Snapshot
Dec. 2, 2023 - Dec. 8, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-41265 | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | CRITICAL | Qlik | Dec. 7, 2023 |
CVE-2023-41266 | Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints. | MEDIUM | Qlik | Dec. 7, 2023 |
CVE-2022-22071 | Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress. | HIGH | Qualcomm | Dec. 5, 2023 |
CVE-2023-33063 | Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | HIGH | Qualcomm | Dec. 5, 2023 |
CVE-2023-33107 | Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | HIGH | Qualcomm | Dec. 5, 2023 |
CVE-2023-33106 | Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | HIGH | Qualcomm | Dec. 5, 2023 |
CVE-2023-42917 | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. | HIGH | Apple | Dec. 4, 2023 |
CVE-2023-42916 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. | MEDIUM | Apple | Dec. 4, 2023 |
Newswires |
||||
Russian APT28 Exploits Outlook Flaw to Target EU NATO Members
The APT28 group, associated with various names such as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, has been operational since at least 2007. |
Dec. 8, 2023 |
|||
Critical Bluetooth Security Flaw Threatens Multiple Operating Systems
A serious security vulnerability in Bluetooth could enable attackers to seize control of devices operating on Android, Linux, macOS, and iOS. |
Dec. 7, 2023 |
|||
Critical Adobe ColdFusion Exploit Used to Breach U.S. Government Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm about a critical vulnerability in Adobe ColdFusion that hackers are actively exploiting to gain access to government servers. |
Dec. 5, 2023 |
|||
Google Addresses Critical Zero-Click RCE in Android's December 2023 Security Updates
Google has released its December 2023 security updates for Android, which have addressed a total of 85 vulnerabilities. |
Dec. 5, 2023 |
|||
Russian APT28 Hackers Exploit Outlook Flaw to Hijack Exchange Accounts
Microsoft's Threat Intelligence team has issued an alert about the Russian state-sponsored actor APT28, also known as Fancybear or Strontium, exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. |
Dec. 4, 2023 |
|||
Fake WordPress Security Alert Used to Distribute Malicious Plugin
A deceptive security advisory is being sent to WordPress site administrators, claiming to alert them about a non-existent vulnerability, CVE-2023-45124. |
Dec. 4, 2023 |
|||
Emerging P2PInfect Botnet MIPS Variant Targets Routers and IoT Devices
Cybersecurity researchers have identified a new variant of the emerging P2PInfect botnet, which has the capability of targeting routers and IoT devices. |
Dec. 4, 2023 |
|||
Over 20,000 Microsoft Exchange Servers at Risk Due to Unsupported Software
Over 20,000 Microsoft Exchange email servers across Europe, the U.S., and Asia are at risk of cyber attacks due to running on unsupported software versions that no longer receive any updates. |
Dec. 2, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2022-0543 (4) | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Lua sandbox escape, ... | CRITICAL | Debian, Redis, Canonical |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-23397 (11) | Microsoft Outlook Elevation of Privilege Vulnerability | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-22524 (5) | Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. | CRITICAL | Atlassian, Apple |
Remote Code Execution |
CVE-2023-22523 (5) | This vulnerability, if exploited, allows an attacker to perform privileged RCE on machines with the Assets Discovery agent i... | HIGH | Atlassian |
Remote Code Execution |
CVE-2023-22522 (5) | This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe... | HIGH | Atlassian |
Remote Code Execution |
CVE-2023-26360 (8) | Adobe ColdFusion versions 2018 Update 15 and 2021 Update 5 are affected by an Improper Access Control vulnerability that co... | HIGH | Adobe |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-38831 (7) | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | HIGH | Rarlab |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-40444 (4) | Microsoft MSHTML Remote Code Execution Vulnerability | HIGH | Microsoft |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2022-22071 (3) | Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress ... | HIGH | Qualcomm |
CISA Known Exploited |
CVE-2023-45866 (4) | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted ... | N/A | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added eight vulnerabilities to the known exploited vulnerabilities list.
Qlik — Sense |
CVE-2023-41265 / Added: Dec. 7, 2023 |
CRITICAL CVSS 9.90 EPSS Score 1.13 EPSS Percentile 83.01 |
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. |
Headlines
|
Qlik — Sense |
CVE-2023-41266 / Added: Dec. 7, 2023 |
MEDIUM CVSS 6.50 EPSS Score 0.24 EPSS Percentile 61.64 |
Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints. |
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2022-0543 |
CRITICAL CVSS 10.00 EPSS Score 97.09 EPSS Percentile 99.72 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Feb. 18, 2022 |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
Vendors Impacted: Debian, Redis, Canonical |
Products Impacted: Debian-Specific Redis Servers, Debian Linux, Ubuntu Linux, Redis |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-23397 |
CRITICAL CVSS 9.80 EPSS Score 88.94 EPSS Percentile 98.43 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: March 14, 2023 |
Microsoft Outlook Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Office, Outlook, 365 Apps |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22524 |
CRITICAL CVSS 9.80 EPSS Score 0.05 EPSS Percentile 18.66 |
Remote Code Execution |
Published: Dec. 6, 2023 |
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. |
Vendors Impacted: Atlassian, Apple |
Products Impacted: Companion, Macos |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22523 |
HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 18.78 |
Remote Code Execution |
Published: Dec. 6, 2023 |
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. |
Vendor Impacted: Atlassian |
Products Impacted: Assets Discovery Data Server, Assets Discovery Data Center, Assets Discovery Cloud |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22522 |
HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 18.78 |
Remote Code Execution |
Published: Dec. 6, 2023 |
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Vendor Impacted: Atlassian |
Products Impacted: Confluence Data Center, Confluence Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-26360 |
HIGH CVSS 8.60 EPSS Score 93.43 EPSS Percentile 98.87 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: March 23, 2023 |
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. |
Vendor Impacted: Adobe |
Product Impacted: Coldfusion |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-38831 |
HIGH CVSS 7.80 EPSS Score 23.40 EPSS Percentile 96.09 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Aug. 23, 2023 |
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023. |
Vendor Impacted: Rarlab |
Product Impacted: Winrar |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-40444 |
HIGH CVSS 7.80 EPSS Score 97.19 EPSS Percentile 99.78 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: Sept. 15, 2021 |
Microsoft MSHTML Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 7, Windows Rt 8.1, Windows 8.1, Windows Server 2019, Windows 10, Mshtml, Windows Server 2012, Windows Server 2022, Windows Server 2008, Windows Server 2016 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-22071 |
HIGH CVSS 7.80 EPSS Score 0.11 EPSS Percentile 44.43 |
CISA Known Exploited |
Published: June 14, 2022 |
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
Vendor Impacted: Qualcomm |
Products Impacted: Sd780g, Sd765g Firmware, Qca6391, Sdx55m Firmware, Wcn3615, Wsa8815, Ar8035 Firmware, Qca8337 Firmware, Sm7250p, Sd690 5g, Wcn7851, Wcn6851 Firmware, Qcs610, Sd460 Firmware, Qca6174a Firmware, Sdx65 Firmware, Sdx12, Msm8953 Firmware, Csra6640 Firmware, Sd662, Wcd9370 Firmware, Sdx12 Firmware, Sa8155p, Wcn6850 Firmware, Multiple Chipsets, Wsa8830, Wcn3991 Firmware, Qca6574a, Qcs410 Firmware, Wcn6750 Firmware, Wcd9385 Firmware, Csra6620 Firmware, Wcd9380, Qrb5165m, Wcn7851 Firmware, Wsa8830 Firmware, Qrb5165, Wcd9375 Firmware, Qcm2290, Mdm9150 Firmware, Wcn6855, Sd870 Firmware, Wcn3680b, Wcn3950 Firmware, Sa8155p Firmware, Wcn6740, Wcd9335, Wcn6850, Qca6174a, Qca6426 Firmware, Sd768g, Wcn6856 Firmware, Qcs410, Wcn6851, Sa8195p, Qca6426, Wcn6740 Firmware, Qca6574 Firmware, Qcm4290 Firmware, Sd888 5g Firmware, Wsa8835, Sd695, Wcd9326 Firmware, Wcd9335 Firmware, Sd765g, Ar8031, Wcn3980, Qcs4290 Firmware, Wcn3988 Firmware, Qcs2290 Firmware, Sm7325p, Qca6595au, Apq8053 Firmware, Qcm6490 Firmware, Sdx55, Wcn3988,... |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-45866 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 8.20 |
Risk Context N/A |
Published: Dec. 8, 2023 |
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.