Snapshot
Dec. 16, 2023 - Dec. 22, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-49897 | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | HIGH | FXC | Dec. 21, 2023 |
CVE-2023-47565 | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | HIGH | QNAP | Dec. 21, 2023 |
Newswires |
||||
Multiple Zero-Day Vulnerabilities Exploited in Windows CLFS Driver
The Windows Common Log File System (CLFS), a high-performance logging system available for user- or kernel-mode software clients, has been exploited by attackers in recent years due to its kernel access and performance-oriented design. |
Dec. 22, 2023 |
|||
Nim-Based Malware Delivered via Phishing Campaign Using Decoy Microsoft Word Documents
A new phishing campaign is exploiting the unfamiliarity of the security community with the Nim programming language to deliver a backdoor. |
Dec. 22, 2023 |
|||
UAC-0099 Exploits WinRAR Vulnerability to Launch LONEPAGE Malware Attacks on Ukrainian Firms
The threat actor UAC-0099 is exploiting a high-risk vulnerability in WinRAR software to deploy the LONEPAGE malware against Ukrainian organizations. |
Dec. 22, 2023 |
|||
Microsoft Alerts on 'FalseFont' Backdoor Aimed at Defense Sector
Microsoft has alerted the Defense Industrial Base (DIB) sector about a new threat from a backdoor named 'FalseFont'. |
Dec. 22, 2023 |
|||
BattleRoyal Hackers Employ Multiple Tactics to Deploy DarkGate RAT
An unidentified threat group, referred to as 'BattleRoyal', has been conducting various social engineering campaigns this fall, targeting organizations in North America. |
Dec. 21, 2023 |
|||
Google Patches 8th Chrome Zero-Day Exploited in 2023
Google has issued urgent updates to address yet another Chrome zero-day vulnerability that has been exploited in the wild, marking the eighth such vulnerability patched since the year began. |
Dec. 20, 2023 |
|||
Ivanti Patches 13 Critical Security Flaws in Avalanche Enterprise Mobile Device Management Solution
Ivanti, a software company, has issued security patches for 13 critical vulnerabilities in its Avalanche enterprise mobile device management (MDM) solution. |
Dec. 20, 2023 |
|||
Cyber Attackers Utilize Old Microsoft Office Vulnerability to Disseminate Spyware
Cybercriminals are leveraging a six-year-old vulnerability in Microsoft Office to distribute spyware via a complex email campaign. |
Dec. 20, 2023 |
|||
Critical Vulnerability in WordPress Plugin WP Clone Exposes 90,000 Sites to Potential Cyberattacks
WordPress, the platform driving more than 43% of all online sites, is often the focus of cybercriminals' activities. |
Dec. 20, 2023 |
|||
Comcast's Xfinity Customer Data Breached in CitrixBleed Exploit
Comcast's Xfinity is alerting its customers to a data breach resulting from a cyberattack that utilized the CitrixBleed vulnerability. |
Dec. 19, 2023 |
|||
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File Exploitation
This week, researchers revealed details about two security flaws found in Microsoft Outlook that when combined, enable attackers to execute arbitrary code on the affected systems without requiring any user intervention. |
Dec. 19, 2023 |
|||
8220 Gang Exploits Oracle WebLogic Server Flaw to Proliferate Malware
The cybercriminal collective known as the 8220 Gang has been detected exploiting a significant vulnerability (CVE-2020-14883) in Oracle's WebLogic Server to disseminate their malware. |
Dec. 19, 2023 |
|||
Critical RCE Vulnerability Found in Perforce Helix Core Server by Microsoft
Microsoft has unearthed four vulnerabilities in the Perforce Helix Core Server, a source code management platform extensively utilized in the gaming, government, military, and technology industries. |
Dec. 18, 2023 |
|||
Emerging Details on Zero-Click Outlook Remote Code Execution Exploits
New insights have been disclosed about two recently patched security vulnerabilities in Microsoft Windows that could be exploited by cybercriminals to perform remote code execution on the Outlook email service without any user action. |
Dec. 18, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-50164 (4) | An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploadi... | CRITICAL | Apache |
Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-36025 (4) | Windows SmartScreen Security Feature Bypass Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2022-24521 (6) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited |
CVE-2023-23376 (4) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited |
CVE-2022-37969 (4) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-4966 (6) | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. | HIGH | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-46446 (4) | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/r... | MEDIUM | Asyncssh Project | Risk Context N/A |
CVE-2023-46445 (4) | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message via a man-in-the-middle attack, ak... | MEDIUM | Asyncssh Project | Risk Context N/A |
CVE-2023-7024 (7) | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap... | N/A |
Actively Exploited Remote Code Execution |
|
CVE-2023-48795 (4) | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote att... | N/A | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
FXC — AE1021, AE1021PE |
CVE-2023-49897 / Added: Dec. 21, 2023 |
HIGH CVSS 8.80 EPSS Score 0.28 EPSS Percentile 65.08 |
FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. |
Headlines
|
QNAP — VioStor NVR |
CVE-2023-47565 / Added: Dec. 21, 2023 |
HIGH CVSS 8.80 EPSS Score 1.45 EPSS Percentile 85.24 |
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-50164 |
CRITICAL CVSS 9.80 EPSS Score 9.72 EPSS Percentile 94.23 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Dec. 7, 2023 |
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
Vendor Impacted: Apache |
Product Impacted: Struts |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36025 |
HIGH CVSS 8.80 EPSS Score 0.63 EPSS Percentile 76.76 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Nov. 14, 2023 |
Windows SmartScreen Security Feature Bypass Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 21h2, Windows 10 1809, Windows 11 22h2, Windows Server 2019, Windows 10 1607, Windows Server 2022, Windows, Windows Server 2016, Windows Server 2012, Windows 10 1507, Windows 11 21h2, Windows 10 22h2, Windows Server 2008, Windows 11 23h2 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-24521 |
HIGH CVSS 7.80 EPSS Score 0.05 EPSS Percentile 17.23 |
CISA Known Exploited |
Published: April 15, 2022 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Rt 8.1, Windows Server 2019, Windows Server 2022, Windows, Windows Server 2016, Windows Server 2012, Windows 7, Windows 8.1, Windows 11, Windows Server 2008, Windows 10 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-23376 |
HIGH CVSS 7.80 EPSS Score 0.06 EPSS Percentile 23.58 |
CISA Known Exploited |
Published: Feb. 14, 2023 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows 10 21h2, Windows 10 1809, Windows 11 22h2, Windows Server 2019, Windows Server 2022, Windows, Windows Server 2016, Windows 10 22h2, Windows Server 2012, Windows 10 20h2, Windows 11 21h2, Windows 10 1607, Windows Server 2008, Windows 10 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-37969 |
HIGH CVSS 7.80 EPSS Score 0.15 EPSS Percentile 50.51 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Sept. 13, 2022 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2019, Windows Server 2022, Windows, Windows Server 2016, Windows Server 2012, Windows 7, Windows 8.1, Windows 11, Windows Server 2008, Windows 10 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-4966 |
HIGH CVSS 7.50 EPSS Score 91.79 EPSS Percentile 98.69 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 10, 2023 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Application Delivery Controller, Netscaler Adc And Netscaler Gateway, Netscaler Gateway |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-46446 |
MEDIUM CVSS 6.80 EPSS Score 0.07 EPSS Percentile 30.98 |
Risk Context N/A |
Published: Nov. 14, 2023 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." |
Vendor Impacted: Asyncssh Project |
Product Impacted: Asyncssh |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-46445 |
MEDIUM CVSS 5.90 EPSS Score 0.06 EPSS Percentile 23.89 |
Risk Context N/A |
Published: Nov. 14, 2023 |
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." |
Vendor Impacted: Asyncssh Project |
Product Impacted: Asyncssh |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-7024 |
CVSS Not Assigned EPSS Score 0.11 EPSS Percentile 43.22 |
Actively Exploited Remote Code Execution |
Published: Dec. 21, 2023 |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-48795 |
CVSS Not Assigned EPSS Score 0.90 EPSS Percentile 80.88 |
Risk Context N/A |
Published: Dec. 18, 2023 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client befor...
|
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.