Snapshot
Sept. 16, 2023 - Sept. 22, 2023
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | HIGH | Trend Micro | Sept. 21, 2023 |
| CVE-2023-28434 | MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. | HIGH | MinIO | Sept. 19, 2023 |
| CVE-2014-8361 | Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | HIGH | Realtek | Sept. 18, 2023 |
| CVE-2021-3129 | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | CRITICAL | Laravel | Sept. 18, 2023 |
| CVE-2022-31462 | Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | HIGH | Owl Labs | Sept. 18, 2023 |
| CVE-2017-6884 | Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | HIGH | Zyxel | Sept. 18, 2023 |
| CVE-2022-22265 | Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. | HIGH | Samsung | Sept. 18, 2023 |
| CVE-2022-31463 | Owl Labs Meeting Owl contains an improper authentication vulnerability that does not require a password for Bluetooth commands, as only client-side authentication is used. | HIGH | Owl Labs | Sept. 18, 2023 |
| CVE-2022-31461 | Owl Labs Meeting Owl contains a missing authentication for critical functions vulnerability that allows an attacker to deactivate the passcode protection mechanism via a certain c 11 message. | MEDIUM | Owl Labs | Sept. 18, 2023 |
| CVE-2022-31459 | Owl Labs Meeting Owl contains an inadequate encryption strength vulnerability that allows an attacker to retrieve the passcode hash via a certain c 10 value over Bluetooth. | MEDIUM | Owl Labs | Sept. 18, 2023 |
Newswires |
||||
|
Spyware Attacks Exploit Recently Patched Apple, Chrome Zero-Days
Security research teams from The Citizen Lab and Google's Threat Analysis Group (TAG) have revealed that three zero-day vulnerabilities recently patched by Apple were exploited to install Cytrox's Predator spyware. |
Sept. 22, 2023 |
|||
|
Emergency Security Update iOS 17.0.1: A Critical Alert for All iPhone Users
Apple has urgently released the iOS 17.0.1 and iPadOS 17.0.1 updates, mere days after the launch of the latest operating system. |
Sept. 21, 2023 |
|||
|
Atlassian Issues Patches for High-Risk Vulnerabilities in Multiple Products
Atlassian, a leading provider of team collaboration and productivity software, has recently rolled out patches to address four high-risk vulnerabilities in its flagship products - Jira, Confluence, Bitbucket, and Bamboo. |
Sept. 21, 2023 |
|||
|
Omron Addresses PLC and Engineering Software Vulnerabilities Uncovered During ICS Malware Investigation
Japanese electronics corporation Omron has recently rectified vulnerabilities in its programmable logic controller (PLC) and engineering software. |
Sept. 21, 2023 |
|||
|
Nagios XI Network Monitoring Software Vulnerabilities Uncovered
Nagios XI, a network and IT infrastructure monitoring solution, has been found to have four vulnerabilities, identified as CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, and CVE-2023-40934. |
Sept. 20, 2023 |
|||
|
VenomRAT Malware Disguised as WinRAR Exploit on GitHub
A malicious actor has been leveraging GitHub to disseminate a phony proof-of-concept (PoC) exploit for a recently patched vulnerability in the WinRAR software, CVE-2023-40477. |
Sept. 20, 2023 |
|||
|
Qatar's Cybersecurity Agency Raises Alarm on Mozilla's RCE Vulnerabilities
Qatar's National Cyber Security Agency has sounded the alarm for users of Adobe products to promptly apply patches due to the revelation of vulnerabilities in Mozilla's Firefox and Thunderbird. |
Sept. 19, 2023 |
|||
|
GitLab Issues Critical Security Updates for Pipeline Vulnerability
GitLab, a widely used web-based open-source software project management and work tracking platform, has issued security updates to address a critical vulnerability. |
Sept. 19, 2023 |
|||
|
Trend Micro Fixes Zero-Day Vulnerability Under Attack in Endpoint Security Products
Trend Micro has rectified a zero-day code execution vulnerability, designated as CVE-2023-41179, in its Apex One product. |
Sept. 19, 2023 |
|||
|
Earth Lusca's Advanced SprySOCKS Linux Backdoor Targets Global Government Entities
A cyber threat group with links to China, known as Earth Lusca, has been discovered attacking government bodies utilizing a new Linux backdoor named SprySOCKS. |
Sept. 19, 2023 |
|||
|
Payment Card-Skimming Campaign Expands to North America
A threat actor fluent in Chinese, who has been skimming credit card details from ecommerce sites and point-of-sale service providers in the Asia/Pacific region for over a year, has started targeting similar entities in North and Latin America. |
Sept. 18, 2023 |
|||
|
Critical Remote Code Execution Flaw Discovered in Thousands of Juniper Devices
Approximately 12,000 Juniper SRX firewalls and EX switches are exposed to an unauthenticated, fileless remote code execution flaw. |
Sept. 18, 2023 |
|||
|
Fortinet Issues Fixes for High-Risk Vulnerabilities in Multiple Products
Fortinet, a major cybersecurity company, has launched patches to fix a severe cross-site scripting (XSS) vulnerability that affects its enterprise-grade firewalls and switches. |
Sept. 18, 2023 |
|||
|
Clop Ransomware Gang Targets Major North Carolina Hospitals
The Clop ransomware group, also known as Lace Tempest, has reportedly stolen personal data from several major hospitals in North Carolina. |
Sept. 17, 2023 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2023-5009 (6) | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting fro... | CRITICAL | Risk Context N/A | |
| CVE-2019-18935 (4) | Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload ... | CRITICAL | Progess |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-4863 (6) | Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds m... | HIGH | Mozilla, Fedoraproject, Debian, Google |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-41064 (5) | A buffer overflow issue was addressed with improved memory handling. | HIGH | Apple |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-41179 (8) | A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One , Worry-Free Business Security and W... | HIGH | Trend Micro, Trendmicro |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2023-3932 (8) | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting fro... | MEDIUM | Risk Context N/A | |
| CVE-2023-36845 (5) | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allo... | MEDIUM | Juniper |
Remote Code Execution Public Exploits Available |
| CVE-2023-41993 (10) | The issue was addressed with improved checks. | N/A | Risk Context N/A | |
| CVE-2023-41992 (10) | The issue was addressed with improved checks. | N/A | Risk Context N/A | |
| CVE-2023-41991 (10) | A certificate validation issue was addressed. | N/A | Risk Context N/A | |
CISA Known Exploited Vulnerabilities
CISA added 10 vulnerabilities to the known exploited vulnerabilities list.
Realtek — SDK |
|
CVE-2014-8361 / Added: Sept. 18, 2023 |
|
HIGH CVSS 10.00 EPSS Score 97.09 EPSS Percentile 99.67 |
|
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. |
|
Headlines
|
Laravel — Ignition |
|
CVE-2021-3129 / Added: Sept. 18, 2023 |
|
CRITICAL CVSS 9.80 EPSS Score 97.52 EPSS Percentile 99.98 |
|
Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). |
|
Headlines |
Owl Labs — Meeting Owl |
|
CVE-2022-31462 / Added: Sept. 18, 2023 |
|
HIGH CVSS 8.80 EPSS Score 0.61 EPSS Percentile 76.08 |
|
Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. |
Zyxel — EMG2926 Routers |
|
CVE-2017-6884 / Added: Sept. 18, 2023 |
|
HIGH CVSS 8.80 EPSS Score 97.38 EPSS Percentile 99.86 |
|
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. |
|
Headlines |
Samsung — Mobile Devices |
|
CVE-2022-22265 / Added: Sept. 18, 2023 |
|
HIGH CVSS 7.80 EPSS Score 0.07 EPSS Percentile 28.68 |
|
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. |
|
Headlines |
Owl Labs — Meeting Owl |
|
CVE-2022-31463 / Added: Sept. 18, 2023 |
|
HIGH CVSS 7.10 EPSS Score 8.09 EPSS Percentile 93.55 |
|
Owl Labs Meeting Owl contains an improper authentication vulnerability that does not require a password for Bluetooth commands, as only client-side authentication is used. |
Owl Labs — Meeting Owl |
|
CVE-2022-31461 / Added: Sept. 18, 2023 |
|
MEDIUM CVSS 6.50 EPSS Score 5.83 EPSS Percentile 92.49 |
|
Owl Labs Meeting Owl contains a missing authentication for critical functions vulnerability that allows an attacker to deactivate the passcode protection mechanism via a certain c 11 message. |
Owl Labs — Meeting Owl |
|
CVE-2022-31459 / Added: Sept. 18, 2023 |
|
MEDIUM CVSS 6.50 EPSS Score 5.10 EPSS Percentile 92.01 |
|
Owl Labs Meeting Owl contains an inadequate encryption strength vulnerability that allows an attacker to retrieve the passcode hash via a certain c 10 value over Bluetooth. |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-5009 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 7.18 |
|
Risk Context N/A |
|
Published: Sept. 19, 2023 |
|
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2019-18935 |
|
CRITICAL CVSS 9.80 EPSS Score 90.80 EPSS Percentile 98.46 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 11, 2019 |
|
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.) |
|
Vendor Impacted: Progess |
|
Product Impacted: Telerik Ui For Asp.net Ajax |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-4863 |
|
HIGH CVSS 8.80 EPSS Score 21.43 EPSS Percentile 95.83 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Sept. 12, 2023 |
|
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
|
Vendors Impacted: Mozilla, Fedoraproject, Debian, Google |
|
Products Impacted: Chromium Webp, Firefox Esr, Debian Linux, Thunderbird, Firefox, Fedora |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41064 |
|
HIGH CVSS 7.80 EPSS Score 0.33 EPSS Percentile 67.51 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Sept. 7, 2023 |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
|
Vendor Impacted: Apple |
|
Products Impacted: Macos, Ipados, Ios, Ipados, And Macos, Iphone Os |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41179 |
|
HIGH CVSS 7.20 EPSS Score 0.04 EPSS Percentile 7.18 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Sept. 19, 2023 |
|
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. |
|
Vendors Impacted: Trend Micro, Trendmicro |
|
Products Impacted: Apex One, Apex One And Worry-Free Business Security, Worry-Free Business Security Service, Worry-Free Business Security |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-3932 |
|
MEDIUM CVSS 6.50 EPSS Score 0.07 EPSS Percentile 27.74 |
|
Risk Context N/A |
|
Published: Aug. 3, 2023 |
|
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-36845 |
|
MEDIUM CVSS 5.30 EPSS Score 0.05 EPSS Percentile 14.18 |
|
Remote Code Execution Public Exploits Available |
|
Published: Aug. 17, 2023 |
|
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. |
|
Vendor Impacted: Juniper |
|
Products Impacted: Ex8208, Srx550 Hm, Ex4550, Ex4300-32f-S, Srx1500, Ex4300-24t, Ex4300-48t-Dc, Ex4300m, Ex3400, Ex4300-48t, Ex4300-24t-S, Ex2300-24p, Ex4300-Vc, Srx4000, Ex4400, Ex4300-48t-S, Srx210, Srx240, Ex4300-48tafi, Ex4600-Vc, Ex4300-48t-Afi, Junos, Srx5000, Srx650, Srx340, Srx5400, Ex4300-48tdc-Afi, Ex6200, Ex6210, Ex4300-48tdc, Srx220, Srx5800, Ex8216, Ex4550\/vc, Srx110, Ex4300-24p-S, Srx4100, Ex9200, Srx380, Srx550, Srx100, Ex4550-Vc, Ex2300-24mp, Ex4200, Ex4200-Vc, Ex3300-Vc, Srx550m, Ex2300, Srx3400, Ex9208, Ex4300-Mp, Srx240m, Ex2200-C, Ex4300-48p, Ex2200, Ex3200, Ex2200-Vc, Ex8200, Ex4300-48mp, Ex2300-C, Srx4600, Ex2300-24t, Srx3600, Ex3300, Ex4600, Srx345, Srx1400, Ex9251, Ex2300-48t, Srx4200, Srx320, Ex2300-48mp, Ex4300-32f-Dc, Srx300, Ex4500, Ex4500-Vc, Ex8200-Vc, Srx5600, Ex4300-24p, Ex4650, Srx240h2, Ex9204, Ex4300, Ex2300m, Ex2300-48p, Ex4300-32f, Ex4300-48p-S, Ex4300-48mp-S, Ex9214, Ex9250, Ex9253, Ex4300-48t-Dc-Afi |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41993 |
|
CVSS Not Assigned |
|
Risk Context N/A |
|
Published: Sept. 21, 2023 |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41992 |
|
CVSS Not Assigned |
|
Risk Context N/A |
|
Published: Sept. 21, 2023 |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41991 |
|
CVSS Not Assigned |
|
Risk Context N/A |
|
Published: Sept. 21, 2023 |
|
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Automate Vulnerability Management
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
