Snapshot
Nov. 11, 2023 - Nov. 17, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-1671 | Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. | CRITICAL | Sophos | Nov. 16, 2023 |
CVE-2020-2551 | Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server. | CRITICAL | Oracle | Nov. 16, 2023 |
CVE-2023-36584 | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | MEDIUM | Microsoft | Nov. 16, 2023 |
CVE-2023-36025 | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | HIGH | Microsoft | Nov. 14, 2023 |
CVE-2023-36033 | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | HIGH | Microsoft | Nov. 14, 2023 |
CVE-2023-36036 | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | HIGH | Microsoft | Nov. 14, 2023 |
CVE-2023-47246 | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | CRITICAL | SysAid | Nov. 13, 2023 |
CVE-2023-36845 | Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code. | CRITICAL | Juniper | Nov. 13, 2023 |
CVE-2023-36847 | Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | MEDIUM | Juniper | Nov. 13, 2023 |
CVE-2023-36851 | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | MEDIUM | Juniper | Nov. 13, 2023 |
CVE-2023-36846 | Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | MEDIUM | Juniper | Nov. 13, 2023 |
CVE-2023-36844 | Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities. | MEDIUM | Juniper | Nov. 13, 2023 |
Newswires |
||||
Yamaha Motor Philippines Hit by Ransomware Attack: Employee Data Leaked
Yamaha Motor Philippines, Inc. (YMPH), a motorcycle manufacturing and sales subsidiary of Yamaha Motor, was targeted in a ransomware attack in October. |
Nov. 17, 2023 |
|||
CISA Issues Warning over Exploitation of Sophos Web Appliance Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included security vulnerabilities in Sophos, Oracle, and Microsoft products in its Known Exploited Vulnerabilities (KEV) catalog. |
Nov. 17, 2023 |
|||
Critical OS Command Injection Vulnerability Discovered in Fortinet's FortiSIEM
Fortinet has issued a warning to its customers about a critical OS command injection vulnerability identified as CVE-2023-36553 in its FortiSIEM report server. |
Nov. 17, 2023 |
|||
Stealthy EDR Bypass Enabled by Dangerous Apache ActiveMQ Exploit
A recently developed proof-of-concept (PoC) exploit is taking advantage of a critical security vulnerability (CVE-2023-46604) in Apache ActiveMQ, an open-source message broker. |
Nov. 16, 2023 |
|||
Global Government Data Breaches: Multiple APTs Exploit Zimbra Zero-Day
The Zimbra Collaboration Suite (ZCS), a platform offering email server, calendaring, chat, and video services, has been targeted by at least four different cyber-attack groups, exploiting a previously unknown vulnerability to steal email data, user credentials, and authentication tokens from various government organizations worldwide. |
Nov. 16, 2023 |
|||
DarkCasino: A New APT Threat Leveraging WinRAR Vulnerability
A new advanced persistent threat (APT) group, known as DarkCasino, has been discovered exploiting a recently uncovered security flaw in the WinRAR software. |
Nov. 16, 2023 |
|||
Citrix Hypervisor Receives Fixes for 'Reptar' Intel CPU Vulnerability
Citrix has launched hotfixes for a pair of vulnerabilities affecting the Citrix Hypervisor, including a high-severity flaw, dubbed 'Reptar', that impacts Intel CPUs used in desktop and server systems. |
Nov. 15, 2023 |
|||
FBI and CISA Issue Alert on Rhysida Ransomware Attacks
The FBI and CISA have issued an advisory warning of the Rhysida ransomware gang's opportunistic attacks on organizations across multiple sectors. |
Nov. 15, 2023 |
|||
Critical Unpatched Authentication Bypass Vulnerability Affects VMWare's Cloud Director Appliance
VMWare has reported a critical and yet unpatched authentication bypass vulnerability that affects Cloud Director appliance deployments. |
Nov. 14, 2023 |
|||
Microsoft's November 2023 Patch Tuesday Addresses 58 Flaws Including 5 Zero-Days
Microsoft has released its November 2023 Patch Tuesday updates, which include patches for 58 vulnerabilities, five of which are zero-day flaws. |
Nov. 14, 2023 |
|||
Microsoft Patches Critical Azure CLI Vulnerability Leaking Credentials
Microsoft has rectified a severe security issue in Azure CLI that risked exposing credentials in logs. |
Nov. 14, 2023 |
|||
CISA Adds Five Juniper Vulnerabilities to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities catalog with the addition of six new vulnerabilities. |
Nov. 13, 2023 |
|||
LockBit Ransomware Group Leaks Boeing's Data After Ransom Refusal
The LockBit ransomware group has released data stolen from Boeing, a major player in the aerospace industry that caters to both commercial aviation and defense systems. |
Nov. 12, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-36397 (8) | Windows Pragmatic General Multicast Remote Code Execution Vulnerability | CRITICAL |
Remote Code Execution |
|
CVE-2023-28771 (7) | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions ... | CRITICAL | Zyxel |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-23583 (10) | Sequence of processor instructions leads to unexpected behavior for some Intel Processors may allow an authenticated user to ... | HIGH |
Actively Exploited Remote Code Execution |
|
CVE-2023-36025 (10) | Windows SmartScreen Security Feature Bypass Vulnerability | HIGH | Microsoft |
CISA Known Exploited Public Exploits Available |
CVE-2023-36052 (6) | Azure CLI REST Command Information Disclosure Vulnerability | HIGH | Risk Context N/A | |
CVE-2023-36036 (11) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited |
CVE-2023-36033 (11) | Windows DWM Core Library Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited |
CVE-2023-37580 (6) | Zimbra Collaboration 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | MEDIUM | Zimbra |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2023-20592 (7) | Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to... | N/A |
Actively Exploited Remote Code Execution |
|
CVE-2023-34060 (6) | VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was u... | N/A | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added 12 vulnerabilities to the known exploited vulnerabilities list.
Sophos — Web Appliance |
CVE-2023-1671 / Added: Nov. 16, 2023 |
CRITICAL CVSS 9.80 EPSS Score 94.67 EPSS Percentile 99.05 |
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. |
Headlines
|
Oracle — Fusion Middleware |
CVE-2020-2551 / Added: Nov. 16, 2023 |
CRITICAL CVSS 9.80 EPSS Score 97.50 EPSS Percentile 99.98 |
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server. |
Headlines |
Microsoft — Windows |
CVE-2023-36584 / Added: Nov. 16, 2023 |
MEDIUM CVSS 5.40 EPSS Score 0.15 EPSS Percentile 51.65 |
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. |
Headlines
|
Juniper — Junos OS |
CVE-2023-36851 / Added: Nov. 13, 2023 |
MEDIUM CVSS 5.30 EPSS Score 0.44 EPSS Percentile 71.86 |
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-36397 |
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 12.89 |
Remote Code Execution |
Published: Nov. 14, 2023 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-28771 |
CRITICAL CVSS 9.80 EPSS Score 91.86 EPSS Percentile 98.65 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 25, 2023 |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. |
Vendor Impacted: Zyxel |
Products Impacted: Usg Flex 50 Firmware, Atp200 Firmware, Usg Flex 50w, Atp700 Firmware, Usg Flex 700, Atp500, Zywall Usg 100, Usg Flex 500 Firmware, Atp800 Firmware, Usg Flex 100, Zywall Usg 310 Firmware, Atp700, Vpn1000 Firmware, Atp100 Firmware, Vpn100, Vpn50 Firmware, Vpn50, Zywall Usg 100 Firmware, Usg Flex 200 Firmware, Usg Flex 100w, Usg Flex 200, Atp500 Firmware, Atp800, Vpn100 Firmware, Usg Flex 500, Vpn1000, Usg Flex 700 Firmware, Atp100, Vpn300, Usg Flex 50w Firmware, Multiple Firewalls, Atp100w, Atp200, Usg Flex 100w Firmware, Usg Flex 100 Firmware, Usg Flex 50, Zywall Usg 310, Vpn300 Firmware, Atp100w Firmware |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-23583 |
HIGH CVSS 8.80 EPSS Score 0.04 EPSS Percentile 11.05 |
Actively Exploited Remote Code Execution |
Published: Nov. 14, 2023 |
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36025 |
HIGH CVSS 8.80 EPSS Score 1.70 EPSS Percentile 86.32 |
CISA Known Exploited Public Exploits Available |
Published: Nov. 14, 2023 |
Windows SmartScreen Security Feature Bypass Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Windows |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36052 |
HIGH CVSS 8.60 EPSS Score 0.04 EPSS Percentile 7.34 |
Risk Context N/A |
Published: Nov. 14, 2023 |
Azure CLI REST Command Information Disclosure Vulnerability |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36036 |
HIGH CVSS 7.80 EPSS Score 1.18 EPSS Percentile 83.44 |
CISA Known Exploited |
Published: Nov. 14, 2023 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Windows |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36033 |
HIGH CVSS 7.80 EPSS Score 1.18 EPSS Percentile 83.44 |
CISA Known Exploited |
Published: Nov. 14, 2023 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Product Impacted: Windows |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-37580 |
MEDIUM CVSS 6.10 EPSS Score 20.90 EPSS Percentile 95.91 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: July 31, 2023 |
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. |
Vendor Impacted: Zimbra |
Products Impacted: Zimbra, Collaboration (Zcs) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20592 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 7.34 |
Actively Exploited Remote Code Execution |
Published: Nov. 14, 2023 |
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-34060 |
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 12.96 |
Risk Context N/A |
Published: Nov. 14, 2023 |
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5). |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.