execution |
Published: Nov. 7, 2023 |
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22518 |
CRITICAL CVSS 9.80 EPSS Score 96.76 EPSS Percentile 99.57 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 31, 2023 |
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Vendor Impacted: Atlassian |
Products Impacted: Confluence Data Center And Server, Confluence Data Center, Confluence Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22515 |
CRITICAL CVSS 9.80 EPSS Score 95.53 EPSS Percentile 99.21 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 4, 2023 |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Vendor Impacted: Atlassian |
Products Impacted: Confluence Data Center And Server, Confluence Data Center, Confluence Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2017-9841 |
CRITICAL CVSS 9.80 EPSS Score 97.48 EPSS Percentile 99.97 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: June 27, 2017 |
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a " |
Vendors Impacted: Phpunit Project, Phpunit, Oracle |
Products Impacted: Communications Diameter Signaling Router, Phpunit |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-38548 |
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 7.34 |
Risk Context N/A |
Published: Nov. 7, 2023 |
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-4911 |
HIGH CVSS 7.80 EPSS Score 0.18 EPSS Percentile 55.27 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 3, 2023 |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. |
Vendors Impacted: Redhat, Gnu, Fedoraproject |
Products Impacted: Fedora, Virtualization, Glibc, Enterprise Linux |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-4966 |
HIGH CVSS 7.50 EPSS Score 92.27 EPSS Percentile 98.69 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 10, 2023 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Gateway, Netscaler Application Delivery Controller, Netscaler Adc And Netscaler Gateway |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-29552 |
HIGH CVSS 7.50 EPSS Score 16.32 EPSS Percentile 95.45 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 25, 2023 |
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. |
Vendors Impacted: Ietf, Service Location Protocol Project, Netapp, Vmware, Suse |
Products Impacted: Service Location Protocol (Slp), Manager Server, Smi-S Provider, Linux Enterprise Server, Service Location Protocol, Esxi |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-41723 |
MEDIUM CVSS 4.30 EPSS Score 0.04 EPSS Percentile 7.34 |
Risk Context N/A |
Published: Nov. 7, 2023 |
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.