Snapshot
Aug. 5, 2023 - Aug. 11, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-38180 | Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial of service. | HIGH | Microsoft | Aug. 9, 2023 |
CVE-2017-18368 | Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page. | CRITICAL | Zyxel | Aug. 7, 2023 |
Newswires |
||||
Worldwide Industrial PLCs Vulnerable Due to CODESYS V3 RCE Flaws
Industrial Programmable Logic Controllers (PLCs) across the globe are at risk due to 15 vulnerabilities found in the CODESYS V3 software development kit. |
Aug. 11, 2023 |
|||
Dell Compellent Bug Leaves VMWare Environments Vulnerable to Attacks
Dell Compellent, a storage array service, has a significant vulnerability due to hardcoded credentials that could allow attackers to seize control of enterprise VMware environments. |
Aug. 10, 2023 |
|||
CISA Uncovers 'Whirlpool' Backdoor in Barracuda ESG Attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has identified a new backdoor malware, dubbed 'Whirlpool', utilized in attacks on compromised Barracuda Email Security Gateway (ESG) devices. |
Aug. 10, 2023 |
|||
CISA Highlights Exploited Flaw in .NET and Visual Studio
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has flagged a zero-day vulnerability that is impacting Microsoft's .NET and Visual Studio products. |
Aug. 10, 2023 |
|||
New Side-Channel Attacks Impacting Modern CPUs: Collide+Power, Downfall, and Inception
Cybersecurity researchers have unveiled three new side-channel attacks that could potentially compromise modern Central Processing Units (CPUs) and leak sensitive information. |
Aug. 9, 2023 |
|||
Microsoft Office Defense-In-Depth Update Thwarts Actively Exploited RCE Attack Chain
Microsoft has released a crucial update for its Office software to counter a remote code execution (RCE) vulnerability, known as CVE-2023-36884, which has previously been exploited in attacks. |
Aug. 8, 2023 |
|||
Critical Zero-Day Vulnerabilities Expose Industrial Communications to Threats
The TETRA communications protocol, which powers industrial control systems worldwide, has been found to contain multiple zero-day vulnerabilities. |
Aug. 8, 2023 |
|||
Critical Citrix Vulnerability Being Actively Exploited: Thousands of Instances Still at Risk
Several threat actors are capitalizing on a critical vulnerability in Citrix networking products, even after Citrix rolled out a patch for its NetScaler ADC and NetScaler Gateway three weeks ago. |
Aug. 8, 2023 |
|||
Microsoft's August 2023 Patch Tuesday Addresses Two Zero-Days Among 87 Vulnerabilities
Microsoft's August 2023 Patch Tuesday has rolled out security patches for a total of 87 vulnerabilities, including two zero-days that are currently being exploited and 23 remote code execution (RCE) bugs. |
Aug. 8, 2023 |
|||
Rise in Ransomware Attacks Through Zero-Day Exploits: An Analysis
A 143% increase in ransomware victims was observed between Q1 2022 and Q1 2023, with attackers pivoting from phishing to exploiting zero-day vulnerabilities and one-day flaws for network intrusion. |
Aug. 8, 2023 |
|||
Critical Citrix ADC Vulnerability: PoC Released for 0-day Flaw - CVE-2023-3519
A proof-of-concept (PoC) for a critical vulnerability, CVE-2023-3519, in Citrix ADC has been made public. |
Aug. 7, 2023 |
|||
Mallox Ransomware Group Enhances Malware Variants and Evasion Tactics
The Mallox ransomware group, also known as TargetCompany, Fargo, and Tohnichi, has stepped up its attacks on organizations with vulnerable SQL servers. |
Aug. 7, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-36910 (8) | Microsoft Message Queuing Remote Code Execution Vulnerability | CRITICAL | Microsoft |
Remote Code Execution |
CVE-2023-35385 (8) | Microsoft Message Queuing Remote Code Execution Vulnerability | CRITICAL | Microsoft |
Remote Code Execution |
CVE-2023-36911 (7) | Microsoft Message Queuing Remote Code Execution Vulnerability | CRITICAL | Microsoft |
Remote Code Execution |
CVE-2023-21709 (5) | Microsoft Exchange Server Elevation of Privilege Vulnerability | CRITICAL | Microsoft | Risk Context N/A |
CVE-2023-29328 (5) | Microsoft Teams Remote Code Execution Vulnerability | HIGH | Microsoft |
Remote Code Execution |
CVE-2023-38180 (16) | .NET and Visual Studio Denial of Service Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2023-36884 (16) | Windows Search Remote Code Execution Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-40982 (9) | Information exposure through microarchitectural state after transient execution in certain vector execution units for some In... | MEDIUM |
Actively Exploited |
|
CVE-2022-23825 (6) | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to informa... | MEDIUM | Fedoraproject, Debian, Vmware |
Remote Code Execution |
CVE-2023-20569 (9) | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. | N/A | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
Zyxel — P660HN-T1A Routers |
CVE-2017-18368 / Added: Aug. 7, 2023 |
CRITICAL CVSS 9.80 EPSS Score 97.52 EPSS Percentile 99.97 |
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-36910 |
CRITICAL CVSS 9.80 EPSS Score 0.24 EPSS Percentile 60.99 |
Remote Code Execution |
Published: Aug. 8, 2023 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 22h2, Windows 10 21h2, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 10, Windows 11 22h2, Windows Server 2016, Windows Server 2022, Windows 10 1809, Windows 11 21h2, Windows 10 1607 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35385 |
CRITICAL CVSS 9.80 EPSS Score 0.24 EPSS Percentile 60.99 |
Remote Code Execution |
Published: Aug. 8, 2023 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 22h2, Windows 10 21h2, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 11 22h2, Windows Server 2022, Windows Server 2016, Windows 10 1809, Windows 11 21h2, Windows 10 1607, Windows 10 1507 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36911 |
CRITICAL CVSS 9.80 EPSS Score 0.24 EPSS Percentile 60.99 |
Remote Code Execution |
Published: Aug. 8, 2023 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 22h2, Windows 10 21h2, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 10, Windows 11 22h2, Windows Server 2016, Windows Server 2022, Windows 10 1809, Windows 11 21h2, Windows 10 1607 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-21709 |
CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 38.06 |
Risk Context N/A |
Published: Aug. 8, 2023 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Exchange Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-29328 |
HIGH CVSS 8.80 EPSS Score 0.24 EPSS Percentile 60.99 |
Remote Code Execution |
Published: Aug. 8, 2023 |
Microsoft Teams Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Teams |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-38180 |
HIGH CVSS 7.50 EPSS Score 0.05 EPSS Percentile 14.01 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Aug. 8, 2023 |
.NET and Visual Studio Denial of Service Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: .net Core And Visual Studio, .net, Asp.net Core, Visual Studio 2022 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36884 |
HIGH CVSS 7.50 EPSS Score 62.54 EPSS Percentile 97.37 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: July 11, 2023 |
Windows Search Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 22h2, Word, Windows 10 21h2, Windows Server 2008, Office, Windows Server 2019, Windows Server 2012, Windows 11, Windows Server 2022, Windows Server 2016, Office And Windows, Windows 10 1809, Windows 11 21h2, Windows 10 1607, Windows 10 1507 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-40982 |
MEDIUM CVSS 6.50 |
Actively Exploited |
Published: Aug. 11, 2023 |
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-23825 |
MEDIUM CVSS 6.50 EPSS Score 0.05 EPSS Percentile 12.96 |
Remote Code Execution |
Published: July 14, 2022 |
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
Vendors Impacted: Fedoraproject, Debian, Vmware |
Products Impacted: Esxi, Debian Linux, Fedora |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20569 |
CVSS Not Assigned EPSS Score 0.05 EPSS Percentile 14.03 |
Risk Context N/A |
Published: Aug. 8, 2023 |
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.