Snapshot
Dec. 30, 2023 - Jan. 5, 2024
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-7024 | Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to cause crashes or code execution. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome. | HIGH | Google Chromium | Jan. 2, 2024 |
CVE-2023-7101 | Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic. | N/A | Spreadsheet::ParseExcel | Jan. 2, 2024 |
Newswires |
||||
Critical Remote Code Execution Vulnerability in Ivanti's Endpoint Management Software
Ivanti has issued a warning and fix for a critical remote code execution (RCE) vulnerability found in its Endpoint Management software (EPM). |
Jan. 4, 2024 |
|||
CISA Updates Known Exploited Vulnerabilities Catalog with Chrome and Perl Library Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with two new entries. |
Jan. 3, 2024 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-38035 (4) | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attac... | CRITICAL | Ivanti |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2023-35078 (3) | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resourc... | CRITICAL | Ivanti |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-38545 (2) | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. | CRITICAL | Haxx |
Remote Code Execution Public Exploits Available |
CVE-2023-7024 (3) | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap... | HIGH | Google Chromium, Google, Debian, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2023-35081 (4) | A path traversal vulnerability in Ivanti EPMM versions allows an authenticated administrator to write arbitrary files onto t... | HIGH | Ivanti |
CISA Known Exploited |
CVE-2023-48795 (2) | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote att... | MEDIUM | Matez, Trilead, Debian, Erlang, Ssh2 Project, Jadaptive, Net-Ssh, Lancom-Systems, Apache, Microsoft, Netsarang, Oryx-Embedded, Paramiko, Roumenpetrov, Crushftp, Connectbot, Bitvise, Thorntech, Kitty Project, Sftpgo Project, Asyncssh Project, Panic, Putty, Russh Project, Libssh, Ssh, Golang, Winscp, Netgate, Proftpd, Libssh2, Vandyke, Openbsd, Redhat, Tinyssh, Gentoo, Freebsd, Apple, Dropbear Ssh Project, Tera Term Project, Crates, Filezilla-Project |
Remote Code Execution |
CVE-2023-39366 (3) | Cacti is an open source operational monitoring and fault management framework. | MEDIUM | Cacti, Fedoraproject |
Remote Code Execution |
CVE-2023-7102 (3) | Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parame... | N/A |
Remote Code Execution |
|
CVE-2023-7101 (2) | Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. | N/A | Spreadsheet::parseexcel |
CISA Known Exploited |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-38035 |
CRITICAL CVSS 9.80 EPSS Score 97.16 EPSS Percentile 99.77 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: Aug. 21, 2023 |
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. |
Vendor Impacted: Ivanti |
Products Impacted: Sentry, Mobileiron Sentry |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35078 |
CRITICAL CVSS 9.80 EPSS Score 94.86 EPSS Percentile 99.11 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: July 25, 2023 |
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
Vendor Impacted: Ivanti |
Products Impacted: Endpoint Manager Mobile, Endpoint Manager Mobile (Epmm) |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-38545 |
CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 27.05 |
Remote Code Execution Public Exploits Available |
Published: Oct. 18, 2023 |
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. |
Vendor Impacted: Haxx |
Product Impacted: Libcurl |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-7024 |
HIGH CVSS 8.80 EPSS Score 0.59 EPSS Percentile 75.89 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Dec. 21, 2023 |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Vendors Impacted: Google Chromium, Google, Debian, Fedoraproject |
Products Impacted: Chrome, Debian Linux, Webrtc, Fedora |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-35081 |
HIGH CVSS 7.20 EPSS Score 67.23 EPSS Percentile 97.65 |
CISA Known Exploited |
Published: Aug. 3, 2023 |
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. |
Vendor Impacted: Ivanti |
Products Impacted: Endpoint Manager Mobile, Endpoint Manager Mobile (Epmm) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-48795 |
MEDIUM CVSS 5.90 EPSS Score 43.48 EPSS Percentile 97.02 |
Remote Code Execution |
Published: Dec. 18, 2023 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server befor...
|
Vendors Impacted: Matez, Trilead, Debian, Erlang, Ssh2 Project, Jadaptive, Net-Ssh, Lancom-Systems, Apache, Microsoft, Netsarang, Oryx-Embedded, Paramiko, Roumenpetrov, Crushftp, Connectbot, Bitvise, Thorntech, Kitty Project, Sftpgo Project, Asyncssh Project, Panic, Putty, Russh Project, Libssh, Ssh, Golang, Winscp, Netgate, Proftpd, Libssh2, Vandyke, Openbsd, Redhat, Tinyssh, Gentoo, Freebsd, Apple, Dropbear Ssh Project, Tera Term Project, Crates, Filezilla-Project |
Products Impacted: Jsch, Asyncssh, Lanconfig, Sftpgo, Openshift Container Platform, Pfsense Plus, Storage, Sftp Gateway Firmware, Cyclone Ssh, Powershell, Nova, Net-Ssh, Sshj, Lcos Lx, Security, Dropbear Ssh, Macos, Ssh Client, Paramiko, Openshift Developer Tools And Services, Erlang\/otp, Ceph Storage, Keycloak, Openshift Data Foundation, Crushftp, Thrussh, Debian Linux, Sshlib, Russh, Openssh, Openshift Gitops, Crypto, Openshift Serverless, Enterprise Linux, Putty, Libssh, Cert-Manager Operator For Red Hat Openshift, Openshift Api For Data Protection, Ssh, Pkixssh, Lcos, Single Sign-On, Xshell 7, Filezilla Client, Winscp, Proftpd, Tera Term, Libssh2, Openshift Dev Spaces, Discovery, Maverick Synergy Java Ssh Api, Openshift Pipelines, Tinyssh, Pfsense Ce, Openstack Platform, Securecrt, Openshift Virtualization, Freebsd, Kitty, Sshd, Lcos Fx, Transmit 5, Ssh Server, Ssh2, Advanced Cluster Security, Lcos Sx, Jboss Enterprise Application Platform |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-39366 |
MEDIUM CVSS 4.80 EPSS Score 0.06 EPSS Percentile 20.95 |
Remote Code Execution |
Published: Sept. 5, 2023 |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app.
CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http:// |
Vendors Impacted: Cacti, Fedoraproject |
Products Impacted: Cacti, Fedora |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-7102 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 8.14 |
Remote Code Execution |
Published: Dec. 24, 2023 |
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. |
Headlines |
Back to top ↑ |
CVE-2023-7101 |
CVSS Not Assigned EPSS Score 0.81 EPSS Percentile 79.87 |
CISA Known Exploited |
Published: Dec. 24, 2023 |
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. |
Vendor Impacted: Spreadsheet::parseexcel |
Product Impacted: Spreadsheet::parseexcel |
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.