Snapshot
June 3, 2023 - June 9, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-3079 | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | June 7, 2023 | |
CVE-2023-33009 | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. | CRITICAL | Zyxel | June 5, 2023 |
CVE-2023-33010 | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. | CRITICAL | Zyxel | June 5, 2023 |
Newswires |
||||
Clop Ransomware Exploiting MOVEit Zero-Day Since 2021
Kroll security experts have discovered that the Clop ransomware gang has been seeking ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021. |
June 8, 2023 |
|||
Windows Win32k Bug PoC Released: Actively Exploited Vulnerability
A proof-of-concept (PoC) exploit has been made public for a Windows local privilege escalation vulnerability that has been actively exploited. |
June 8, 2023 |
|||
Critical Vulnerability in Cisco Enterprise Solutions Patched
Cisco has announced the release of patches for a critical-severity vulnerability found in its Expressway series and TelePresence Video Communication Server (VCS) enterprise collaboration and video communication solutions. |
June 8, 2023 |
|||
Barracuda Urges Immediate Replacement of Hacked ESG Appliances
Email and network security company Barracuda is urging customers to immediately replace their hacked Email Security Gateway (ESG) appliances, which were targeted in attacks exploiting a now-patched zero-day vulnerability. |
June 7, 2023 |
|||
Cisco Addresses High-Severity Bug in Secure Client Software
Cisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as AnyConnect Secure Mobility Client) software. |
June 7, 2023 |
|||
VMware Patches Critical Vulnerability in vRealize Network Analytics Tool
VMware has issued multiple security patches to address critical and high-severity vulnerabilities in its network visibility and analytics tool, VMware Aria Operations for Networks, formerly known as vRealize Network Insight (vRNI). |
June 7, 2023 |
|||
Android Update Addresses Mali GPU Bug Exploited as Zero-Day
Google has recently rolled out its monthly security update for the Android platform, which includes fixes for a total of 56 vulnerabilities. |
June 6, 2023 |
|||
Major Companies Affected by MOVEit Zero-Day Attack
Numerous prominent organizations have reported being affected by the recent MOVEit Transfer zero-day attack, with well-known companies such as BBC, British Airways, and Zellis among the victims. |
June 6, 2023 |
|||
Google Addresses Third Chrome Zero-Day Exploit in 2023
Google has issued a security update for its Chrome web browser, addressing the third zero-day vulnerability that has been exploited in 2023. |
June 6, 2023 |
|||
KeePass v2.54 Update Addresses Master Password Leakage Bug
KeePass has recently launched version 2.54, which addresses the CVE-2023-3278 vulnerability. |
June 5, 2023 |
|||
Clop Ransomware Gang Linked to MOVEit Data-Theft Attacks by Microsoft
Microsoft has recently attributed the exploitation of the CVE-2023-34362 zero-day vulnerability in the MOVEit Transfer platform to the Clop ransomware gang, also known as Lace Tempest. |
June 5, 2023 |
|||
Zyxel Encourages Firmware Updates to Protect Firewalls from Exploited Vulnerabilities
Zyxel, a networking device manufacturer based in Taiwan, is strongly advising customers to update the firmware of their ATP, USG Flex, VPN, and ZyWALL/USG firewall devices. |
June 5, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-2868 (13) | A remote command injection vulnerability exists in the Barracuda Email Security Gateway product effecting versions 5.1.3.001... | CRITICAL | Barracuda, Barracuda Networks |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-28771 (6) | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions ... | CRITICAL | Zyxel |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-33009 (5) | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1,... | CRITICAL | Zyxel |
CISA Known Exploited Remote Code Execution |
CVE-2022-22706 (6) | Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. | HIGH | Arm |
CISA Known Exploited Actively Exploited |
CVE-2023-32784 (5) | In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace... | HIGH |
Actively Exploited Remote Code Execution Public Exploits Available |
|
CVE-2023-34362 (27) | In Progress MOVEit Transfer before 2021.0.6 , 2021.1.4 , 2022.0.4 , 2022.1.5 , and 2023.0.1 , a SQL injection vulnerability h... | N/A | Progress |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-3079 (14) | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruptio... | N/A |
CISA Known Exploited Actively Exploited Remote Code Execution |
|
CVE-2023-20889 (6) | Aria Operations for Networks contains an information disclosure vulnerability. | N/A | Risk Context N/A | |
CVE-2023-20888 (6) | Aria Operations for Networks contains an authenticated deserialization vulnerability. | N/A |
Remote Code Execution |
|
CVE-2023-20887 (6) | Aria Operations for Networks contains a command injection vulnerability. | N/A |
Remote Code Execution |
CISA Known Exploited Vulnerabilities
CISA added three vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-2868 |
CRITICAL CVSS 9.80 EPSS Score 1.64 EPSS Percentile 85.71 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: May 24, 2023 |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. |
Vendors Impacted: Barracuda, Barracuda Networks |
Products Impacted: Email Security Gateway 600 Firmware, Email Security Gateway 900, Email Security Gateway 900 Firmware, Email Security Gateway 300 Firmware, Email Security Gateway 400 Firmware, Email Security Gateway 600, Email Security Gateway 400, Email Security Gateway 300, Email Security Gateway (Esg) Appliance, Email Security Gateway 800, Email Security Gateway 800 Firmware |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-28771 |
CRITICAL CVSS 9.80 EPSS Score 19.67 EPSS Percentile 95.57 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 25, 2023 |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. |
Vendor Impacted: Zyxel |
Products Impacted: Zywall Usg 310, Zywall Usg 100 Firmware, Zywall Usg 310 Firmware, Multiple Firewalls |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-33009 |
CRITICAL CVSS 9.80 EPSS Score 2.08 EPSS Percentile 87.46 |
CISA Known Exploited Remote Code Execution |
Published: May 24, 2023 |
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. |
Vendor Impacted: Zyxel |
Products Impacted: Usg Flex 700 Firmware, Vpn100 Firmware, Atp700 Firmware, Atp100w Firmware, Usg 60w Firmware, Atp100 Firmware, Atp800 Firmware, Vpn1000 Firmware, Vpn50 Firmware, Atp500 Firmware, Usg Flex 50w Firmware, Usg 60 Firmware, Usg Flex 100w Firmware, Atp200 Firmware, Usg Flex 100 Firmware, Usg 20w-Vpn Firmware, Multiple Firewalls, Usg 40w Firmware, Usg Flex 50 Firmware, Usg Flex 200 Firmware, Usg Flex 500 Firmware, Usg20-Vpn Firmware, Usg 40 Firmware, Vpn300 Firmware |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-22706 |
HIGH CVSS 7.80 EPSS Score 79.95 EPSS Percentile 97.80 |
CISA Known Exploited Actively Exploited |
Published: March 3, 2022 |
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0. |
Vendor Impacted: Arm |
Products Impacted: Midgard, Bifrost, Valhall, Mali Graphics Processing Unit (Gpu) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-32784 |
HIGH CVSS 7.50 EPSS Score 0.07 EPSS Percentile 26.45 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: May 15, 2023 |
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-34362 |
CVSS Not Assigned EPSS Score 1.85 EPSS Percentile 86.64 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: June 2, 2023 |
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. |
Vendor Impacted: Progress |
Product Impacted: Moveit Transfer |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-3079 |
CVSS Not Assigned EPSS Score 0.17 EPSS Percentile 53.25 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: June 5, 2023 |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Vendor Impacted: Google |
Product Impacted: Chromium V8 Engine |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20889 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 7.00 |
Risk Context N/A |
Published: June 7, 2023 |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20888 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 12.50 |
Remote Code Execution |
Published: June 7, 2023 |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20887 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 12.50 |
Remote Code Execution |
Published: June 7, 2023 |
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.